refactor(nix): extract common system configs into reusable modules
Create 6 new NixOS modules to reduce duplication across system configs: - hardware/wooting: Wooting keyboard udev rules and Bluetooth compat - services/nginx-base: Common nginx server settings - services/acme-base: ACME certificate defaults - services/xremap: Key remapping with sensible defaults - system/no-sleep: Disable sleep/suspend/hibernate targets - system/kernel-tweaks: PM freeze timeout and zram configuration Update system configuration files to use these new modules. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
ea849f2488
commit
4622c52d5b
21 changed files with 310 additions and 218 deletions
|
|
@ -7,14 +7,9 @@
|
|||
sopsFile = ../../../.secrets/sgx/internetbs.yaml; # bring your own password file
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
email = "harald@hoyer.xyz";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.sops.secrets.internetbs.path;
|
||||
};
|
||||
certs = {
|
||||
metacfg.services.acmeBase.credentialsFile = config.sops.secrets.internetbs.path;
|
||||
|
||||
security.acme.certs = {
|
||||
"internal.hoyer.world" = {
|
||||
extraDomainNames = [
|
||||
"openwebui.hoyer.world"
|
||||
|
|
@ -23,5 +18,4 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,8 +12,6 @@
|
|||
./wyoming.nix
|
||||
];
|
||||
|
||||
services.tailscale.enable = true;
|
||||
|
||||
boot.tmp.useTmpfs = false;
|
||||
|
||||
sops.secrets.pccs.sopsFile = ../../../.secrets/sgx/pccs.yaml;
|
||||
|
|
@ -23,7 +21,16 @@
|
|||
claude-code
|
||||
];
|
||||
|
||||
services.tailscale.enable = true;
|
||||
|
||||
metacfg = {
|
||||
services.nginxBase.enable = true;
|
||||
services.acmeBase.enable = true;
|
||||
system.noSleep = {
|
||||
enable = true;
|
||||
disableGdmAutoSuspend = true;
|
||||
ignoreLidSwitch = true;
|
||||
};
|
||||
emailOnFailure.enable = true;
|
||||
base.enable = true;
|
||||
gui.enable = true;
|
||||
|
|
@ -58,13 +65,5 @@
|
|||
allowReboot = true;
|
||||
};
|
||||
|
||||
systemd.targets.sleep.enable = false;
|
||||
systemd.targets.suspend.enable = false;
|
||||
systemd.targets.hibernate.enable = false;
|
||||
systemd.targets.hybrid-sleep.enable = false;
|
||||
services.displayManager.gdm.autoSuspend = false;
|
||||
|
||||
services.logind.settings.Login.HandleLidSwitch = "ignore";
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,22 +3,7 @@
|
|||
...
|
||||
}:
|
||||
{
|
||||
users.users.nginx.extraGroups = [ "acme" ];
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
clientMaxBodySize = "1000M";
|
||||
appendHttpConfig = ''
|
||||
log_format vcombined '$host:$server_port '
|
||||
'$remote_addr - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
access_log /var/log/nginx/access.log vcombined;
|
||||
'';
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
virtualHosts = {
|
||||
services.nginx.virtualHosts = {
|
||||
"openwebui.hoyer.world" = {
|
||||
enableACME = false;
|
||||
useACMEHost = "internal.hoyer.world";
|
||||
|
|
@ -48,5 +33,4 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue