progress

2026-03-24 00:29:43 -04:00 · 2024-03-01 15:49:38 -05:00 · 2024-03-01 15:49:38 -05:00 · 974f185b00
commit 974f185b00
parent 1d52958cde
12 changed files with 168 additions and 7 deletions
--- a/src/system/modules/bitcoin/default.nix
+++ b/src/system/modules/bitcoin/default.nix
@ -7,10 +7,7 @@ let
 in
 { options.modules.system.bitcoin = { enable = mkEnableOption "system.bitcoin"; };

-  imports = [
-    ./core-lightning
-    ./sparrow-cli
-  ];
+  imports = [ ./modules ];

  config = mkIf cfg.enable {
    programs.bash.shellAliases = {
--- a/src/system/modules/bitcoin/modules/default.nix
+++ b/src/system/modules/bitcoin/modules/default.nix
@ -2,6 +2,6 @@
  imports = [
    ./core-lightning
    ./electrs
-    ./sparrow-cli
+    ./sparrow-server
  ];
 }
--- a/src/system/modules/default.nix
+++ b/src/system/modules/default.nix
@ -1,5 +1,7 @@
 {
  imports = [
    ./bitcoin
+    ./nginx
+    ./tor
  ];
 }
--- a/src/system/modules/nginx/default.nix
+++ b/src/system/modules/nginx/default.nix
@ -0,0 +1,21 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.modules.system.nginx;
+
+in
+{ options.modules.system.nginx = { enable = mkEnableOption "system.nginx"; };
+  config = mkIf cfg.enable {
+    imports = [ ./sites ];
+    security.acme = {
+      defaults = {
+        email = config.user.email;
+      };
+    };
+    services.nginx = {
+      enable = true;
+      package = pkgs.nginxMainLine;
+    };
+  };
+}
--- a/src/system/modules/nginx/sites/default.nix
+++ b/src/system/modules/nginx/sites/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./mySite
+  ];
+}
--- a/src/system/modules/nginx/sites/mySite/default.nix
+++ b/src/system/modules/nginx/sites/mySite/default.nix
@ -0,0 +1,30 @@
+{ lib, config, ... }:
+
+with lib;
+let
+  cfg = config.modules.system.nginx.mySite;
+  nginxCfg = config.modules.system.nginx;
+
+in
+{ options.modules.system.nginx.mySite = { enable = mkEnableOption "system.nginx.mySite"; };
+  config = mkIf (cfg.enable && nginxCfg) {
+    security.acme = {
+      certs = {
+        "*.ramos.codes" = {
+          #TODO: configure ACME certs
+        };
+      };
+    };
+    services.nginx = {
+      #TODO: check if configure as vhost or stream
+      virtualHosts = {
+        "*.ramos.codes" = {
+          addSSL = true;
+          onlySSL = true;
+          forceSSL = true;
+          acmeRoot = null;
+        };
+      };
+    };
+  };
+}
--- a/src/system/modules/nginx/sites/mySite/modules/btc/default.nix
+++ b/src/system/modules/nginx/sites/mySite/modules/btc/default.nix
@ -0,0 +1,31 @@
+{ lib, config, ... }:
+
+with lib;
+let
+  cfg = config.modules.system.nginx.mySite.btc;
+  mySiteCfg = config.modules.system.nginx.mySite;
+  btcCfg = config.modules.system.bitcoin;
+
+in
+{ options.modules.system.nginx.mySite.btc = { enable = mkEnableOption "system.nginx.mySite.btc"; };
+  config = mkIf (cfg.enable && mySiteCfg && btcCfg) {
+    #security.acme = {
+    #  certs = {
+    #    "btc.ramos.codes" = {
+    #      #TODO: configure ACME certs
+    #    };
+    #  };
+    #};
+    #services.nginx = {
+    #  #TODO: check if configure as vhost or stream
+    #  virtualHosts = {
+    #    "btc.ramos.codes" = {
+    #      addSSL = true;
+    #      onlySSL = true;
+    #      forceSSL = true;
+    #      acmeRoot = null;
+    #    };
+    #  };
+    #};
+  };
+}
--- a/src/system/modules/nginx/sites/mySite/modules/git/default.nix
+++ b/src/system/modules/nginx/sites/mySite/modules/git/default.nix
@ -0,0 +1,30 @@
+{ lib, config, ... }:
+
+with lib;
+let
+  cfg = config.modules.system.nginx.mySite.git;
+  mySiteCfg = config.modules.system.nginx.mySite;
+
+in
+{ options.modules.system.nginx.mySite.git = { enable = mkEnableOption "system.nginx.mySite.git"; };
+  config = mkIf (cfg.enable && mySiteCfg) {
+    #security.acme = {
+    #  certs = {
+    #    "ramos.codes" = {
+    #      #TODO: configure ACME certs
+    #    };
+    #  };
+    #};
+    #services.nginx = {
+    #  #TODO: check if configure as vhost or stream
+    #  streamConfig = services.nginx.streamConfig ++ {
+    #    "*.ramos.codes" = {
+    #      addSSL = true;
+    #      onlySSL = true;
+    #      forceSSL = true;
+    #      acmeRoot = null;
+    #    };
+    #  };
+    #};
+  };
+}
--- a/src/system/modules/tor/default.nix
+++ b/src/system/modules/tor/default.nix
@ -0,0 +1,23 @@
+{ lib, config, ... }:
+
+with lib;
+let
+  cfg = config.modules.system.tor;
+
+in
+{ options.modules.system.tor = { enable = mkEnableOption "system.tor"; };
+  config = mkIf cfg.enable {
+    imports = [ ./modules ];
+    services.tor = {
+      enable = true;
+      client = {
+        enable = lib.mkDefault true;
+        dns.enable = mkIf services.tor.client.enable true;
+      };
+      relay.enable = lib.mkDefault false;
+      enableGeoIP = false;
+      DoSConnectionEnabled = true;
+      DoSCircuitCreationEnabled = true;
+    };
+  };
+}
--- a/src/system/modules/tor/modules/default.nix
+++ b/src/system/modules/tor/modules/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./relay
+  ];
+}
--- a/src/system/modules/tor/modules/relay.nix
+++ b/src/system/modules/tor/modules/relay.nix
@ -0,0 +1,16 @@
+{ lib, config, ... }:
+
+with lib;
+let
+  cfg = config.modules.system.tor.relay;
+  torCfg = config.modules.system.tor;
+
+in
+{ options.modules.system.tor.relay = { enable = mkEnableOption "system.tor.relay"; };
+  config = mkIf (cfg.enable && torCfg.enable) {
+    services.tor = {
+      client.enable = false;
+      relay.enable = true;
+    };
+  };
+}
--- a/src/user/configs/default.nix
+++ b/src/user/configs/default.nix
@ -3,10 +3,11 @@
 # Replace symlink at root of repo with user configs
 {
  options = {
-    user = lib.mkOption {
+    user = lib.mkOption rec {
      type = lib.types.attrs;
      default = {
        name = "bryan";
+        email = "bryan@ramos.codes";
        shell = pkgs.bash;

        groups = [
@ -20,7 +21,7 @@

        gitConfig = {
          userName = "Bryan Ramos";
-          userEmail = "bryan@ramos.codes";
+          userEmail = "${default.user.email}";
          signing = {
            key = "F1F3466458452B2DF351F1E864D12BA95ACE1F2D";
            signByDefault = true;