add jsonConfig to services

2025-03-12 15:21:38 +01:00 · 2025-03-12 15:21:38 +01:00 · aa1e617e3a
commit aa1e617e3a
parent b97263495b
5 changed files with 57 additions and 15 deletions
--- a/flake.nix
+++ b/flake.nix
@ -1,4 +1,3 @@
-# self-host-playbook-base/flake.nix
 {
  description = "Base configuration for self-host-playbook";

@ -13,7 +12,11 @@
    nixpkgs-unstable,
  }: {
    nixosModules = {
-      default = {tier ? "starter"}: {
+      default = {
+        tier ? "starter",
+        jsonConfig ? {},
+      }: {
+        # Add jsonConfig as an optional argument with a default empty attrset
        config,
        lib,
        pkgs,
@ -31,6 +34,7 @@
          (import ./modules/services.nix {
            inherit lib config pkgs;
            tier = tier;
+            jsonConfig = jsonConfig; # Pass jsonConfig to services.nix
          })
        ];
      };
--- a/modules/core.nix
+++ b/modules/core.nix
@ -30,7 +30,7 @@
    enable = true;
    allowReboot = true;
    dates = "04:00";
-    flake = "path:/etc/nixos/current";
+    flake = "path:/etc/nixos/current-systemconfig";
    randomizedDelaySec = "45min";
    flags = [
      "--update-input nixpkgs"
--- a/modules/services.nix
+++ b/modules/services.nix
@ -3,6 +3,7 @@
  config,
  lib,
  tier ? "starter",
+  jsonConfig ? {},
  ...
 }:
 with lib; let
@ -16,11 +17,16 @@ with lib; let
      description = "Automation and database tools";
    };
  };
+
+  # Helper function to import modules, passing jsonConfig only if needed
+  importService = serviceName: let
+    mod = import ../services/${serviceName};
+  in
+    if isFunction mod
+    then mod {inherit jsonConfig;} # Pass jsonConfig if it's a function
+    else mod; # Use as-is if it's a set
 in {
-  imports =
-    map
-    (serviceName: import ../services/${serviceName})
-    tiers.${tier}.services;
+  imports = map importService tiers.${tier}.services;

  options.services.selfHostPlaybook = {
    enable = mkEnableOption "self host playbook";
--- a/services/caddy/default.nix
+++ b/services/caddy/default.nix
@ -1,3 +1,41 @@
-{
-  services.caddy.enable = true;
+{jsonConfig, ...}: {
+  services.caddy = {
+    enable = true;
+    virtualHosts = {
+      ${jsonConfig.domains.portainer} = {
+        extraConfig = ''
+          reverse_proxy localhost:9000
+          header {
+            # Security headers
+            Strict-Transport-Security "max-age=31536000; includeSubDomains"
+            X-Content-Type-Options "nosniff"
+            X-Frame-Options "DENY"
+            Referrer-Policy "strict-origin-when-cross-origin"
+          }
+        '';
+      };
+      ${jsonConfig.domains.n8n} = {
+        extraConfig = ''
+          reverse_proxy localhost:5678
+          header {
+            Strict-Transport-Security "max-age=31536000; includeSubDomains"
+            X-Content-Type-Options "nosniff"
+            X-Frame-Options "DENY"
+            Referrer-Policy "strict-origin-when-cross-origin"
+          }
+        '';
+      };
+      ${jsonConfig.domains.baserow} = {
+        extraConfig = ''
+          reverse_proxy localhost:3000
+          header {
+            Strict-Transport-Security "max-age=31536000; includeSubDomains"
+            X-Content-Type-Options "nosniff"
+            X-Frame-Options "DENY"
+            Referrer-Policy "strict-origin-when-cross-origin"
+          }
+        '';
+      };
+    };
+  };
 }
--- a/services/core/default.nix
+++ b/services/core/default.nix
@ -1,10 +1,4 @@
 {
-  imports = [
-    ./baserow
-    ./n8n
-    ./portainer
-  ];
-
  virtualisation.oci-containers.backend = "docker";

  systemd.services.docker-network-web = {