rearranging alexadira services

hosts/modules/alexandria/cinny.nix

@@ -1,23 +0,0 @@
-{ config, ... }:
-
-{
-  virtualisation.oci-containers.containers."cinny" = {
-    image = "ghcr.io/cinnyapp/cinny:latest";
-    ports = [ "${config.ports.cinny}:80" ];
-    environment = {
-      TZ = "America/Bahia";
-    };
-    volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ];
-    extraOptions = [
-      "--pull=newer"
-      "--label=io.containers.autoupdate=registry"
-    ];
-  };
-
-  services.nginx.virtualHosts."matrix.baduhai.dev" = {
-    useACMEHost = "baduhai.dev";
-    forceSSL = true;
-    kTLS = true;
-    locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}";
-  };
-}

hosts/modules/alexandria/default.nix

@@ -1,46 +1,14 @@
-{ lib, ... }:
+{ ... }:
-
-let
-  mkStringOption =
-    default:
-    lib.mkOption {
-      inherit default;
-      type = lib.types.str;
-    };
-
-in
 
 {
   imports = [
-    ./cinny.nix
     ./forgejo.nix
     ./hardware-configuration.nix
     ./jellyfin.nix
     ./librespeed.nix
-    ./memos.nix
     ./nginx.nix
-    ./searx.nix
     ./services.nix
     ./users.nix
     ./vaultwarden.nix
   ];
-
-  options.ports = {
-    bazaar = mkStringOption "6767";
-    radarr = mkStringOption "7878";
-    vaultwarden = mkStringOption "8000";
-    cinny = mkStringOption "8002";
-    librespeed = mkStringOption "8003";
-    paperless = mkStringOption "8004";
-    yousable = mkStringOption "8005";
-    cinny2 = mkStringOption "8006";
-    searx = mkStringOption "8007";
-    qbittorrent = mkStringOption "8008";
-    actual = mkStringOption "8009";
-    memos = mkStringOption "8010";
-    collabora = mkStringOption "8011";
-    jellyfin = mkStringOption "8096";
-    sonarr = mkStringOption "8989";
-    jackett = mkStringOption "9117";
-  };
 }

hosts/modules/alexandria/forgejo.nix

@@ -1,33 +0,0 @@
-{ config, ... }:
-
-let
-  domain = "git.baduhai.dev";
-in
-
-{
-  services = {
-    forgejo = {
-      enable = true;
-      repositoryRoot = "/data/forgejo";
-      settings = {
-        session.COOKIE_SECURE = true;
-        server = {
-          PROTOCOL = "http+unix";
-          DOMAIN = domain;
-          ROOT_URL = "https://${domain}";
-          OFFLINE_MODE = true; # disable use of CDNs
-          SSH_DOMAIN = "baduhai.dev";
-        };
-        log.LEVEL = "Warn";
-        mailer.ENABLED = false;
-        actions.ENABLED = false;
-      };
-    };
-    nginx.virtualHosts.${domain} = {
-      useACMEHost = "baduhai.dev";
-      forceSSL = true;
-      kTLS = true;
-      locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
-    };
-  };
-}

hosts/modules/alexandria/jellyfin.nix

@@ -1,19 +0,0 @@
-{ config, ... }:
-
-{
-  services = {
-    jellyfin = {
-      enable = true;
-      user = "user";
-      group = "hosted";
-      openFirewall = true;
-    };
-
-    nginx.virtualHosts."jellyfin.baduhai.dev" = {
-      useACMEHost = "baduhai.dev";
-      forceSSL = true;
-      kTLS = true;
-      locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}";
-    };
-  };
-}

hosts/modules/alexandria/librespeed.nix

@@ -1,22 +0,0 @@
-{ config, ... }:
-
-{
-  virtualisation.oci-containers.containers."librespeed" = {
-    image = "lscr.io/linuxserver/librespeed:latest";
-    environment = {
-      TZ = "America/Bahia";
-    };
-    ports = [ "${config.ports.librespeed}:80" ];
-    extraOptions = [
-      "--pull=newer"
-      "--label=io.containers.autoupdate=registry"
-    ];
-  };
-
-  services.nginx.virtualHosts."speed.baduhai.dev" = {
-    useACMEHost = "baduhai.dev";
-    forceSSL = true;
-    kTLS = true;
-    locations."/".proxyPass = "http://127.0.0.1:${config.ports.librespeed}";
-  };
-}

hosts/modules/alexandria/memos.nix

@@ -1,23 +0,0 @@
-{ config, ... }:
-
-{
-  virtualisation.oci-containers.containers."memos" = {
-    image = "docker.io/neosmemo/memos:stable";
-    ports = [ "${config.ports.memos}:5230" ];
-    environment = {
-      TZ = "America/Bahia";
-    };
-    volumes = [ "/data/memos/:/var/opt/memos" ];
-    extraOptions = [
-      "--pull=newer"
-      "--label=io.containers.autoupdate=registry"
-    ];
-  };
-
-  services.nginx.virtualHosts."notes.baduhai.dev" = {
-    useACMEHost = "baduhai.dev";
-    forceSSL = true;
-    kTLS = true;
-    locations."/".proxyPass = "http://127.0.0.1:${config.ports.memos}";
-  };
-}

hosts/modules/alexandria/networking.nix

@@ -10,4 +10,9 @@
       allowedUDPPorts = [ ];
     };
   };
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = 1;
+    "net.ipv6.conf.all.forwarding" = 1;
+  };
 }

hosts/modules/alexandria/nginx.nix

@@ -1,37 +0,0 @@
-{ config, ... }:
-
-{
-  services.nginx = {
-    enable = true;
-    group = "hosted";
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "baduhai@proton.me";
-      dnsResolver = "1.1.1.1:53";
-      dnsProvider = "cloudflare";
-      credentialsFile = config.age.secrets.cloudflare.path;
-    };
-    certs."baduhai.dev" = {
-      extraDomainNames = [ "*.baduhai.dev" ];
-    };
-  };
-
-  boot.kernel.sysctl = {
-    "net.ipv4.ip_forward" = 1;
-    "net.ipv6.conf.all.forwarding" = 1;
-  };
-
-  age.secrets.cloudflare = {
-    file = ../../../secrets/cloudflare.age;
-    owner = "nginx";
-    group = "hosted";
-  };
-
-}

hosts/modules/alexandria/searx.nix

@@ -1,28 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-
-{
-  services = {
-    searx = {
-      enable = true;
-      package = pkgs.searxng;
-      settings.server = {
-        port = lib.toInt "${config.ports.searx}";
-        bind_address = "0.0.0.0";
-        secret_key = "&yEf!xLA@y3FdJ5BjKnUnNAkqer$iW!9";
-        method = "GET";
-      };
-    };
-
-    nginx.virtualHosts."search.baduhai.dev" = {
-      useACMEHost = "baduhai.dev";
-      forceSSL = true;
-      kTLS = true;
-      locations."/".proxyPass = "http://127.0.0.1:${config.ports.searx}";
-    };
-  };
-}

hosts/modules/alexandria/services.nix

@@ -1,7 +1,103 @@
-{ ... }:
+{ config, lib, ... }:
+
+let
+  ports = {
+    vaultwarden = "8000";
+    librespeed = "8001";
+    jellyfin = "8096";
+  };
+in
 
 {
-  services.postgresql.enable = true;
+  services = {
+    nginx = {
+      enable = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      virtualHosts =
+        let
+          commonVHostConfig = {
+            useACMEHost = "baduhai.dev";
+            forceSSL = true;
+            kTLS = true;
+          };
+        in
+        lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) {
+          "_".locations."/".return = "444";
+          "git.baduhai.dev".locations."/".proxyPass =
+            "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
+          "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}";
+          "pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}";
+          "speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}";
+        };
+    };
+
+    forgejo = {
+      enable = true;
+      repositoryRoot = "/data/forgejo";
+      settings = {
+        session.COOKIE_SECURE = true;
+        server = {
+          PROTOCOL = "http+unix";
+          DOMAIN = "git.baduhai.dev";
+          ROOT_URL = "https://git.baduhai.dev";
+          OFFLINE_MODE = true; # disable use of CDNs
+          SSH_DOMAIN = "baduhai.dev";
+        };
+        log.LEVEL = "Warn";
+        mailer.ENABLED = false;
+        actions.ENABLED = false;
+      };
+    };
+
+    jellyfin = {
+      enable = true;
+      openFirewall = true;
+    };
+
+    vaultwarden = {
+      enable = true;
+      config = {
+        DOMAIN = "https://pass.baduhai.dev";
+        SIGNUPS_ALLOWED = false;
+        ROCKET_ADDRESS = "127.0.0.1";
+        ROCKET_PORT = "${config.ports.vaultwarden}";
+      };
+    };
+  };
+
+  virtualisation.oci-containers.containers."librespeed" = {
+    image = "lscr.io/linuxserver/librespeed:latest";
+    environment = {
+      TZ = "America/Bahia";
+    };
+    ports = [ "${config.ports.librespeed}:80" ];
+    extraOptions = [
+      "--pull=newer"
+      "--label=io.containers.autoupdate=registry"
+    ];
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "baduhai@proton.me";
+      dnsResolver = "1.1.1.1:53";
+      dnsProvider = "cloudflare";
+      credentialsFile = config.age.secrets.cloudflare.path;
+    };
+    certs."baduhai.dev" = {
+      extraDomainNames = [ "*.baduhai.dev" ];
+    };
+  };
+
+  age.secrets.cloudflare = {
+    file = ../../../secrets/cloudflare.age;
+    owner = "nginx";
+    group = "hosted";
+  };
 
   # TODO: remove when bug fix
   # serokell/deploy-rs/issues/57

hosts/modules/alexandria/vaultwarden.nix

@@ -1,22 +0,0 @@
-{ config, ... }:
-
-{
-  services = {
-    vaultwarden = {
-      enable = true;
-      config = {
-        DOMAIN = "https://pass.baduhai.dev";
-        SIGNUPS_ALLOWED = true;
-        ROCKET_ADDRESS = "127.0.0.1";
-        ROCKET_PORT = "${config.ports.vaultwarden}";
-      };
-    };
-
-    nginx.virtualHosts."pass.baduhai.dev" = {
-      useACMEHost = "baduhai.dev";
-      forceSSL = true;
-      kTLS = true;
-      locations."/".proxyPass = "http://127.0.0.1:${config.ports.vaultwarden}";
-    };
-  };
-}