feat : Add modular service to hostname

2025-12-21 20:37:17 +01:00 · 2025-12-21 20:37:17 +01:00 · 1637885001
commit 1637885001
parent 9453773af6
11 changed files with 112 additions and 66 deletions
--- a/module/acme.nix
+++ b/module/acme.nix
@ -1,11 +1,11 @@
-  { config, ... }:
+{ config, lib, ... }:

-  {
+lib.mkIf config.sACME.enable {
  security.acme = {
    acceptTerms = true;
-    defaults.email = "admin+contact@wateir.fr";
+    defaults.email = config.sACME.email;

-    certs."wateir.fr" = {
+    certs."${config.sACME.domain}" = {
      dnsProvider = "ovh";
      environmentFile = "/etc/acme.env";
    };
--- a/module/hostname.nix
+++ b/module/hostname.nix
@ -1,11 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
-  options.HostName = mkOption {
-    type = types.str;
-    default = "${config.networking.hostName}.ssh.wateir.fr";
-    description = "Global hostname with domain for all services";
-  };
-}
--- a/module/newt.nix
+++ b/module/newt.nix
@ -1,6 +1,6 @@
 {config,lib, ... }:

-{
+lib.mkIf config.sNEWT.enable{
  services.newt = {
     enable = true;
     environmentFile = "/etc/newt.env";
--- a/module/nginx.nix
+++ b/module/nginx.nix
@ -1,17 +1,16 @@
 { config, pkgs, lib, ... }:

-lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004") {
+with lib;

-  services.nginx = {
-    enable = true;
-    virtualHosts = {
+{
+  services.nginx.enable = true;
+
+  services.nginx.virtualHosts = mkMerge [
+    (mkIf config.sVAULTWARDEN.enable {
      "${config.HostName}-vault" = {
-        listen = [
-          { addr = "0.0.0.0"; port = 8000; }
-        ];
-
+        listen = [{ addr = "0.0.0.0"; port = config.sVAULTWARDEN.externalPort; }];
        locations."/" = {
-          proxyPass = "http://127.0.0.1:8222";
+          proxyPass = "http://127.0.0.1:${toString config.sVAULTWARDEN.internalPort}";
          extraConfig = ''
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
@ -20,21 +19,18 @@ lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004") {
          '';
        };
      };
+    })

+    (mkIf config.sROUNDCUBE.enable {
      "${config.HostName}-roundcube" = {
-        listen = [
-          { addr = "0.0.0.0"; port = 1984; }
-        ];
-
+        listen = [{ addr = "0.0.0.0"; port = config.sROUNDCUBE.port; }];
        root = "${pkgs.roundcube}/public_html";
-
        locations."/" = {
          extraConfig = ''
            index index.php index.html;
            try_files $uri $uri/ /index.php?$args;
          '';
        };
-
        locations."~ \\.php$" = {
          extraConfig = ''
            include ${pkgs.nginx}/conf/fastcgi_params;
@ -43,9 +39,11 @@ lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004") {
          '';
        };
      };
-    };
-  };
+    })
+  ];

-
-  networking.firewall.allowedTCPPorts = [ 1984 8000 ];
+  networking.firewall.allowedTCPPorts = concatLists [
+    (if config.sVAULTWARDEN.enable then [ config.sVAULTWARDEN.externalPort ] else [])
+    (if config.sROUNDCUBE.enable   then [ config.sROUNDCUBE.port   ] else [])
+  ];
 }
--- a/module/roundcube.nix
+++ b/module/roundcube.nix
@ -1,16 +1,15 @@
-{ config,pkgs,lib, ... }:
+{ config, pkgs, lib, ... }:

-lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004") {
+lib.mkIf config.sROUNDCUBE.enable {
  services.roundcube = {
    enable = true;
    hostName = "${config.HostName}";

    plugins = [ "multiple_accounts" ];
-
    configureNginx = false;

    extraConfig = ''
-      # PurelyMail is the entreprise who host my mail
+      # PurelyMail configuration
      $config['default_host'] = 'ssl://imap.purelymail.com';
      $config['default_port'] = 993;
      $config['smtp_server'] = 'tls://smtp.purelymail.com';
@ -22,5 +21,4 @@ lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004") {

  systemd.services.nginx.serviceConfig.ProtectHome = false;
  users.groups.roundcube.members = [ "nginx" ];
-
 }
--- a/module/searXNG.nix
+++ b/module/searXNG.nix
@ -1,6 +1,6 @@
 { config,lib,pkgs, ... }:

-lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004"){
+lib.mkIf config.sSEARXNG.enable {
  services.searx = {
      enable = true;
      redisCreateLocally = true;
@ -9,7 +9,7 @@ lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004"){
      environmentFile = "/etc/searx.env";
      settings.server = {
        bind_address = "0.0.0.0";
-        port = 1692;
+        port = config.sSEARXNG.port;
      };
      settings.engines = lib.mapAttrsToList (name: value: { inherit name; } // value) {
        "wikidata".disabled = true;
--- a/module/tailscale.nix
+++ b/module/tailscale.nix
@ -1,17 +1,17 @@
- {config,lib, ... }:
+{ config, lib, pkgs, ... }:

-{
+lib.mkIf config.sTAILSCALE.enable {
  services.tailscale = {
-	  enable = true;
-	  extraDaemonFlags = [
-	  	"--no-logs-no-support"
-	  ];
+    enable = true;
+    extraDaemonFlags = [
+      "--no-logs-no-support"
+    ];

-	  extraSetFlags = [
-	  	"--ssh=false"
-	  ];
-	  useRoutingFeatures = "server";  # or "client" / "both"
-	};
+    extraSetFlags = [
+      "--ssh=false"
+    ];
+    useRoutingFeatures = "server";
+  };

  networking.firewall = {
    allowedTCPPorts = [ 443 ];
--- a/module/vaultWarden.nix
+++ b/module/vaultWarden.nix
@ -1,16 +1,12 @@
-{ config, pkgs, lib, ... }:
+{ config, lib, ... }:

-lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004"){
+lib.mkIf config.sVAULTWARDEN.enable {
  services.vaultwarden = {
    enable = true;
-
-    backupDir = "/var/local/vaultwarden/backup";
-
-    environmentFile = "/etc/vaultwarden.env";
-
    config = {
+      ROCKET_PORT = config.sVAULTWARDEN.internalPort;
+      ROCKET_ADDRESS = "127.0.0.1";
      SIGNUPS_ALLOWED = true;
-      ROCKET_PORT = 8222;
    };
  };
 }