From aa1e617e3a0f083d55ae454963c7e3ffca42f7ad Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Wed, 12 Mar 2025 15:21:38 +0100 Subject: [PATCH] add jsonConfig to services --- flake.nix | 8 ++++++-- modules/core.nix | 2 +- modules/services.nix | 14 +++++++++---- services/caddy/default.nix | 42 ++++++++++++++++++++++++++++++++++++-- services/core/default.nix | 6 ------ 5 files changed, 57 insertions(+), 15 deletions(-) diff --git a/flake.nix b/flake.nix index 7be3b00..953c867 100644 --- a/flake.nix +++ b/flake.nix @@ -1,4 +1,3 @@ -# self-host-playbook-base/flake.nix { description = "Base configuration for self-host-playbook"; @@ -13,7 +12,11 @@ nixpkgs-unstable, }: { nixosModules = { - default = {tier ? "starter"}: { + default = { + tier ? "starter", + jsonConfig ? {}, + }: { + # Add jsonConfig as an optional argument with a default empty attrset config, lib, pkgs, @@ -31,6 +34,7 @@ (import ./modules/services.nix { inherit lib config pkgs; tier = tier; + jsonConfig = jsonConfig; # Pass jsonConfig to services.nix }) ]; }; diff --git a/modules/core.nix b/modules/core.nix index c48925d..f0fed84 100644 --- a/modules/core.nix +++ b/modules/core.nix @@ -30,7 +30,7 @@ enable = true; allowReboot = true; dates = "04:00"; - flake = "path:/etc/nixos/current"; + flake = "path:/etc/nixos/current-systemconfig"; randomizedDelaySec = "45min"; flags = [ "--update-input nixpkgs" diff --git a/modules/services.nix b/modules/services.nix index e1667d9..7c716f6 100644 --- a/modules/services.nix +++ b/modules/services.nix @@ -3,6 +3,7 @@ config, lib, tier ? "starter", + jsonConfig ? {}, ... }: with lib; let @@ -16,11 +17,16 @@ with lib; let description = "Automation and database tools"; }; }; + + # Helper function to import modules, passing jsonConfig only if needed + importService = serviceName: let + mod = import ../services/${serviceName}; + in + if isFunction mod + then mod {inherit jsonConfig;} # Pass jsonConfig if it's a function + else mod; # Use as-is if it's a set in { - imports = - map - (serviceName: import ../services/${serviceName}) - tiers.${tier}.services; + imports = map importService tiers.${tier}.services; options.services.selfHostPlaybook = { enable = mkEnableOption "self host playbook"; diff --git a/services/caddy/default.nix b/services/caddy/default.nix index 84fb950..fca9df7 100644 --- a/services/caddy/default.nix +++ b/services/caddy/default.nix @@ -1,3 +1,41 @@ -{ - services.caddy.enable = true; +{jsonConfig, ...}: { + services.caddy = { + enable = true; + virtualHosts = { + ${jsonConfig.domains.portainer} = { + extraConfig = '' + reverse_proxy localhost:9000 + header { + # Security headers + Strict-Transport-Security "max-age=31536000; includeSubDomains" + X-Content-Type-Options "nosniff" + X-Frame-Options "DENY" + Referrer-Policy "strict-origin-when-cross-origin" + } + ''; + }; + ${jsonConfig.domains.n8n} = { + extraConfig = '' + reverse_proxy localhost:5678 + header { + Strict-Transport-Security "max-age=31536000; includeSubDomains" + X-Content-Type-Options "nosniff" + X-Frame-Options "DENY" + Referrer-Policy "strict-origin-when-cross-origin" + } + ''; + }; + ${jsonConfig.domains.baserow} = { + extraConfig = '' + reverse_proxy localhost:3000 + header { + Strict-Transport-Security "max-age=31536000; includeSubDomains" + X-Content-Type-Options "nosniff" + X-Frame-Options "DENY" + Referrer-Policy "strict-origin-when-cross-origin" + } + ''; + }; + }; + }; } diff --git a/services/core/default.nix b/services/core/default.nix index d8216db..cfac36c 100644 --- a/services/core/default.nix +++ b/services/core/default.nix @@ -1,10 +1,4 @@ { - imports = [ - ./baserow - ./n8n - ./portainer - ]; - virtualisation.oci-containers.backend = "docker"; systemd.services.docker-network-web = {