m3tam3re/self-host-playbook-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add jsonConfig to services

Browse Source
This commit is contained in:
m3tam3re 2025-03-12 15:21:38 +01:00
parent b97263495b
commit aa1e617e3a
5 changed files with 57 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
flake.nix
View File

@ -1,4 +1,3 @@
# self-host-playbook-base/flake.nix
{ {
description = "Base configuration for self-host-playbook"; description = "Base configuration for self-host-playbook";
@ -13,7 +12,11 @@
nixpkgs-unstable, nixpkgs-unstable,
}: { }: {
nixosModules = { nixosModules = {
default = {tier ? "starter"}: { default = {
tier ? "starter",
jsonConfig ? {},
}: {
# Add jsonConfig as an optional argument with a default empty attrset
config, config,
lib, lib,
pkgs, pkgs,
@ -31,6 +34,7 @@
(import ./modules/services.nix { (import ./modules/services.nix {
inherit lib config pkgs; inherit lib config pkgs;
tier = tier; tier = tier;
jsonConfig = jsonConfig; # Pass jsonConfig to services.nix
}) })
]; ];
}; };

2
modules/core.nix
View File

@ -30,7 +30,7 @@
enable = true; enable = true;
allowReboot = true; allowReboot = true;
dates = "04:00"; dates = "04:00";
flake = "path:/etc/nixos/current"; flake = "path:/etc/nixos/current-systemconfig";
randomizedDelaySec = "45min"; randomizedDelaySec = "45min";
flags = [ flags = [
"--update-input nixpkgs" "--update-input nixpkgs"

14
modules/services.nix
View File

@ -3,6 +3,7 @@
config, config,
lib, lib,
tier ? "starter", tier ? "starter",
jsonConfig ? {},
... ...
}: }:
with lib; let with lib; let
@ -16,11 +17,16 @@ with lib; let
description = "Automation and database tools"; description = "Automation and database tools";
}; };
}; };
# Helper function to import modules, passing jsonConfig only if needed
importService = serviceName: let
mod = import ../services/${serviceName};
in
if isFunction mod
then mod {inherit jsonConfig;} # Pass jsonConfig if it's a function
else mod; # Use as-is if it's a set
in { in {
imports = imports = map importService tiers.${tier}.services;
map
(serviceName: import ../services/${serviceName})
tiers.${tier}.services;
options.services.selfHostPlaybook = { options.services.selfHostPlaybook = {
enable = mkEnableOption "self host playbook"; enable = mkEnableOption "self host playbook";

42
services/caddy/default.nix
View File

@ -1,3 +1,41 @@
{ {jsonConfig, ...}: {
services.caddy.enable = true; services.caddy = {
enable = true;
virtualHosts = {
${jsonConfig.domains.portainer} = {
extraConfig = ''
reverse_proxy localhost:9000
header {
# Security headers
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
}
'';
};
${jsonConfig.domains.n8n} = {
extraConfig = ''
reverse_proxy localhost:5678
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
}
'';
};
${jsonConfig.domains.baserow} = {
extraConfig = ''
reverse_proxy localhost:3000
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
}
'';
};
};
};
} }

6
services/core/default.nix
View File

@ -1,10 +1,4 @@
{ {
imports = [
./baserow
./n8n
./portainer
];
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
systemd.services.docker-network-web = { systemd.services.docker-network-web = {