nezia/flocon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

treewide: config/nixos/services -> modules/nix/services

Browse source 
Moved every service in their own module, and conditionally enable them
based on profiles.
This commit is contained in:
Anthony Rodriguez 2025-01-14 15:10:49 +01:00
parent 7aadc0c8fe
commit 2b77ac239e
Signed by: nezia
GPG key ID: EE3BE97C040A86CE
40 changed files with 488 additions and 427 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config/nixos/default.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./services
];
}

3
config/nixos/services/brightness.nix
View file

@ -1,3 +0,0 @@
{
hardware.brillo.enable = true;
}

9
config/nixos/services/default.nix
View file

@ -1,9 +0,0 @@
{pkgs, ...}: {
imports = [
./docker.nix
./gnupg.nix
./pipewire.nix
./kmscon.nix
];
services.udev.packages = [pkgs.segger-jlink];
}

8
config/nixos/services/docker.nix
View file

@ -1,8 +0,0 @@
{pkgs, ...}: {
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
environment.systemPackages = [pkgs.distrobox];
}

12
config/nixos/services/documentation.nix
View file

@ -1,12 +0,0 @@
_: {
documentation = {
enable = true;
man = {
enable = true;
man-db.enable = false;
mandoc.enable = true;
generateCaches = true;
};
};
}

3
config/nixos/services/flatpak.nix
View file

@ -1,3 +0,0 @@
_: {
services.flatpak.enable = true;
}

91
config/nixos/services/forgejo.nix
View file

@ -1,91 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkAfter removePrefix removeSuffix;
srv = config.services.forgejo.settings.server;
# https://github.com/isabelroses/dotfiles/blob/06f8f70914c8e672541a52563ee624ce2e62adfb/modules/nixos/services/selfhosted/forgejo.nix#L19-L23
theme = pkgs.fetchzip {
url = "https://github.com/catppuccin/gitea/releases/download/v1.0.1/catppuccin-gitea.tar.gz";
sha256 = "et5luA3SI7iOcEIQ3CVIu0+eiLs8C/8mOitYlWQa/uI=";
stripRoot = false;
};
in {
services = {
forgejo = {
enable = true;
package = pkgs.forgejo;
lfs.enable = true;
database.type = "postgres";
dump = {
enable = true;
type = "tar.xz";
};
settings = {
server = {
DOMAIN = "git.nezia.dev";
HTTP_PORT = 1849;
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_ADDR = "localhost";
};
service = {
DISABLE_REGISTRATION = true;
};
federation = {
ENABLED = true;
};
ui = {
DEFAULT_THEME = "catppuccin-mocha-lavender";
THEMES = builtins.concatStringsSep "," (
["auto,forgejo-auto,forgejo-dark,forgejo-light,arc-gree,gitea"]
++ (map (name: removePrefix "theme-" (removeSuffix ".css" name)) (
builtins.attrNames (builtins.readDir theme)
))
);
};
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
};
};
};
caddy = {
enable = true;
virtualHosts."git.nezia.dev".extraConfig = ''
reverse_proxy * localhost:${toString srv.HTTP_PORT}
'';
};
};
# https://github.com/isabelroses/dotfiles/blob/06f8f70914c8e672541a52563ee624ce2e62adfb/modules/nixos/services/selfhosted/forgejo.nix#L59-L71
systemd.services = {
forgejo = {
preStart = let
inherit (config.services.forgejo) stateDir;
in
mkAfter ''
rm -rf ${stateDir}/custom/public/assets
mkdir -p ${stateDir}/custom/public/assets
ln -sf ${theme} ${stateDir}/custom/public/assets/css
'';
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [80 443];
# If you're using nftables (default in newer NixOS)
extraForwardRules = ''
ip6 saddr { ::/0 } accept
'';
};
# Ensure IPv6 is enabled
networking.enableIPv6 = true;
}

12
config/nixos/services/gnome.nix
View file

@ -1,12 +0,0 @@
{pkgs, ...}: {
services = {
# needed for GNOME services outside of GNOME Desktop
dbus.packages = with pkgs; [
gcr
gnome-settings-daemon
];
gnome.gnome-keyring.enable = true;
gvfs.enable = true;
};
}

6
config/nixos/services/gnupg.nix
View file

@ -1,6 +0,0 @@
{
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
}

75
config/nixos/services/greetd.nix
View file

@ -1,75 +0,0 @@
{
config,
inputs,
lib,
pkgs,
...
}:
# thanks https://git.jacekpoz.pl/poz/niksos/src/commit/f8d5e7ccd9c769f7c0b564f10dff419285e75248/modules/services/greetd.nix
let
inherit (lib) getExe getExe';
inherit (inputs.hyprland.packages.${pkgs.stdenv.system}) hyprland;
hyprctl = getExe' hyprland "hyprctl";
Hyprland = getExe' hyprland "Hyprland";
greeter = getExe pkgs.greetd.gtkgreet;
hyprlandConfig =
pkgs.writeText "greetd-hyprland-config"
''
misc {
force_default_wallpaper=0
focus_on_activate=1
}
animations {
enabled=0
first_launch_animation=0
}
workspace=1,default:true,gapsout:0,gapsin:0,border:false,decorate:false
exec-once=[workspace 1;fullscreen;noanim] ${greeter} -l; ${hyprctl} dispatch exit
exec-once=${hyprctl} dispatch focuswindow ${greeter}
'';
in {
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${Hyprland} --config ${hyprlandConfig}";
user = config.local.systemVars.username;
};
};
};
programs.regreet = {
enable = true;
};
security.pam.services = {
greetd.enableGnomeKeyring = true;
login.enableGnomeKeyring = true;
gdm-password.enableGnomeKeyring = true;
greetd.fprintAuth = false;
};
environment.etc."greetd/environments".text = let
environments = [
{
name = "Hyprland";
condition = with config.programs.hyprland; enable && !withUWSM;
}
{
name = "uwsm start -S hyprland-uwsm.desktop";
condition = with config.programs.hyprland; enable && withUWSM;
}
{
name = "sway";
condition = config.programs.sway.enable;
}
];
in
builtins.concatStringsSep "\n" (map (env: env.name) (builtins.filter (env: env.condition) environments));
}

17
config/nixos/services/keyd.nix
View file

@ -1,17 +0,0 @@
{
services = {
keyd = {
enable = true;
keyboards = {
default = {
ids = ["*"];
settings = {
main = {
capslock = "overload(control, esc)";
};
};
};
};
};
};
}

15
config/nixos/services/kmscon.nix
View file

@ -1,15 +0,0 @@
{pkgs, ...}: {
services.kmscon = {
enable = true;
fonts = [
{
name = "0xProto Nerd Font";
package = pkgs.nerd-fonts._0xproto;
}
];
extraConfig = ''
font-size=13
font-dpi=144
'';
};
}

15
config/nixos/services/location.nix
View file

@ -1,15 +0,0 @@
{
location.provider = "geoclue2";
services.geoclue2 = {
enable = true;
geoProviderUrl = "https://beacondb.net/v1/geolocate";
submissionUrl = "https://beacondb.net/v2/geosubmit";
submissionNick = "geoclue";
appConfig.gammastep = {
isAllowed = true;
isSystem = false;
};
};
}

9
config/nixos/services/logind.nix
View file

@ -1,9 +0,0 @@
{
services.logind = {
lidSwitch = "suspend";
extraConfig = ''
HandlePowerKey=ignore
HandlePowerKeyLongPress=poweroff
'';
};
}

6
config/nixos/services/mail.nix
View file

@ -1,6 +0,0 @@
{pkgs, ...}: {
services.protonmail-bridge = {
enable = true;
package = pkgs.protonmail-bridge;
};
}

18
config/nixos/services/pipewire.nix
View file

@ -1,18 +0,0 @@
{inputs, ...}: {
imports = [
inputs.nix-gaming.nixosModules.pipewireLowLatency
];
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
lowLatency.enable = true;
};
};
# rtkit is optional but recommended
security.rtkit.enable = true;
}

8
config/nixos/services/power.nix
View file

@ -1,8 +0,0 @@
{
services = {
power-profiles-daemon.enable = true;
# battery info
upower.enable = true;
};
}

61
config/nixos/services/searx.nix
View file

@ -1,61 +0,0 @@
{
config,
pkgs,
...
}: {
age.secrets.searx-env-file.file = ../../../secrets/searx-env-file.age;
services = {
searx = {
enable = true;
package = pkgs.searxng;
environmentFile = config.age.secrets.searx-env-file.path;
settings = {
search = {
safe_search = 1; # 0 = None, 1 = Moderate, 2 = Strict
autocomplete = "google"; # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
default_lang = "en";
};
server = {
secret_key = "@SEARX_SECRET_KEY@";
port = 8888; # Internal port
bind_address = "localhost"; # Only listen locally
base_url = "https://search.nezia.dev/";
image_proxy = true;
default_http_headers = {
X-Content-Type-Options = "nosniff";
X-XSS-Protection = "1; mode=block";
X-Download-Options = "noopen";
X-Robots-Tag = "noindex, nofollow";
Referrer-Policy = "no-referrer";
};
};
engines = [
{
name = "qwant";
disabled = true;
}
];
};
};
caddy = {
enable = true;
virtualHosts."search.nezia.dev" = {
extraConfig = ''
encode gzip
reverse_proxy localhost:8888 {
header_up Host {host}
header_up X-Real-IP {remote_addr}
header_up X-Forwarded-For {remote_addr}
header_up X-Forwarded-Proto {scheme}
}
'';
};
};
};
# Open required ports
networking.firewall = {
allowedTCPPorts = [80 443]; # For Caddy
};
}

8
config/nixos/services/syncthing.nix
View file

@ -1,8 +0,0 @@
{
services = {
syncthing = {
enable = true;
};
};
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Don't create default ~/Sync folder
}

21
config/nixos/services/website.nix
View file

@ -1,21 +0,0 @@
{
inputs,
pkgs,
...
}: {
services.caddy.enable = true;
services.caddy.virtualHosts = {
"www.nezia.dev" = {
extraConfig = ''
redir https://nezia.dev{uri}
'';
};
"nezia.dev" = {
extraConfig = ''
root * ${inputs."nezia_dev".packages.${pkgs.system}.default}
file_server
encode gzip
'';
};
};
}

26
hosts/default.nix
View file

@ -7,16 +7,10 @@
mkSystem = args: mkSystem = args:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs lib';}; specialArgs = {inherit inputs lib';};
modules = args.modules or []; modules = (args.modules or []) ++ [../modules];
}; };
base = [ base = [
../modules
"${self}/config/nixos"
"${self}/config/nixos/services/documentation.nix"
"${self}/config/nixos/services/location.nix"
({ ({
config, config,
specialArgs, specialArgs,
@ -36,10 +30,6 @@
]; ];
graphical = [ graphical = [
"${self}/config/nixos/services/logind.nix"
"${self}/config/nixos/services/greetd.nix"
"${self}/config/nixos/services/gnome.nix"
({config, ...}: { ({config, ...}: {
home-manager.users.${config.local.systemVars.username}.imports = [ home-manager.users.${config.local.systemVars.username}.imports = [
"${self}/config/home-manager/programs/waybar" "${self}/config/home-manager/programs/waybar"
@ -56,7 +46,6 @@
]; ];
gaming = [ gaming = [
../config/nixos/services/flatpak.nix
({config, ...}: { ({config, ...}: {
home-manager.users.${config.local.systemVars.username}.imports = [ home-manager.users.${config.local.systemVars.username}.imports = [
"${self}/config/home-manager/programs/games" "${self}/config/home-manager/programs/games"
@ -64,12 +53,6 @@
]; ];
}) })
]; ];
laptop = [
"${self}/config/nixos/services/kanata.nix"
"${self}/config/nixos/services/power.nix"
"${self}/config/nixos/services/brightness.nix"
];
in { in {
vamos = mkSystem { vamos = mkSystem {
modules = modules =
@ -78,8 +61,7 @@ in {
inputs.nixos-hardware.nixosModules.framework-13-7040-amd inputs.nixos-hardware.nixosModules.framework-13-7040-amd
] ]
++ base ++ base
++ graphical ++ graphical;
++ laptop;
}; };
solaire = mkSystem { solaire = mkSystem {
@ -95,10 +77,6 @@ in {
anastacia = mkSystem { anastacia = mkSystem {
modules = [ modules = [
./anastacia ./anastacia
"${self}/config/nixos/services/forgejo.nix"
"${self}/config/nixos/services/searx.nix"
"${self}/config/nixos/services/website.nix"
]; ];
}; };
} }

1
modules/nix/default.nix
View file

@ -2,6 +2,7 @@
imports = [ imports = [
./core ./core
./programs ./programs
./services
./style ./style
]; ];
} }

9
modules/nix/services/brightness.nix Normal file
View file

@ -0,0 +1,9 @@
{
lib,
config,
...
}: {
config = lib.mkIf config.local.profiles.laptop.enable {
hardware.brillo.enable = true;
};
}

21
modules/nix/services/default.nix Normal file
View file

@ -0,0 +1,21 @@
{pkgs, ...}: {
imports = [
./brightness.nix
./docker.nix
./documentation.nix
./flatpak.nix
./forgejo.nix
./gnome.nix
./gnupg.nix
./greetd.nix
./kanata.nix
./kmscon.nix
./location.nix
./logind.nix
./pipewire.nix
./power.nix
./searx.nix
./syncthing.nix
./website.nix
];
}

15
modules/nix/services/docker.nix Normal file
View file

@ -0,0 +1,15 @@
{
lib,
pkgs,
config,
...
}: {
config = lib.mkIf config.local.profiles.desktop.enable {
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
environment.systemPackages = [pkgs.distrobox];
};
}

18
modules/nix/services/documentation.nix Normal file
View file

@ -0,0 +1,18 @@
{
lib,
config,
...
}: {
config = lib.mkIf config.local.profiles.desktop.enable {
documentation = {
enable = true;
man = {
enable = true;
man-db.enable = false;
mandoc.enable = true;
generateCaches = true;
};
};
};
}

9
modules/nix/services/flatpak.nix Normal file
View file

@ -0,0 +1,9 @@
{
lib,
config,
...
}: {
config = lib.mkIf config.local.profiles.desktop.enable {
services.flatpak.enable = true;
};
}

93
modules/nix/services/forgejo.nix Normal file
View file

@ -0,0 +1,93 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkAfter removePrefix removeSuffix;
srv = config.services.forgejo.settings.server;
# https://github.com/isabelroses/dotfiles/blob/06f8f70914c8e672541a52563ee624ce2e62adfb/modules/nixos/services/selfhosted/forgejo.nix#L19-L23
theme = pkgs.fetchzip {
url = "https://github.com/catppuccin/gitea/releases/download/v1.0.1/catppuccin-gitea.tar.gz";
sha256 = "et5luA3SI7iOcEIQ3CVIu0+eiLs8C/8mOitYlWQa/uI=";
stripRoot = false;
};
in {
config = lib.mkIf config.local.profiles.server.enable {
services = {
forgejo = {
enable = true;
package = pkgs.forgejo;
lfs.enable = true;
database.type = "postgres";
dump = {
enable = true;
type = "tar.xz";
};
settings = {
server = {
DOMAIN = "git.nezia.dev";
HTTP_PORT = 1849;
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_ADDR = "localhost";
};
service = {
DISABLE_REGISTRATION = true;
};
federation = {
ENABLED = true;
};
ui = {
DEFAULT_THEME = "catppuccin-mocha-lavender";
THEMES = builtins.concatStringsSep "," (
["auto,forgejo-auto,forgejo-dark,forgejo-light,arc-gree,gitea"]
++ (map (name: removePrefix "theme-" (removeSuffix ".css" name)) (
builtins.attrNames (builtins.readDir theme)
))
);
};
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
};
};
};
caddy = {
enable = true;
virtualHosts."git.nezia.dev".extraConfig = ''
reverse_proxy * localhost:${toString srv.HTTP_PORT}
'';
};
};
# https://github.com/isabelroses/dotfiles/blob/06f8f70914c8e672541a52563ee624ce2e62adfb/modules/nixos/services/selfhosted/forgejo.nix#L59-L71
systemd.services = {
forgejo = {
preStart = let
inherit (config.services.forgejo) stateDir;
in
mkAfter ''
rm -rf ${stateDir}/custom/public/assets
mkdir -p ${stateDir}/custom/public/assets
ln -sf ${theme} ${stateDir}/custom/public/assets/css
'';
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [80 443];
# if using nftables
extraForwardRules = ''
ip6 saddr { ::/0 } accept
'';
};
# ensure IPv6 is enabled
networking.enableIPv6 = true;
};
}

19
modules/nix/services/gnome.nix Normal file
View file

@ -0,0 +1,19 @@
{
lib,
pkgs,
config,
...
}: {
config = lib.mkIf config.local.profiles.desktop.enable {
services = {
# needed for GNOME services outside of GNOME Desktop
dbus.packages = with pkgs; [
gcr
gnome-settings-daemon
];
gnome.gnome-keyring.enable = true;
gvfs.enable = true;
};
};
}

12
modules/nix/services/gnupg.nix Normal file
View file

@ -0,0 +1,12 @@
{
lib,
config,
...
}: {
config = lib.mkIf config.local.profiles.desktop.enable {
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
}

78
modules/nix/services/greetd.nix Normal file
View file

@ -0,0 +1,78 @@
{
config,
inputs,
lib,
pkgs,
...
}:
# thanks https://git.jacekpoz.pl/poz/niksos/src/commit/f8d5e7ccd9c769f7c0b564f10dff419285e75248/modules/services/greetd.nix
let
inherit (lib) getExe getExe';
inherit (inputs.hyprland.packages.${pkgs.stdenv.system}) hyprland;
hyprctl = getExe' hyprland "hyprctl";
Hyprland = getExe' hyprland "Hyprland";
greeter = getExe pkgs.greetd.gtkgreet;
hyprlandConfig =
pkgs.writeText "greetd-hyprland-config"
''
misc {
force_default_wallpaper=0
focus_on_activate=1
}
animations {
enabled=0
first_launch_animation=0
}
workspace=1,default:true,gapsout:0,gapsin:0,border:false,decorate:false
exec-once=[workspace 1;fullscreen;noanim] ${greeter} -l; ${hyprctl} dispatch exit
exec-once=${hyprctl} dispatch focuswindow ${greeter}
'';
in {
# TODO: perhaps turn this into a more generic module if we wanna use other wayland compositors
config = lib.mkIf config.local.modules.hyprland.enable {
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${Hyprland} --config ${hyprlandConfig}";
user = config.local.systemVars.username;
};
};
};
programs.regreet = {
enable = true;
};
security.pam.services = {
greetd.enableGnomeKeyring = true;
login.enableGnomeKeyring = true;
gdm-password.enableGnomeKeyring = true;
greetd.fprintAuth = false;
};
environment.etc."greetd/environments".text = let
environments = [
{
name = "Hyprland";
condition = with config.programs.hyprland; enable && !withUWSM;
}
{
name = "uwsm start -S hyprland-uwsm.desktop";
condition = with config.programs.hyprland; enable && withUWSM;
}
{
name = "sway";
condition = config.programs.sway.enable;
}
];
in
builtins.concatStringsSep "\n" (map (env: env.name) (builtins.filter (env: env.condition) environments));
};
}

6
config/nixos/services/kanata.nix → modules/nix/services/kanata.nix
View file

@ -1,5 +1,9 @@
{ {
services.kanata = { lib,
config,
...
}: {
services.kanata = lib.mkIf config.local.profiles.desktop.enable {
enable = true; enable = true;
keyboards.default = { keyboards.default = {
extraDefCfg = "process-unmapped-keys yes"; extraDefCfg = "process-unmapped-keys yes";

22
modules/nix/services/kmscon.nix Normal file
View file

@ -0,0 +1,22 @@
{
lib,
pkgs,
config,
...
}: {
config = lib.mkIf config.local.profiles.desktop.enable {
services.kmscon = {
enable = true;
fonts = [
{
name = "0xProto Nerd Font";
package = pkgs.nerd-fonts._0xproto;
}
];
extraConfig = ''
font-size=13
font-dpi=144
'';
};
};
}

21
modules/nix/services/location.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
...
}: {
config = lib.mkIf config.local.modules.hyprland.enable {
location.provider = "geoclue2";
services.geoclue2 = {
enable = true;
geoProviderUrl = "https://beacondb.net/v1/geolocate";
submissionUrl = "https://beacondb.net/v2/geosubmit";
submissionNick = "geoclue";
appConfig.gammastep = {
isAllowed = true;
isSystem = false;
};
};
};
}

15
modules/nix/services/logind.nix Normal file
View file

@ -0,0 +1,15 @@
{
lib,
config,
...
}: {
config = lib.mkIf config.local.profiles.laptop.enable {
services.logind = {
lidSwitch = "suspend";
extraConfig = ''
HandlePowerKey=ignore
HandlePowerKeyLongPress=poweroff
'';
};
};
}

26
modules/nix/services/pipewire.nix Normal file
View file

@ -0,0 +1,26 @@
{
lib,
inputs,
config,
...
}: {
imports = [
inputs.nix-gaming.nixosModules.pipewireLowLatency
];
config = lib.mkIf config.local.profiles.desktop.enable {
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
lowLatency.enable = true;
};
};
# rtkit is optional but recommended
security.rtkit.enable = true;
};
}

14
modules/nix/services/power.nix Normal file
View file

@ -0,0 +1,14 @@
{
lib,
config,
...
}: {
config = lib.mkIf config.local.profiles.laptop.enable {
services = {
power-profiles-daemon.enable = true;
# battery info
upower.enable = true;
};
};
}

69
modules/nix/services/searx.nix Normal file
View file

@ -0,0 +1,69 @@
{
inputs,
lib,
pkgs,
config,
...
}: {
imports = [
inputs.agenix.nixosModules.default
];
config = lib.mkIf config.local.profiles.server.enable {
age.secrets.searx-env-file.file = ../../../secrets/searx-env-file.age;
services = {
searx = {
enable = true;
package = pkgs.searxng;
environmentFile = config.age.secrets.searx-env-file.path;
settings = {
search = {
safe_search = 1; # 0 = None, 1 = Moderate, 2 = Strict
autocomplete = "google"; # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
default_lang = "en";
};
server = {
secret_key = "@SEARX_SECRET_KEY@";
port = 8888; # Internal port
bind_address = "localhost"; # Only listen locally
base_url = "https://search.nezia.dev/";
image_proxy = true;
default_http_headers = {
X-Content-Type-Options = "nosniff";
X-XSS-Protection = "1; mode=block";
X-Download-Options = "noopen";
X-Robots-Tag = "noindex, nofollow";
Referrer-Policy = "no-referrer";
};
};
engines = [
{
name = "qwant";
disabled = true;
}
];
};
};
caddy = {
enable = true;
virtualHosts."search.nezia.dev" = {
extraConfig = ''
encode gzip
reverse_proxy localhost:8888 {
header_up Host {host}
header_up X-Real-IP {remote_addr}
header_up X-Forwarded-For {remote_addr}
header_up X-Forwarded-Proto {scheme}
}
'';
};
};
};
# Open required ports
networking.firewall = {
allowedTCPPorts = [80 443]; # For Caddy
};
};
}

14
modules/nix/services/syncthing.nix Normal file
View file

@ -0,0 +1,14 @@
{
lib,
config,
...
}: {
config = lib.mkIf config.local.profiles.desktop.enable {
services = {
syncthing = {
enable = true;
};
};
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Don't create default ~/Sync folder
};
}

25
modules/nix/services/website.nix Normal file
View file

@ -0,0 +1,25 @@
{
lib,
inputs,
pkgs,
config,
...
}: {
config = lib.mkIf config.local.profiles.server.enable {
services.caddy.enable = true;
services.caddy.virtualHosts = {
"www.nezia.dev" = {
extraConfig = ''
redir https://nezia.dev{uri}
'';
};
"nezia.dev" = {
extraConfig = ''
root * ${inputs."nezia_dev".packages.${pkgs.system}.default}
file_server
encode gzip
'';
};
};
};
}