From da8919b999024424f68becfbdecca47c1e6bbae7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 16:34:15 -0600 Subject: [PATCH] removed headscale --- .../nixos/defiant/configuration.nix | 40 +++--------- modules/nixos-modules/server/default.nix | 1 - modules/nixos-modules/server/headscale.nix | 61 ------------------- modules/nixos-modules/server/postgres.nix | 39 +++++++++--- 4 files changed, 39 insertions(+), 102 deletions(-) delete mode 100644 modules/nixos-modules/server/headscale.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c6a9e01..c32b6b3 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,9 +1,5 @@ # server nas {pkgs, ...}: { - imports = [ - # ./services.nix - ]; - nixpkgs.config.allowUnfree = true; host = { @@ -65,6 +61,13 @@ enable = false; hostname = "volpe.social"; }; + postgres = { + extraUsers = { + leyla = { + isAdmin = true; + }; + }; + }; jellyfin = { enable = true; subdomain = "media"; @@ -96,40 +99,11 @@ enable = true; subdomain = "drive"; }; - headscale = { - enable = true; - subdomain = "vpn"; - }; }; networking = { hostId = "c51763d6"; }; - # apps = { - # base_domain = "jan-leila.com"; - # macvlan = { - # subnet = "192.168.1.0/24"; - # gateway = "192.168.1.1"; - # networkInterface = "bond0"; - # }; - # pihole = { - # image = "pihole/pihole:2024.07.0"; - # ip = "192.168.1.201"; - # }; - # headscale = { - # subdomain = "vpn"; - # }; - # jellyfin = { - # subdomain = "media"; - # }; - # forgejo = { - # subdomain = "git"; - # }; - # nextcloud = { - # subdomain = "drive"; - # }; - # }; - services = { # TODO: move zfs scrubbing into module zfs = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 9696617..b44eec7 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,6 +10,5 @@ ./home-assistant.nix ./pihole.nix ./nextcloud.nix - ./headscale.nix ]; } diff --git a/modules/nixos-modules/server/headscale.nix b/modules/nixos-modules/server/headscale.nix deleted file mode 100644 index 4495a4a..0000000 --- a/modules/nixos-modules/server/headscale.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - lib, - config, - ... -}: let - hostname = "${config.host.headscale.subdomain}.${config.host.reverse_proxy.hostname}"; -in { - options.host.headscale = { - enable = lib.mkEnableOption "should headscale be enabled on this computer"; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that headscale will be hosted at"; - default = "headscale"; - }; - }; - - config = lib.mkIf config.host.headscale.enable { - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString config.services.headscale.port}"; - }; - - systemd = { - services = { - headscale = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - }; - }; - - services = { - # DNS stub needs to be disabled so pi hole can bind - # resolved.extraConfig = "DNSStubListener=no"; - headscale = { - enable = true; - user = "headscale"; - group = "headscale"; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${hostname}"; - dns.base_domain = "clients.${hostname}"; - logtail.enabled = true; - database = { - type = "postgres"; - postgres = { - host = "/run/postgresql"; - port = config.services.postgresql.settings.port; - user = "headscale"; - name = "headscale"; - }; - }; - }; - }; - }; - - environment.systemPackages = [ - config.services.headscale.package - ]; - }; -} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 252e488..450fafa 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -7,6 +7,8 @@ dataDir = "/var/lib/postgresql/15"; adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; in { options = { host.postgres = { @@ -26,6 +28,21 @@ in { type = lib.types.bool; default = false; }; + createUser = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + })); + default = {}; + }; + extraDatabases = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; }; })); default = {}; @@ -39,11 +56,19 @@ in { postgresql = { enable = true; package = pkgs.postgresql_15; - ensureUsers = [ - { - name = "postgres"; - } - ]; + ensureUsers = + [ + { + name = "postgres"; + } + ] + ++ ( + builtins.map (user: { + name = user.name; + }) + createUsers + ); + ensureDatabases = builtins.map (database: database.name) createDatabases; identMap = '' # ArbitraryMapName systemUser DBUser @@ -60,13 +85,13 @@ in { # Client Users '' + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} ${user.name}") clientUsers) + lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) ); # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' # type database DBuser origin-address auth-method optional_ident_map local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map + local sameuser all peer map=user_map ''; }; };