feat: big refactor

hosts/APPA/services/adguard-home.nix

@@ -0,0 +1,73 @@
+{ config, ... }:
+{
+  services.adguardhome = {
+    enable = true;
+    mutableSettings = true;
+    allowDHCP = true;
+    host = "127.0.0.1";
+    port = 8001;
+    settings = {
+      users = [
+        {
+          name = "admin";
+          password = "$2a$10$7FLDb/cr3SCtKiojXbFGnOjk6rWC0z9GMafV.YWMvewUcgua1eF/m";
+        }
+      ];
+      dns = {
+        ratelimit = 0;
+      };
+      filtering = {
+        rewrites = [
+          {
+            domain = "dryb.org";
+            answer = "192.168.2.40";
+          }
+          {
+            domain = "speedport.dryb.org";
+            answer = "192.168.2.1";
+          }
+          {
+            domain = "tplink.dryb.org";
+            answer = "192.168.2.30";
+          }
+          {
+            domain = "adguard.dryb.org";
+            answer = "192.168.2.40";
+          }
+          {
+            domain = config.services.gitea.domain;
+            answer = "192.168.2.40";
+          }
+        ];
+      };
+      dhcp = {
+        enabled = true;
+        interface_name = "enp0s25";
+        local_domain_name = "dryb.org";
+        dhcpv4 = {
+          gateway_ip = "192.168.2.1";
+          subnet_mask = "255.255.255.0";
+          range_start = "192.168.2.100";
+          range_end = "192.168.2.255";
+          lease_duration = 86400;
+          icmp_timeout_msec = 1000;
+        };
+        dhcpv6 = {
+          range_start = "fdd2::1";
+          lease_duration = 86400;
+          ra_slaac_only = true;
+          ra_allow_slaac = true;
+        };
+      };
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 53 ];
+    allowedUDPPorts = [
+      53
+      67
+      547
+    ];
+  };
+}

hosts/APPA/services/default.nix

@@ -0,0 +1,9 @@
+{
+  imports = [
+    ./adguard-home.nix
+    ./gitea.nix
+    ./homepage-dashboard.nix
+    ./nginx.nix
+    ./postgresql.nix
+  ];
+}

hosts/APPA/services/gitea.nix

@@ -0,0 +1,26 @@
+{ config, ... }:
+{
+  age.secrets.passwords-gitea-db = {
+    file = ../../../secrets/passwords/gitea/db.age;
+    mode = "640";
+    owner = config.services.gitea.user;
+    group = config.services.gitea.group;
+  };
+
+  services.gitea = rec {
+    enable = true;
+    appName = "dryb.org: Gitea Service";
+    database = {
+      type = "postgres";
+      passwordFile = config.age.secrets.passwords-gitea-db.path;
+    };
+    domain = "git.dryb.org";
+    rootUrl = "http://${domain}/";
+    httpPort = 8003;
+    settings = {
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+    };
+  };
+}

hosts/APPA/services/homepage-dashboard.nix

@@ -0,0 +1,74 @@
+{
+  services.homepage-dashboard = {
+    enable = true;
+    listenPort = 8002;
+    settings = {
+      title = "dryb.org";
+      layout = {
+        "Network" = {
+          style = "row";
+          columns = 3;
+        };
+        "IOT" = {
+          style = "row";
+          columns = 3;
+        };
+      };
+    };
+    services = [
+      {
+        "Network" = [
+          {
+            "Adguard Home" = {
+              description = "http://adguard.dryb.org";
+              href = "http://adguard.dryb.org";
+              icon = "adguard-home";
+            };
+          }
+          {
+            "Speedport Smart 4" = {
+              description = "https://speedport.dryb.org (192.168.2.1)";
+              href = "https://speedport.dryb.org";
+              icon = "mdi-router-network-wireless";
+            };
+          }
+          {
+            "TP-Link TL-SG1016DE" = {
+              description = "http://tplink.dryb.org (192.168.2.30)";
+              href = "http://tplink.dryb.org";
+              icon = "mdi-switch";
+            };
+          }
+        ];
+      }
+      {
+        "IOT" = [
+          {
+            "Shelly Infra" = {
+              description = "http://shelly-infra.dryb.org (192.168.2.50)";
+              href = "http://shelly-infra.dryb.org";
+              icon = "shelly";
+              ping = "shelly-infra.dryb.org";
+            };
+          }
+          {
+            "Shelly Workstation" = {
+              description = "http://shelly-workstation.dryb.org (192.168.2.51)";
+              href = "http://shelly-workstation.dryb.org";
+              icon = "shelly";
+              ping = "shelly-workstation.dryb.org";
+            };
+          }
+          {
+            "Shelly Test" = {
+              description = "http://shelly-test.dryb.org (192.168.2.52)";
+              href = "http://shelly-test.dryb.org";
+              icon = "shelly";
+              ping = "shelly-test.dryb.org";
+            };
+          }
+        ];
+      }
+    ];
+  };
+}

hosts/APPA/services/nginx.nix

@@ -0,0 +1,25 @@
+{ config, ... }:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."dryb.org" = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8002";
+      };
+    };
+    virtualHosts."adguard.dryb.org" = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8001";
+      };
+    };
+    virtualHosts."${config.services.gitea.domain}" = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8003";
+      };
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 80 ];
+  };
+}

hosts/APPA/services/postgresql.nix

@@ -0,0 +1,19 @@
+{ config, ... }:
+{
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ config.services.gitea.user ];
+
+    # type   database  DBuser  auth-method  mapping
+    authentication = ''
+      local  gitea     all     ident        map=gitea-users
+    '';
+
+    # name         sysuser  dbuser
+    identMap = ''
+      gitea-users  gitea    gitea
+    '';
+  };
+
+}