diff --git a/clan/flake-module.nix b/clan/flake-module.nix new file mode 100644 index 0000000..16a10f4 --- /dev/null +++ b/clan/flake-module.nix @@ -0,0 +1,43 @@ +{ + lib, + inputs, + ... +}: { + imports = [ + ./machines.nix + ./tags.nix + ./instances.nix + ]; + + clan = { + meta = { + name = "arda"; + domain = "arda"; + description = "My personal machines at home"; + }; + + directory = ../.; + + specialArgs = { + ardaLib = { + types = + ./types + |> (inputs.import-tree.withLib lib).leafs + |> lib.map (mod: { + name = mod |> lib.baseNameOf |> lib.splitString "." |> lib.head; + value = lib.types.submoduleWith {modules = [mod];}; + }) + |> lib.listToAttrs; + }; + }; + + exportInterfaces = + ./interfaces + |> (inputs.import-tree.withLib lib).leafs + |> lib.map (mod: { + name = mod |> lib.baseNameOf |> lib.splitString "." |> lib.head; + value = import mod; + }) + |> lib.listToAttrs; + }; +} diff --git a/clan.nix b/clan/instances.nix similarity index 72% rename from clan.nix rename to clan/instances.nix index 1b02304..57d06f6 100644 --- a/clan.nix +++ b/clan/instances.nix @@ -1,103 +1,19 @@ { - meta = { - name = "arda"; - domain = "arda"; - description = "My personal machines at home"; - }; - - directory = ./.; - - exportInterfaces = { - persistence = import ./interfaces/persistence.nix; - gateway = import ./interfaces/gateway.nix; - }; - - inventory.machines = { - aule = { - name = "aule"; - description = "Planned build server."; - machineClass = "nixos"; - tags = []; - }; - mandos = { - name = "mandos"; - description = "Living room Steam box."; - machineClass = "nixos"; - tags = [ - "capability:mobility:stationary" - "operational:availability:wake-on-demand" - ]; - }; - manwe = { - name = "manwe"; - description = "Main desktop."; - machineClass = "nixos"; - tags = [ - "capability:mobility:stationary" - "operational:availability:manual" - ]; - }; - melkor = { - name = "melkor"; - description = "Planned machine with no defined role yet."; - machineClass = "nixos"; - tags = []; - }; - orome = { - name = "orome"; - description = "Work laptop."; - machineClass = "nixos"; - tags = [ - "capability:mobility:portable" - "operational:availability:manual" - ]; - }; - tulkas = { - name = "tulkas"; - description = "Steam Deck."; - machineClass = "nixos"; - tags = [ - "capability:mobility:portable" - "operational:availability:manual" - ]; - }; - ulmo = { - name = "ulmo"; - description = "Primary self-hosted services machine."; - machineClass = "nixos"; - tags = [ - "capability:mobility:stationary" - "operational:availability:always-on" - "operational:storage:large" - "operational:role:gateway" - ]; - }; - varda = { - name = "varda"; - description = "Planned machine with no defined role yet."; - machineClass = "nixos"; - tags = []; - }; - yavanna = { - name = "yavanna"; - description = "Planned machine with no defined role yet."; - machineClass = "nixos"; - tags = []; - }; - }; - - inventory.tags = { - config, - machines, - ... - }: { - # tag_name = [ "list" "of" "machines" ] - "capability:hardware:gpu" = [""]; - "capability:hardware:audio" = [""]; - "capability:hardware:bluetooth" = [""]; - }; - - inventory.instances = { + self, + inputs, + ... +}: let + db = + self.clan.exports + |> inputs.clan-core.lib.getExport { + serviceName = "arda/persistence"; + roleName = "default"; + machineName = "ulmo"; + instanceName = "persistence"; + } + |> (v: v.persistence.driver.${v.persistence.main}); +in { + clan.inventory.instances = { users-chris = { module = { name = "users"; @@ -137,6 +53,12 @@ settings = { driver = "caddy"; + + hosts = { + "auth.kruining.eu" = '' + reverse_proxy h2c://[::1]:9092 + ''; + }; }; }; }; @@ -147,7 +69,6 @@ input = "self"; }; - # TODO :: Convert to use tags instead roles.default.tags = ["operational:availability:always-on" "operational:storage:large"]; }; @@ -161,7 +82,7 @@ tags = ["operational:availability:always-on"]; settings = { - persistence_instance = "persistence"; + database = db; organization = { nix = { @@ -305,8 +226,7 @@ settings = { enable = true; - - persistence_instance = "persistence"; + database = db; services = { sonarr = { diff --git a/interfaces/gateway.nix b/clan/interfaces/gateway.nix similarity index 58% rename from interfaces/gateway.nix rename to clan/interfaces/gateway.nix index 5dcdce9..8353ae6 100644 --- a/interfaces/gateway.nix +++ b/clan/interfaces/gateway.nix @@ -10,19 +10,26 @@ in { default = name; }; - protocol = mkOption { - type = types.str; - default = "http"; + endpoint = mkOption { + type = types.submoduleWith { + modules = [../types/endpoint.nix]; + }; + default = name; }; - host = mkOption { - type = types.str; - default = "[::1]"; - }; + # protocol = mkOption { + # type = types.str; + # default = "http"; + # }; - port = mkOption { - type = types.port; - }; + # host = mkOption { + # type = types.str; + # default = "[::1]"; + # }; + + # port = mkOption { + # type = types.port; + # }; }; })); default = {}; diff --git a/interfaces/persistence.nix b/clan/interfaces/persistence.nix similarity index 71% rename from interfaces/persistence.nix rename to clan/interfaces/persistence.nix index 0d0841d..878d4c5 100644 --- a/interfaces/persistence.nix +++ b/clan/interfaces/persistence.nix @@ -8,7 +8,11 @@ in { }; driver = mkOption { - type = types.attrsOf types.anything; + type = types.attrsOf (types.submoduleWith { + modules = [ + ../types/endpoint.nix + ]; + }); default = {}; }; diff --git a/clan/machines.nix b/clan/machines.nix new file mode 100644 index 0000000..f838aeb --- /dev/null +++ b/clan/machines.nix @@ -0,0 +1,75 @@ +{...}: { + clan.inventory.machines = { + aule = { + name = "aule"; + description = "Planned build server."; + machineClass = "nixos"; + tags = []; + }; + mandos = { + name = "mandos"; + description = "Living room Steam box."; + machineClass = "nixos"; + tags = [ + "capability:mobility:stationary" + "operational:availability:wake-on-demand" + ]; + }; + manwe = { + name = "manwe"; + description = "Main desktop."; + machineClass = "nixos"; + tags = [ + "capability:mobility:stationary" + "operational:availability:manual" + ]; + }; + melkor = { + name = "melkor"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + orome = { + name = "orome"; + description = "Work laptop."; + machineClass = "nixos"; + tags = [ + "capability:mobility:portable" + "operational:availability:manual" + ]; + }; + tulkas = { + name = "tulkas"; + description = "Steam Deck."; + machineClass = "nixos"; + tags = [ + "capability:mobility:portable" + "operational:availability:manual" + ]; + }; + ulmo = { + name = "ulmo"; + description = "Primary self-hosted services machine."; + machineClass = "nixos"; + tags = [ + "capability:mobility:stationary" + "operational:availability:always-on" + "operational:storage:large" + "operational:role:gateway" + ]; + }; + varda = { + name = "varda"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + yavanna = { + name = "yavanna"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + }; +} diff --git a/clan/tags.nix b/clan/tags.nix new file mode 100644 index 0000000..1c5256c --- /dev/null +++ b/clan/tags.nix @@ -0,0 +1,12 @@ +{...}: { + clan.inventory.tags = { + config, + machines, + ... + }: { + # tag_name = [ "list" "of" "machines" ] + "capability:hardware:gpu" = [""]; + "capability:hardware:audio" = [""]; + "capability:hardware:bluetooth" = [""]; + }; +} diff --git a/clan/types/endpoint.nix b/clan/types/endpoint.nix new file mode 100644 index 0000000..a3f82ae --- /dev/null +++ b/clan/types/endpoint.nix @@ -0,0 +1,44 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + options = { + host = mkOption { + type = types.str; + default = "localhost"; + }; + + port = mkOption { + type = types.port; + }; + + protocol = mkOption { + type = types.nullOr types.str; + default = null; + }; + + user = mkOption { + type = types.nullOr types.str; + default = null; + }; + + password = mkOption { + type = types.nullOr types.str; + default = null; + }; + + path = mkOption { + type = types.nullOr types.str; + default = null; + }; + + query = mkOption { + type = types.nullOr (types.attrsOf types.str); + default = null; + }; + + hash = mkOption { + type = types.nullOr (types.attrsOf types.str); + default = null; + }; + }; +} diff --git a/clanServices/identity/default.nix b/clanServices/identity/default.nix index 7def487..caaf194 100644 --- a/clanServices/identity/default.nix +++ b/clanServices/identity/default.nix @@ -14,7 +14,7 @@ in { readme = builtins.readFile ./README.md; exports = { inputs = ["persistence"]; - out = ["gateway"]; + out = ["gateway" "persistence"]; }; }; @@ -30,8 +30,8 @@ in { default = "zitadel"; }; - persistence_instance = mkOption { - type = types.str; + database = mkOption { + type = types.anything; #ardaLib.types.endpoint; }; port = mkOption { @@ -345,7 +345,19 @@ in { |> (v: v.persistence.driver.postgresql); in { exports = mkExports { - gateway.services.identity = {port = settings.port;}; + gateway = { + services.identity = {endpoint.port = settings.port;}; + functions.auth = { + body = '' + forward_auth h2c://[::1]:${toString settings.port} { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } + ''; + }; + }; + + persistence.databases = ["zitadel"]; }; nixosModule = { @@ -423,8 +435,8 @@ in { }; Database.postgres = { - Host = database.host; - Port = database.port; + Host = settings.database.host; + Port = settings.database.port; Databae = "zitadel"; User = { Username = "zitadel"; @@ -434,12 +446,12 @@ in { }; }; }; - + steps = { InstanceName = "eu"; - + MachineKeyPath = "/var/lib/zitadel/machine-key.json"; - } + }; }; }) ]; diff --git a/clanServices/peristence/default.nix b/clanServices/peristence/default.nix index 9150e75..a06e73a 100644 --- a/clanServices/peristence/default.nix +++ b/clanServices/peristence/default.nix @@ -52,7 +52,6 @@ in { driver.postgresql = { host = "localhost"; port = settings.port; - databases = requested_databases; }; }; }; diff --git a/clanServices/servarr/default.nix b/clanServices/servarr/default.nix index 634d4f6..e86bf2e 100644 --- a/clanServices/servarr/default.nix +++ b/clanServices/servarr/default.nix @@ -27,8 +27,8 @@ in { options = { enable = mkEnableOption "Enable configured *arr services"; - persistence_instance = mkOption { - type = types.str; + database = mkOption { + type = types.anything; #ardaLib.types.endpoint; }; services = mkOption { @@ -77,7 +77,7 @@ in { |> lib.imap1 (i: name: { inherit name; value = { - port = 2000 + i; + endpoint.port = 2000 + i; }; }) |> lib.listToAttrs; diff --git a/flake.nix b/flake.nix index 7f59c27..272314a 100644 --- a/flake.nix +++ b/flake.nix @@ -103,12 +103,12 @@ }: flake-parts.lib.mkFlake {inherit inputs;} { systems = import systems; - clan = import ./clan.nix; imports = with inputs; [ flake-parts.flakeModules.modules clan-core.flakeModules.default home-manager.flakeModules.default + ./clan/flake-module.nix ./packages/flake-module.nix ./clanServices/flake-module.nix ]; diff --git a/machines/default.nix b/machines/default.nix deleted file mode 100644 index 37086fa..0000000 --- a/machines/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{baseNixosModules, lib, sharedContext, ...}: { - clan = - (import ../clan.nix { - inherit baseNixosModules lib; - }) - // { - specialArgs = sharedContext; - }; -}