refactor(nix): extract common system configs into reusable modules
Create 6 new NixOS modules to reduce duplication across system configs: - hardware/wooting: Wooting keyboard udev rules and Bluetooth compat - services/nginx-base: Common nginx server settings - services/acme-base: ACME certificate defaults - services/xremap: Key remapping with sensible defaults - system/no-sleep: Disable sleep/suspend/hibernate targets - system/kernel-tweaks: PM freeze timeout and zram configuration Update system configuration files to use these new modules. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
ea849f2488
commit
4622c52d5b
21 changed files with 310 additions and 218 deletions
|
|
@ -1,6 +1,4 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
|
|
@ -9,14 +7,9 @@
|
|||
sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
email = "harald@hoyer.xyz";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.sops.secrets.internetbs.path;
|
||||
};
|
||||
certs = {
|
||||
metacfg.services.acmeBase.credentialsFile = config.sops.secrets.internetbs.path;
|
||||
|
||||
security.acme.certs = {
|
||||
"surfsite.org" = {
|
||||
extraDomainNames = [ "*.surfsite.org" ];
|
||||
};
|
||||
|
|
@ -71,5 +64,4 @@
|
|||
extraDomainNames = [ "*.harald-hoyer.de" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@
|
|||
services.tailscale.enable = true;
|
||||
|
||||
metacfg = {
|
||||
services.nginxBase.enable = true;
|
||||
services.acmeBase.enable = true;
|
||||
emailOnFailure.enable = true;
|
||||
base.enable = true;
|
||||
nix.enable = true;
|
||||
|
|
@ -42,7 +44,6 @@
|
|||
dates = "04:00";
|
||||
operation = "switch";
|
||||
allowReboot = true;
|
||||
# flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
|
||||
flake = lib.mkForce "/root/nixcfg/.#mx";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,21 +1,6 @@
|
|||
{ ... }:
|
||||
{
|
||||
users.users.nginx.extraGroups = [ "acme" ];
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
clientMaxBodySize = "1000M";
|
||||
appendHttpConfig = ''
|
||||
log_format vcombined '$host:$server_port '
|
||||
'$remote_addr - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
access_log /var/log/nginx/access.log vcombined;
|
||||
'';
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
virtualHosts = {
|
||||
services.nginx.virtualHosts = {
|
||||
"00000" = {
|
||||
useACMEHost = "hoyer.xyz";
|
||||
serverName = "_";
|
||||
|
|
@ -157,5 +142,4 @@
|
|||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue