added ports module from m3ta-nixpkgs / prep for rewrite

flake.lock

@@ -249,17 +249,14 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1759495926,
+        "lastModified": 1759658382,
-        "narHash": "sha256-FfM1dBK43RQ96J3ZZ7737VP0t0wmndvKE6N7MPf2tco=",
+        "narHash": "sha256-VfiWf2rFWZEULnNACqX8AZR5K3/2cnaHyGmswlC4RBE=",
-        "ref": "refs/heads/master",
+        "path": "/home/m3tam3re/p/nix/nixpkgs",
-        "rev": "e2ef49ef422ec7707b109c32349018ad4834233f",
+        "type": "path"
-        "revCount": 1,
-        "type": "git",
-        "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
       },
       "original": {
-        "type": "git",
+        "path": "/home/m3tam3re/p/nix/nixpkgs",
-        "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
+        "type": "path"
       }
     },
     "nix-ai-tools": {

flake.nix

@@ -22,8 +22,8 @@
     nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0";
     nixpkgs-master.url = "github:nixos/nixpkgs/master";
 
-    m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
+    # m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
-
+    m3ta-nixpkgs.url = "path:/home/m3tam3re/p/nix/nixpkgs";
     nur = {
       url = "github:nix-community/NUR";
       inputs.nixpkgs.follows = "nixpkgs";

home/common/default.nix

@@ -51,4 +51,5 @@
       warn-dirty = false;
     };
   };
+  colorScheme = inputs.nix-colors.colorSchemes.dracula;
 }

home/features/desktop/coding.nix

@@ -19,121 +19,5 @@ in {
       neovim.enable = true;
       zed.enable = true;
     };
-    # programs.zed-editor = {
-    #   enable = true;
-    #   userSettings = {
-    #     features = {
-    #       inline_prediction_provider = "zed";
-    #       edit_prediction_provider = "zed";
-    #       copilot = false;
-    #     };
-    #     telemetry = {
-    #       metrics = false;
-    #     };
-    #     lsp = {
-    #       rust_analyzer = {
-    #         binary = {path_lookup = true;};
-    #       };
-    #     };
-    #     languages = {
-    #       Nix = {
-    #         language_servers = ["nixd"];
-    #         formatter = {
-    #           external = {
-    #             command = "alejandra";
-    #             arguments = ["-q" "-"];
-    #           };
-    #         };
-    #       };
-    #       Python = {
-    #         language_servers = ["pyrefly"];
-    #         formatter = {
-    #           external = {
-    #             command = "black";
-    #             arguments = ["-"];
-    #           };
-    #         };
-    #       };
-    #     };
-    #     lsp = {
-    #       "pyrefly" = {
-    #         command = {
-    #           path = "pyrefly";
-    #           args = ["--lsp"];
-    #           env = {};
-    #         };
-    #         settings = {};
-    #       };
-    #     };
-    #     context_servers = {
-    #       "some-context-server" = {
-    #         command = {
-    #           path = "some-command";
-    #           args = ["arg-1" "arg-2"];
-    #           env = {};
-    #         };
-    #         settings = {};
-    #       };
-    #     };
-    #     assistant = {
-    #       version = "2";
-    #       default_model = {
-    #         provider = "anthropic";
-    #         model = "Claude 3.7 Sonnet";
-    #       };
-    #     };
-    #     language_models = {
-    #       anthropic = {
-    #         version = "1";
-    #         api_url = "https://api.anthropic.com";
-    #       };
-    #       openai = {
-    #         version = "1";
-    #         api_url = "https://api.openai.com/v1";
-    #       };
-    #       ollama = {
-    #         api_url = "http://localhost:11434";
-    #       };
-    #     };
-    #     ssh_connections = [
-    #       {
-    #         host = "152.53.85.162";
-    #         nickname = "m3-atlas";
-    #         args = ["-i" "~/.ssh/m3tam3re"];
-    #       }
-    #       {
-    #         host = "95.217.189.186";
-    #         port = 2222;
-    #         nickname = "self-host-playbook";
-    #         args = ["-i" "~/.ssh/self-host-playbook"];
-    #         "projects" = [
-    #           {
-    #             paths = ["/etc/nixos/current-systemconfig"];
-    #           }
-    #         ];
-    #       }
-    #       {
-    #         host = "192.168.1.152";
-    #         port = 22;
-    #         nickname = "m3-daedalus";
-    #         args = ["-i" "~/.ssh/m3tam3re"];
-    #         "projects" = [
-    #           {
-    #             paths = ["/home/m3tam3re/home-config"];
-    #           }
-    #         ];
-    #       }
-    #     ];
-    #     auto_update = false;
-    #     format_on_save = "on";
-    #     vim_mode = true;
-    #     load_direnv = "shell_hook";
-    #     theme = "Dracula";
-    #     buffer_font_family = "FiraCode Nerd Font";
-    #     ui_font_size = 16;
-    #     buffer_font_size = 16;
-    #     show_edit_predictions = true;
-    #   };
-    # };
   };
 }

home/features/desktop/theme.nix

@@ -1,9 +1,7 @@
 {
   pkgs,
-  inputs,
   ...
 }: {
-  colorScheme = inputs.nix-colors.colorSchemes.dracula;
   qt = {
     enable = true;
     platformTheme.name = "gtk";

home/m3tam3re/m3-ares.nix

@@ -10,7 +10,6 @@ with lib; {
     ../features/cli
     ../features/coding
     ../features/desktop
-    #./services/librechat.nix
   ];
 
   config = mkMerge [

home/m3tam3re/services/librechat.nix

@@ -1,18 +0,0 @@
-{
-  systemd.user.services.librechat = {
-    Unit = {
-      Description = "LibreChat Start";
-      After = ["network-online.target"];
-      Wants = ["network-online.target"];
-    };
-    Install = {WantedBy = ["default.target"];};
-    Service = {
-      Type = "oneshot";
-      RemainAfterExit = "yes";
-      WorkingDirectory = "/home/m3tam3re/p/r/ai/LibreChat";
-      ExecStart = "/run/current-system/sw/bin/podman-compose up -d";
-      ExecStop = "/run/current-system/sw/bin/podman-compose down";
-      Restart = "on-failure";
-    };
-  };
-}

hosts/common/default.nix

@@ -8,6 +8,7 @@
 }: {
   imports = [
     ./extraServices
+    ./ports.nix
     ./users
     inputs.home-manager.nixosModules.home-manager
   ];

hosts/common/ports.nix

@@ -0,0 +1,72 @@
+{config, ...}: {
+  m3ta.ports = {
+    enable = true;
+    definitions = {
+      # System services
+      ssh = 22;
+
+      # Web & proxy services
+      traefik = 80;
+      traefik-ssl = 443;
+
+      # Databases
+      postgres = 5432;
+      mysql = 3306;
+      redis = 6379;
+
+      # VPN & networking
+      wireguard = 51820;
+      tailscale = 41641;
+      headscale = 3009;
+
+      # Containers & web apps
+      gitea = 3030;
+      baserow = 3001;
+      ghost = 3002;
+      wastebin = 3003;
+      littlelink = 3004;
+      searx = 3005;
+      restreamer = 3006;
+      paperless = 3012;
+      vaultwarden = 3013;
+      slash = 3010;
+      slash-nemoti = 3016;
+      kestra = 3018;
+      outline = 3019;
+      pangolin = 3020;
+      pangolin-api = 3021;
+      pangolin-ws = 3022;
+
+      # Home automation
+      homarr = 7575;
+
+      # DNS
+      adguardhome = 53;
+    };
+
+    hostOverrides = {
+      # Host-specific overrides
+      m3-ares = {
+        # Any custom port overrides for m3-ares
+      };
+
+      m3-atlas = {
+        # Any custom port overrides for m3-atlas
+      };
+
+      m3-helios = {
+        # Any custom port overrides for m3-helios
+      };
+
+      m3-kratos = {
+        # Any custom port overrides for m3-kratos
+      };
+    };
+  };
+  environment.etc."info/all-ports.json" = {
+    text = builtins.toJSON {
+      hostname = config.networking.hostName;
+      ports = config.m3ta.ports.all; # TODO should only return actually used ports
+    };
+  };
+}

hosts/m3-ares/services/postgres.nix

@@ -1,4 +1,7 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  ...
+}: {
   services.postgresql = {
     enable = true;
     package = pkgs.postgresql_17;

hosts/m3-ares/services/sound.nix

@@ -1,6 +1,4 @@
-{pkgs, ...}: {
+{
-  environment.systemPackages = with pkgs; [
-  ];
   security.rtkit.enable = true;
   services.pipewire = {
     enable = true;

hosts/m3-atlas/services/containers/baserow.nix

@@ -2,7 +2,7 @@
   virtualisation.oci-containers.containers."baserow" = {
     image = "docker.io/baserow/baserow:1.34.2";
     environmentFiles = [config.age.secrets.baserow-env.path];
-    ports = ["127.0.0.1:3001:80"];
+    ports = ["127.0.0.1:${toString (config.m3ta.ports.get "baserow")}:80"];
     volumes = ["baserow_data:/baserow/data"];
     extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.10" "--network=web"];
   };
@@ -10,7 +10,7 @@
   services.traefik.dynamicConfigOptions.http = {
     services.baserow.loadBalancer.servers = [
       {
-        url = "http://localhost:3001/";
+        url = "http://localhost:${toString (config.m3ta.ports.get "baserow")}/";
       }
     ];
 

hosts/m3-atlas/services/containers/restreamer.nix

@@ -4,7 +4,7 @@
     environmentFiles = [config.age.secrets.restreamer-env.path];
     # Modified ports to include RTMPS
     ports = [
-      "127.0.0.1:3006:8080" # Web UI
+      "127.0.0.1:${toString (config.m3ta.ports.get "restreamer")}:8080" # Web UI
       "127.0.0.1:1936:1935" # RTMP
     ];
     volumes = [
@@ -20,7 +20,7 @@
       http = {
         services.restreamer.loadBalancer.servers = [
           {
-            url = "http://localhost:3006/";
+            url = "http://localhost:${toString (config.m3ta.ports.get "restreamer")}/";
           }
         ];
 

hosts/m3-atlas/services/gitea.nix

@@ -1,10 +1,10 @@
-{
+{config, ...}: {
   services.gitea = {
     enable = true;
     settings = {
       server = {
         ROOT_URL = "https://code.m3ta.dev";
-        HTTP_PORT = 3030;
+        HTTP_PORT = config.m3ta.ports.get "gitea";
       };
       mailer.SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
       service.DISABLE_REGISTRATION = true;
@@ -21,7 +21,7 @@
   services.traefik.dynamicConfigOptions.http = {
     services.gitea.loadBalancer.servers = [
       {
-        url = "http://localhost:3030/";
+        url = "http://localhost:${toString (config.m3ta.ports.get "gitea")}/";
       }
     ];
 

hosts/m3-atlas/services/paperless.nix

@@ -1,13 +1,13 @@
 {config, ...}: {
   services.paperless = {
     enable = true;
-    port = 3012;
+    port = config.m3ta.ports.get "paperless";
     database.createLocally = true;
     passwordFile = config.age.secrets.paperless-key.path;
     configureTika = true;
     settings = {
       PAPERLESS_URL = "https://pl.m3ta.dev";
-      DATABASE_URL = "postgresql://paperless:paperless@127.0.0.1:5432/paperless";
+      DATABASE_URL = "postgresql://paperless:paperless@127.0.0.1:${toString (config.m3ta.ports.get "postgres")}/paperless";
       PAPERLESS_CONSUMER_IGNORE_PATTERN = [
         ".DS_STORE/*"
         "desktop.ini"
@@ -25,7 +25,7 @@
   services.traefik.dynamicConfigOptions.http = {
     services.paperless.loadBalancer.servers = [
       {
-        url = "http://localhost:3012/";
+        url = "http://localhost:${toString (config.m3ta.ports.get "paperless")}/";
       }
     ];
     routers.paperless = {

hosts/m3-atlas/services/postgres.nix

@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
   services.postgresql = {
     enable = true;
     enableTCPIP = true;
@@ -36,8 +40,8 @@
   };
   networking.firewall = {
     extraCommands = ''
-      iptables -A INPUT -p tcp -s 127.0.0.1 --dport 5432 -j ACCEPT
+      iptables -A INPUT -p tcp -s 127.0.0.1 --dport ${toString (config.m3ta.ports.get "postgres")} -j ACCEPT
-      iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport 5432 -j ACCEPT
+      iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport ${toString (config.m3ta.ports.get "postgres")} -j ACCEPT
     '';
   };
 }

hosts/m3-helios/services/adguard.nix

@@ -1,10 +1,10 @@
-{
+{config, ...}: {
   services.adguardhome = {
     enable = true;
     openFirewall = true;
     settings = {
       dns = {
-        port = 53;
+        port = config.m3ta.ports.get "adguardhome";
         upstream_dns = [
           "1.1.1.1"
           "8.8.8.8"
@@ -20,6 +20,6 @@
       };
     };
   };
-  networking.firewall.allowedTCPPorts = [53];
+  networking.firewall.allowedTCPPorts = [(config.m3ta.ports.get "adguardhome")];
-  networking.firewall.allowedUDPPorts = [53];
+  networking.firewall.allowedUDPPorts = [(config.m3ta.ports.get "adguardhome")];
 }

modules/nixos/default.nix

@@ -0,0 +1,3 @@
+{
+  #module = import ./module.nix;
+}