refactor: reorganize flake structure and consolidate user config

Directory structure: - Move from src/ to root level (system/, user/) - Remove unused machines (workstation, vm, laptop) User configuration: - Add user/home.nix for shared defaults (pass, essentials, default modules) - Centralize user options in user/default.nix - Move submodules to consistent paths (bash/bash, git/git, neovim/nvim, vim/vim) Module reorganization: - Flatten nested module structures (remove /modules/ subdirs) - Split CLI vs GUI tools (dev/ for CLI, gui/dev/ for GUI) - Move neovim/vim to top-level modules (not under utils/) - Remove security.enable - pass now in user/home.nix - Remove utils.enable - essentials now in user/home.nix - Add security/yubikey module with yubikey-manager, age-plugin-yubikey - Move pcb, design to gui/dev/ - Replace penpot docker wrapper with nixpkgs penpot-desktop - Remove i3 config - Remove deprecated wsl.nativeSystemd option GUI improvements: - Browser-focused mimeApps in gui/default.nix - Each WM handles its own auto-start via profileExtra Cleanup: - Update README with new structure - Update justfile paths and valid systems - Fix submodule paths in .gitmodules
2026-03-23 16:29:42 -04:00 · 2026-03-14 15:26:18 -04:00 · 2026-03-14 15:26:18 -04:00 · 14efa80cab
commit 14efa80cab
parent ac95d1c23d
141 changed files with 505 additions and 1561 deletions
--- a/system/machines/server/modules/webdav/default.nix
+++ b/system/machines/server/modules/webdav/default.nix
@ -0,0 +1,69 @@
+{ pkgs, lib, config, ... }:
+
+with lib;
+let
+  cfg = config.modules.system.webdav;
+  domain = "ramos.codes";
+
+in
+{
+  options.modules.system.webdav = {
+    enable = mkEnableOption "WebDAV server for phone backups";
+
+    directory = mkOption {
+      type = types.path;
+      default = "/var/lib/seedvault";
+      description = "Directory to store backups";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Create backup directory
+    systemd.tmpfiles.rules = [
+      "d ${cfg.directory} 0750 webdav webdav -"
+    ];
+
+    services.webdav = {
+      enable = true;
+      # Credentials in /var/lib/webdav/env:
+      # WEBDAV_USERNAME=seedvault
+      # WEBDAV_PASSWORD=your-secure-password
+      environmentFile = "/var/lib/webdav/env";
+      settings = {
+        address = "127.0.0.1";
+        port = 8090;
+        directory = cfg.directory;
+        behindProxy = true;
+        permissions = "CRUD";  # Create, Read, Update, Delete
+        users = [
+          {
+            username = "{env}WEBDAV_USERNAME";
+            password = "{env}WEBDAV_PASSWORD";
+          }
+        ];
+      };
+    };
+
+    services.nginx.virtualHosts."backup.${domain}" = {
+      useACMEHost = domain;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8090";
+        extraConfig = ''
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+
+          # WebDAV needs these
+          proxy_pass_request_headers on;
+          proxy_set_header Destination $http_destination;
+
+          # Large file uploads for backups
+          client_max_body_size 0;
+          proxy_request_buffering off;
+        '';
+      };
+    };
+  };
+}