diff --git a/hosts/envy/default.nix b/hosts/envy/default.nix index 26724a48..9ba1dca9 100644 --- a/hosts/envy/default.nix +++ b/hosts/envy/default.nix @@ -5,6 +5,7 @@ ./disko ./filesystems ./hardware + ./services ./users ../../modules/system ]; @@ -19,19 +20,6 @@ lanzaboote.enable = true; fancyboot.enable = true; wireless.enable = true; - wireguard.client.enable = true; - libvirtd.enable = true; stateVersion = "24.11"; }; - - # Services to make this work as a school laptop - services.globalprotect.enable = true; - - virtualisation.vmware.host.enable = true; - nixpkgs.allowUnfreePackages = [ "vmware-workstation" ]; - - environment.persistence."/persist".directories = [ - "/home/${config.sysusers.main}/vmware" - "/home/${config.sysusers.main}/.vmware" - ]; } diff --git a/hosts/envy/services/default.nix b/hosts/envy/services/default.nix new file mode 100644 index 00000000..0b5409bf --- /dev/null +++ b/hosts/envy/services/default.nix @@ -0,0 +1,19 @@ +{ config, ... }: +{ + services = { + globalprotect.enable = true; + wireguard.client.enable = true; + }; + + virtualisation = { + libvirtd.enable = true; + vmware.host.enable = true; + }; + + nixpkgs.allowUnfreePackages = [ "vmware-workstation" ]; + + environment.persistence."/persist".directories = [ + "/home/${config.sysusers.main}/vmware" + "/home/${config.sysusers.main}/.vmware" + ]; +} diff --git a/hosts/midas/default.nix b/hosts/midas/default.nix index 57668ece..feed24d2 100644 --- a/hosts/midas/default.nix +++ b/hosts/midas/default.nix @@ -6,6 +6,7 @@ ./filesystems ./firewall ./hardware + ./services ./users ../../modules/system ]; @@ -26,16 +27,6 @@ system = { server.enable = true; lanzaboote.enable = true; - fileserver.enable = true; - socialserver.enable = true; - wireguard.server.enable = true; stateVersion = "24.11"; }; - - services.minecraft-servers.servers = { - velocity.enable = true; - johnside.enable = true; - cornworld.enable = true; - skyblock.enable = true; - }; } diff --git a/hosts/midas/services/default.nix b/hosts/midas/services/default.nix new file mode 100644 index 00000000..0132aae1 --- /dev/null +++ b/hosts/midas/services/default.nix @@ -0,0 +1,25 @@ +{ ... }: +{ + services = { + fileserver.enable = true; + socialserver.enable = true; + webserver.enable = true; + + forgejo.enable = true; + icecast.enable = true; + owncast.enable = true; + transmission.enable = true; + vaultwarden.enable = true; + wireguard.server.enable = true; + + minecraft-servers = { + enable = true; + servers = { + velocity.enable = true; + johnside.enable = true; + cornworld.enable = true; + skyblock.enable = true; + }; + }; + }; +} diff --git a/hosts/pear/default.nix b/hosts/pear/default.nix index 5a07770f..94ca6757 100644 --- a/hosts/pear/default.nix +++ b/hosts/pear/default.nix @@ -5,6 +5,7 @@ ./disko ./filesystems ./hardware + ./services ./users ../../modules/system ]; @@ -18,19 +19,6 @@ desktop.enable = true; fancyboot.enable = true; wireless.enable = true; - wireguard.client.enable = true; - libvirtd.enable = true; stateVersion = "24.11"; }; - - # Services to make this work as a school laptop - services.globalprotect.enable = true; - - virtualisation.vmware.host.enable = true; - nixpkgs.allowUnfreePackages = [ "vmware-workstation" ]; - - environment.persistence."/persist".directories = [ - "/home/${config.sysusers.main}/vmware" - "/home/${config.sysusers.main}/.vmware" - ]; } diff --git a/hosts/pear/services/default.nix b/hosts/pear/services/default.nix new file mode 100644 index 00000000..0b5409bf --- /dev/null +++ b/hosts/pear/services/default.nix @@ -0,0 +1,19 @@ +{ config, ... }: +{ + services = { + globalprotect.enable = true; + wireguard.client.enable = true; + }; + + virtualisation = { + libvirtd.enable = true; + vmware.host.enable = true; + }; + + nixpkgs.allowUnfreePackages = [ "vmware-workstation" ]; + + environment.persistence."/persist".directories = [ + "/home/${config.sysusers.main}/vmware" + "/home/${config.sysusers.main}/.vmware" + ]; +} diff --git a/hosts/prophet/default.nix b/hosts/prophet/default.nix index c7186483..6ee52368 100644 --- a/hosts/prophet/default.nix +++ b/hosts/prophet/default.nix @@ -16,8 +16,12 @@ }; system = { - mailserver.enable = true; - wireguard.client.enable = true; + server.enable = true; stateVersion = "24.05"; }; + + services = { + mailserver.enable = true; + wireguard.client.enable = true; + }; } diff --git a/hosts/redmond/default.nix b/hosts/redmond/default.nix index 61649611..dc6735ea 100644 --- a/hosts/redmond/default.nix +++ b/hosts/redmond/default.nix @@ -19,9 +19,10 @@ lanzaboote.enable = true; fancyboot.enable = true; wireless.enable = true; - wireguard.client.enable = true; stateVersion = "24.05"; }; + services.wireguard.client.enable = true; + environment.sessionVariables.WLR_RENDERER = lib.mkForce "gles2"; } diff --git a/hosts/tower/default.nix b/hosts/tower/default.nix index 981d19dd..f15d5962 100644 --- a/hosts/tower/default.nix +++ b/hosts/tower/default.nix @@ -25,8 +25,9 @@ system = { desktop.enable = true; lanzaboote.enable = true; - libvirtd.enable = true; video.nvidia.enable = true; stateVersion = "24.05"; }; + + virtualisation.libvirtd.enable = true; } diff --git a/modules/system/devices/networking/default.nix b/modules/system/devices/networking/default.nix index 543b5133..6cd59939 100644 --- a/modules/system/devices/networking/default.nix +++ b/modules/system/devices/networking/default.nix @@ -3,7 +3,6 @@ imports = [ ./ips ./wireless - ./wireguard ]; networking = { diff --git a/modules/system/devices/networking/wireguard/default.nix b/modules/system/devices/networking/wireguard/default.nix deleted file mode 100644 index 0b5cd076..00000000 --- a/modules/system/devices/networking/wireguard/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - imports = [ - ./client - ./server - ]; -} diff --git a/modules/system/services/general/libvirtd/default.nix b/modules/system/services/general/libvirtd/default.nix index 9324286e..d30cb1e1 100644 --- a/modules/system/services/general/libvirtd/default.nix +++ b/modules/system/services/general/libvirtd/default.nix @@ -1,10 +1,7 @@ { config, lib, pkgs, ... }: { - options.system.libvirtd.enable = lib.mkEnableOption "Enable libvirtd services"; - - config = lib.mkIf config.system.libvirtd.enable { + config = lib.mkIf config.virtualisation.libvirtd.enable { virtualisation.libvirtd = { - enable = true; onBoot = "ignore"; onShutdown = "shutdown"; qemu = { @@ -19,6 +16,13 @@ programs.virt-manager.enable = true; + networking.firewall.trustedInterfaces = [ + "virbr0" + "virbr1" + ]; + + systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 - libvirtd -" ]; + environment.persistence."/persist".directories = [ "/var/lib/libvirt/dnsmasq" "/var/lib/libvirt/nwfilter" @@ -27,13 +31,5 @@ "/var/lib/libvirt/storage" "/var/lib/libvirt/swtpm" ]; - - # Needed to make NAT work - networking.firewall.trustedInterfaces = [ - "virbr0" - "virbr1" - ]; - - systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 - libvirtd -" ]; }; } diff --git a/modules/system/services/general/tlp/default.nix b/modules/system/services/general/tlp/default.nix index 097e7bc0..4b030f55 100644 --- a/modules/system/services/general/tlp/default.nix +++ b/modules/system/services/general/tlp/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, ... }: { - services.tlp.enable = true; + services.tlp.enable = config.system.desktop.enable; } diff --git a/modules/system/services/server/default.nix b/modules/system/services/server/default.nix index 69ef8c6c..27ccc60e 100644 --- a/modules/system/services/server/default.nix +++ b/modules/system/services/server/default.nix @@ -8,10 +8,11 @@ ./mailserver ./minecraft ./mysql + ./nginx ./owncast ./socialserver ./transmission ./vaultwarden - ./webserver + ./wireguard ]; } diff --git a/modules/system/services/server/fileserver/default.nix b/modules/system/services/server/fileserver/default.nix index 98de5ed1..08319e4e 100644 --- a/modules/system/services/server/fileserver/default.nix +++ b/modules/system/services/server/fileserver/default.nix @@ -1,6 +1,6 @@ { lib, ... }: { - options.system.fileserver.enable = lib.mkEnableOption "Enable file serving services"; + options.services.fileserver.enable = lib.mkEnableOption "Enable file serving services"; imports = [ ./jellyfin diff --git a/modules/system/services/server/fileserver/jellyfin/default.nix b/modules/system/services/server/fileserver/jellyfin/default.nix index b50ec1f5..ad745cce 100644 --- a/modules/system/services/server/fileserver/jellyfin/default.nix +++ b/modules/system/services/server/fileserver/jellyfin/default.nix @@ -5,7 +5,7 @@ ./user ]; - config = lib.mkIf config.system.fileserver.enable { + config = lib.mkIf config.services.fileserver.enable { services.jellyfin.enable = true; environment.persistence."/persist".directories = [ "/var/lib/jellyfin" ]; }; diff --git a/modules/system/services/server/fileserver/nextcloud/default.nix b/modules/system/services/server/fileserver/nextcloud/default.nix index 05306dd3..e29041e4 100644 --- a/modules/system/services/server/fileserver/nextcloud/default.nix +++ b/modules/system/services/server/fileserver/nextcloud/default.nix @@ -5,7 +5,7 @@ ./user ]; - config = lib.mkIf config.system.fileserver.enable { + config = lib.mkIf config.services.fileserver.enable { services.nextcloud = { enable = true; package = pkgs.nextcloud30; diff --git a/modules/system/services/server/fileserver/nfs/default.nix b/modules/system/services/server/fileserver/nfs/default.nix index 6b04ab19..092fbf85 100644 --- a/modules/system/services/server/fileserver/nfs/default.nix +++ b/modules/system/services/server/fileserver/nfs/default.nix @@ -2,14 +2,13 @@ { imports = [ ./user ]; - config = lib.mkIf config.system.fileserver.enable { + config = lib.mkIf config.services.fileserver.enable { services.nfs.server = { enable = true; exports = '' /storage/Files *(rw,sync,no_subtree_check) /storage/Media *(rw,sync,no_subtree_check) /storage/Music *(rw,sync,no_subtree_check) - /srv/minecraft *(rw,sync,no_subtree_check) ''; }; networking.nftables.tables.nfs = { diff --git a/modules/system/services/server/forgejo/default.nix b/modules/system/services/server/forgejo/default.nix index 31fcfc0a..91284ecc 100644 --- a/modules/system/services/server/forgejo/default.nix +++ b/modules/system/services/server/forgejo/default.nix @@ -2,9 +2,8 @@ { imports = [ ./nginx ]; - config = lib.mkIf config.system.server.enable { + config = lib.mkIf config.services.forgejo.enable { services.forgejo = { - enable = true; package = pkgs.forgejo; settings = { server = { diff --git a/modules/system/services/server/icecast/default.nix b/modules/system/services/server/icecast/default.nix index 1c0387c8..ec3dce64 100644 --- a/modules/system/services/server/icecast/default.nix +++ b/modules/system/services/server/icecast/default.nix @@ -6,7 +6,6 @@ ]; services.icecast = { - enable = config.system.server.enable; listen.port = 73; hostname = "radio.nixfox.ca"; admin = { diff --git a/modules/system/services/server/mailserver/default.nix b/modules/system/services/server/mailserver/default.nix index 1ebd46de..fa8fd139 100644 --- a/modules/system/services/server/mailserver/default.nix +++ b/modules/system/services/server/mailserver/default.nix @@ -6,5 +6,5 @@ ./simplenix ]; - options.system.mailserver.enable = lib.mkEnableOption "Enable Simple NixOS Mailserver"; + options.services.mailserver.enable = lib.mkEnableOption "Enable Simple NixOS Mailserver"; } diff --git a/modules/system/services/server/mailserver/go-autoconfig/default.nix b/modules/system/services/server/mailserver/go-autoconfig/default.nix index f9b5962f..332a63d2 100644 --- a/modules/system/services/server/mailserver/go-autoconfig/default.nix +++ b/modules/system/services/server/mailserver/go-autoconfig/default.nix @@ -3,7 +3,7 @@ imports = [ ./nginx ]; services.go-autoconfig = { - enable = config.system.mailserver.enable; + enable = config.services.mailserver.enable; settings = { service_addr = ":1323"; domain = "autoconfig.nixfox.ca"; diff --git a/modules/system/services/server/mailserver/go-autoconfig/nginx/default.nix b/modules/system/services/server/mailserver/go-autoconfig/nginx/default.nix index 04c92b34..1bb0d687 100644 --- a/modules/system/services/server/mailserver/go-autoconfig/nginx/default.nix +++ b/modules/system/services/server/mailserver/go-autoconfig/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."autoconfig.nixfox.ca" = lib.mkIf config.mailserver.enable { + services.nginx.virtualHosts."autoconfig.nixfox.ca" = lib.mkIf config.services.go-autoconfig.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/mailserver/roundcube/default.nix b/modules/system/services/server/mailserver/roundcube/default.nix index 519754dd..f1d8d44c 100644 --- a/modules/system/services/server/mailserver/roundcube/default.nix +++ b/modules/system/services/server/mailserver/roundcube/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - config = lib.mkIf config.system.mailserver.enable { + config = lib.mkIf config.services.mailserver.enable { services.roundcube = { enable = true; hostName = "mail.nixfox.ca"; diff --git a/modules/system/services/server/mailserver/simplenix/default.nix b/modules/system/services/server/mailserver/simplenix/default.nix index 0a248e53..1736def2 100644 --- a/modules/system/services/server/mailserver/simplenix/default.nix +++ b/modules/system/services/server/mailserver/simplenix/default.nix @@ -5,7 +5,7 @@ mailserver.nixosModule ]; - config = lib.mkIf config.system.mailserver.enable { + config = lib.mkIf config.services.mailserver.enable { mailserver = { enable = true; domains = [ diff --git a/modules/system/services/server/minecraft/default.nix b/modules/system/services/server/minecraft/default.nix index da766e77..1e757e81 100644 --- a/modules/system/services/server/minecraft/default.nix +++ b/modules/system/services/server/minecraft/default.nix @@ -5,15 +5,21 @@ minecraft.nixosModules.minecraft-servers ]; - config = lib.mkIf config.system.server.enable { + config = lib.mkIf config.services.minecraft-servers.enable { nixpkgs = { overlays = [ minecraft.overlay ]; allowUnfreePackages = [ "minecraft-server" ]; }; - services.minecraft-servers = { - enable = true; - eula = true; + services = { + minecraft-servers.eula = true; + mysql = { + ensureDatabases = [ "minecraft" ]; + ensureUsers = [{ + name = "minecraft"; + ensurePermissions."minecraft.*" = "ALL PRIVILEGES"; + }]; + }; }; environment.persistence."/persist".directories = [ "/srv/minecraft" ]; diff --git a/modules/system/services/server/mysql/default.nix b/modules/system/services/server/mysql/default.nix index 39d54f05..ecb7ba94 100644 --- a/modules/system/services/server/mysql/default.nix +++ b/modules/system/services/server/mysql/default.nix @@ -4,17 +4,6 @@ services.mysql = { enable = true; package = pkgs.mariadb; - ensureDatabases = [ - "minecraft" - ]; - ensureUsers = [ - { - name = "minecraft"; - ensurePermissions = { - "minecraft.*" = "ALL PRIVILEGES"; - }; - } - ]; }; environment.persistence."/persist".directories = [ "/var/lib/mysql" diff --git a/modules/system/services/server/webserver/acme/default.nix b/modules/system/services/server/nginx/acme/default.nix similarity index 100% rename from modules/system/services/server/webserver/acme/default.nix rename to modules/system/services/server/nginx/acme/default.nix diff --git a/modules/system/services/server/webserver/nginx/default.nix b/modules/system/services/server/nginx/default.nix similarity index 74% rename from modules/system/services/server/webserver/nginx/default.nix rename to modules/system/services/server/nginx/default.nix index 88349188..67e7ac29 100644 --- a/modules/system/services/server/webserver/nginx/default.nix +++ b/modules/system/services/server/nginx/default.nix @@ -1,12 +1,15 @@ { config, lib, ... }: { imports = [ + ./acme ./rtmp ./user ./virtualhosts ]; - config = lib.mkIf (config.system.server.enable || config.system.mailserver.enable) { + options.services.webserver.enable = lib.mkEnableOption "Enable nginx related services"; + + config = lib.mkIf config.system.server.enable { services.nginx = { enable = true; recommendedTlsSettings = true; @@ -15,11 +18,11 @@ recommendedProxySettings = true; }; - environment.persistence."/persist".directories = [ "/var/www" ]; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + + environment.persistence."/persist".directories = [ "/var/www" ]; }; } diff --git a/modules/system/services/server/webserver/nginx/rtmp/default.nix b/modules/system/services/server/nginx/rtmp/default.nix similarity index 88% rename from modules/system/services/server/webserver/nginx/rtmp/default.nix rename to modules/system/services/server/nginx/rtmp/default.nix index e6999ee3..db02609a 100644 --- a/modules/system/services/server/webserver/nginx/rtmp/default.nix +++ b/modules/system/services/server/nginx/rtmp/default.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: { - options.system.rtmp.enable = lib.mkEnableOption "Enable an RTMP server using Nginx"; - - config = lib.mkIf config.system.rtmp.enable { + config = lib.mkIf config.services.webserver.enable { services.nginx = { package = (pkgs.nginx.override { modules = with pkgs.nginxModules; [ rtmp ]; diff --git a/modules/system/services/server/webserver/nginx/user/default.nix b/modules/system/services/server/nginx/user/default.nix similarity index 100% rename from modules/system/services/server/webserver/nginx/user/default.nix rename to modules/system/services/server/nginx/user/default.nix diff --git a/modules/system/services/server/webserver/nginx/virtualhosts/default.nix b/modules/system/services/server/nginx/virtualhosts/default.nix similarity index 100% rename from modules/system/services/server/webserver/nginx/virtualhosts/default.nix rename to modules/system/services/server/nginx/virtualhosts/default.nix diff --git a/modules/system/services/server/webserver/nginx/virtualhosts/files/default.nix b/modules/system/services/server/nginx/virtualhosts/files/default.nix similarity index 85% rename from modules/system/services/server/webserver/nginx/virtualhosts/files/default.nix rename to modules/system/services/server/nginx/virtualhosts/files/default.nix index 3269f0d8..882ffebe 100644 --- a/modules/system/services/server/webserver/nginx/virtualhosts/files/default.nix +++ b/modules/system/services/server/nginx/virtualhosts/files/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."jimbosfiles.com" = lib.mkIf config.system.server.enable { + services.nginx.virtualHosts."jimbosfiles.com" = lib.mkIf config.services.webserver.enable { enableACME = true; addSSL = true; globalRedirect = "www.nixfox.ca"; diff --git a/modules/system/services/server/webserver/nginx/virtualhosts/nixfox/default.nix b/modules/system/services/server/nginx/virtualhosts/nixfox/default.nix similarity index 90% rename from modules/system/services/server/webserver/nginx/virtualhosts/nixfox/default.nix rename to modules/system/services/server/nginx/virtualhosts/nixfox/default.nix index 7bb75a27..adbcbd1c 100644 --- a/modules/system/services/server/webserver/nginx/virtualhosts/nixfox/default.nix +++ b/modules/system/services/server/nginx/virtualhosts/nixfox/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts = lib.mkIf config.system.server.enable { + services.nginx.virtualHosts = lib.mkIf config.services.webserver.enable { "www.nixfox.ca" = { enableACME = true; addSSL = true; diff --git a/modules/system/services/server/owncast/default.nix b/modules/system/services/server/owncast/default.nix index 6a52595b..70476d00 100644 --- a/modules/system/services/server/owncast/default.nix +++ b/modules/system/services/server/owncast/default.nix @@ -2,9 +2,8 @@ { imports = [ ./nginx ]; - config = lib.mkIf config.system.socialserver.enable { + config = lib.mkIf config.services.owncast.enable { services.owncast = { - enable = true; port = 8060; rtmp-port = 1945; }; diff --git a/modules/system/services/server/socialserver/default.nix b/modules/system/services/server/socialserver/default.nix index a2f84675..fc388324 100644 --- a/modules/system/services/server/socialserver/default.nix +++ b/modules/system/services/server/socialserver/default.nix @@ -5,5 +5,5 @@ ./matrix ]; - options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services"; + options.services.socialserver.enable = lib.mkEnableOption "Enable social media like services"; } diff --git a/modules/system/services/server/socialserver/mastodon/default.nix b/modules/system/services/server/socialserver/mastodon/default.nix index ed7c0b61..37028db0 100644 --- a/modules/system/services/server/socialserver/mastodon/default.nix +++ b/modules/system/services/server/socialserver/mastodon/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: { - config = lib.mkIf config.system.socialserver.enable { + config = lib.mkIf config.services.socialserver.enable { services.mastodon = { enable = true; localDomain = "social.nixfox.ca"; diff --git a/modules/system/services/server/socialserver/matrix/synapse/default.nix b/modules/system/services/server/socialserver/matrix/synapse/default.nix index 62649fa0..3a99df75 100644 --- a/modules/system/services/server/socialserver/matrix/synapse/default.nix +++ b/modules/system/services/server/socialserver/matrix/synapse/default.nix @@ -2,7 +2,7 @@ { imports = [ ./nginx ]; - config = lib.mkIf config.system.socialserver.enable { + config = lib.mkIf config.services.socialserver.enable { services.matrix-synapse = { enable = true; settings = { diff --git a/modules/system/services/server/transmission/default.nix b/modules/system/services/server/transmission/default.nix index b23b9dd5..d493a1d8 100644 --- a/modules/system/services/server/transmission/default.nix +++ b/modules/system/services/server/transmission/default.nix @@ -2,15 +2,12 @@ { imports = [ ./nginx ]; - config = lib.mkIf config.system.server.enable { + config = lib.mkIf config.services.transmission.enable { services.transmission = { - enable = true; credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile; openPeerPorts = true; settings.rpc-authentication-required = true; }; - environment.persistence."/persist".directories = [ - "/var/lib/transmission" - ]; + environment.persistence."/persist".directories = [ "/var/lib/transmission" ]; }; } diff --git a/modules/system/services/server/vaultwarden/default.nix b/modules/system/services/server/vaultwarden/default.nix index 454019ef..928b3458 100644 --- a/modules/system/services/server/vaultwarden/default.nix +++ b/modules/system/services/server/vaultwarden/default.nix @@ -2,25 +2,22 @@ { imports = [ ./nginx ]; - config = lib.mkIf config.system.server.enable { - services.vaultwarden = { - enable = true; - config = { - domain = "https://pass.nixfox.ca"; - signupsAllowed = false; - rocketAddress = "127.0.0.1"; - rocketPort = 8222; + config = lib.mkIf config.services.vaultwarden.enable { + services.vaultwarden.config = { + domain = "https://pass.nixfox.ca"; + signupsAllowed = false; + rocketAddress = "127.0.0.1"; + rocketPort = 8222; - # Smtp email - smtpHost = "mx.nixfox.ca"; - smtpFrom = "noreply@nixfox.ca"; - smtpFromName = "Vaultwarden"; - smtpUsername = "noreply@nixfox.ca"; - smtpPassword = config.secrets.mailPass.nixfoxNoReply; - smtpSecurity = "starttls"; - smtpPort = 587; - smtpTimeout = 15; - }; + # Smtp email + smtpHost = "mx.nixfox.ca"; + smtpFrom = "noreply@nixfox.ca"; + smtpFromName = "Vaultwarden"; + smtpUsername = "noreply@nixfox.ca"; + smtpPassword = config.secrets.mailPass.nixfoxNoReply; + smtpSecurity = "starttls"; + smtpPort = 587; + smtpTimeout = 15; }; environment.persistence."/persist".directories = [ "/var/lib/vaultwarden" ]; diff --git a/modules/system/services/server/webserver/default.nix b/modules/system/services/server/webserver/default.nix deleted file mode 100644 index 5ccf66ce..00000000 --- a/modules/system/services/server/webserver/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ lib, ... }: -{ - imports = [ - ./acme - ./nginx - ]; - - options.system.webserver.enable = lib.mkEnableOption "Enable nginx related services"; -} diff --git a/modules/system/devices/networking/wireguard/client/default.nix b/modules/system/services/server/wireguard/client/default.nix similarity index 75% rename from modules/system/devices/networking/wireguard/client/default.nix rename to modules/system/services/server/wireguard/client/default.nix index 1783f3d1..0846d079 100644 --- a/modules/system/devices/networking/wireguard/client/default.nix +++ b/modules/system/services/server/wireguard/client/default.nix @@ -1,8 +1,6 @@ { config, lib, ... }: { - options.system.wireguard.client.enable = lib.mkEnableOption "Enable the Wireguard client"; - - config = lib.mkIf config.system.wireguard.client.enable { + config = lib.mkIf config.services.wireguard.client.enable { networking = { firewall.trustedInterfaces = [ "wgc" ]; wg-quick.interfaces.wgc = { diff --git a/modules/system/services/server/wireguard/default.nix b/modules/system/services/server/wireguard/default.nix new file mode 100644 index 00000000..60563b34 --- /dev/null +++ b/modules/system/services/server/wireguard/default.nix @@ -0,0 +1,12 @@ +{ lib, ... }: +{ + imports = [ + ./client + ./server + ]; + + options.services.wireguard = with lib; { + client.enable = mkEnableOption "Enable Wireguard client"; + server.enable = mkEnableOption "Enable Wireguard server"; + }; +} diff --git a/modules/system/devices/networking/wireguard/server/default.nix b/modules/system/services/server/wireguard/server/default.nix similarity index 76% rename from modules/system/devices/networking/wireguard/server/default.nix rename to modules/system/services/server/wireguard/server/default.nix index 13f7271d..c94d5b86 100644 --- a/modules/system/devices/networking/wireguard/server/default.nix +++ b/modules/system/services/server/wireguard/server/default.nix @@ -1,13 +1,11 @@ { config, lib, ... }: { - options.system.wireguard.server.enable = lib.mkEnableOption "Enable the Wireguard server"; - - config = lib.mkIf config.system.wireguard.server.enable { + config = lib.mkIf config.services.wireguard.server.enable { networking = { firewall.allowedUDPPorts = [ 51820 ]; nat = { - enable = config.system.wireguard.server.enable; + enable = true; internalInterfaces = [ "wgs" ]; };