From c475c0077764acea6f12b88b24d20b7b2720cd5c Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Tue, 3 Oct 2023 19:24:59 +0200
Subject: Move personal modules hosts/ahmed -> modules/nixos/

---
 hosts/ahmed/cloudflare-ddns.nix                   |  14 ---
 hosts/ahmed/configuration.nix                     |   3 -
 hosts/ahmed/graphics.nix                          |  37 --------
 hosts/ahmed/linus.onl.nix                         | 100 ----------------------
 hosts/ahmed/notifications.linus.onl.nix           |  44 ----------
 modules/nixos/default.nix                         |   3 +
 modules/nixos/graphics/default.nix                |  37 ++++++++
 modules/nixos/linus.onl/default.nix               | 100 ++++++++++++++++++++++
 modules/nixos/nofitications.linus.onl/default.nix |  44 ++++++++++
 9 files changed, 184 insertions(+), 198 deletions(-)
 delete mode 100644 hosts/ahmed/cloudflare-ddns.nix
 delete mode 100644 hosts/ahmed/graphics.nix
 delete mode 100644 hosts/ahmed/linus.onl.nix
 delete mode 100644 hosts/ahmed/notifications.linus.onl.nix
 create mode 100644 modules/nixos/graphics/default.nix
 create mode 100644 modules/nixos/linus.onl/default.nix
 create mode 100644 modules/nixos/nofitications.linus.onl/default.nix

diff --git a/hosts/ahmed/cloudflare-ddns.nix b/hosts/ahmed/cloudflare-ddns.nix
deleted file mode 100644
index a03a8a3..0000000
--- a/hosts/ahmed/cloudflare-ddns.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-# This module sets up cloudflare-dyndns for <linus.onl>.
-{
-  lib,
-  config,
-  ...
-}: let
-in {
-  age.secrets.cloudflare-dyndns-api-token.file = ../../secrets/cloudflare-ddns-token.env.age;
-  services.cloudflare-dyndns = {
-    enable = true;
-    apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path;
-    proxied = true;
-  };
-}
diff --git a/hosts/ahmed/configuration.nix b/hosts/ahmed/configuration.nix
index 6c3a2d3..1d0f176 100644
--- a/hosts/ahmed/configuration.nix
+++ b/hosts/ahmed/configuration.nix
@@ -8,9 +8,6 @@
   imports = [
     ./hardware-configuration.nix
     ./ssh.nix
-    ./linus.onl.nix
-    ./notifications.linus.onl.nix
-    ./graphics.nix
   ];
 
   # Create the main user.
diff --git a/hosts/ahmed/graphics.nix b/hosts/ahmed/graphics.nix
deleted file mode 100644
index f54d043..0000000
--- a/hosts/ahmed/graphics.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-# This module configures a basic graphical environment. I use this sometimes for
-# ahmed when muhammed is being repaired.
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  inherit (lib) mkEnableOption mkIf;
-
-  cfg = config.modules.graphics;
-in {
-  options.modules.graphics.enable = mkEnableOption "basic graphical environment";
-
-  config = mkIf cfg.enable {
-    services.xserver.enable = true;
-
-    # Match console keyboard layout but swap capslock and escape.
-    # TODO: Create a custom keymap with esc/capslock swap so console can use it.
-    services.xserver.layout = config.console.keyMap;
-    services.xserver.xkbOptions = "caps:swapescape";
-
-    # Enable touchpad support.
-    services.xserver.libinput.enable = true;
-
-    services.xserver.windowManager.dwm.enable = true;
-
-    # Enable sound.
-    sound.enable = true;
-    hardware.pulseaudio.enable = true;
-
-    environment.systemPackages = with pkgs; [
-      st # suckless terminal - dwm is pretty sucky without this
-      dmenu # application launcher
-    ];
-  };
-}
diff --git a/hosts/ahmed/linus.onl.nix b/hosts/ahmed/linus.onl.nix
deleted file mode 100644
index 52703fe..0000000
--- a/hosts/ahmed/linus.onl.nix
+++ /dev/null
@@ -1,100 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
-  inherit (lib) mkEnableOption mkOption types mkIf optional;
-
-  domain = "linus.onl";
-
-  cfg = config.modules."${domain}";
-in {
-  options.modules."${domain}" = {
-    enable = mkEnableOption "${domain} static site";
-
-    useACME = mkEnableOption "built-in HTTPS stuff";
-  };
-
-  config = mkIf cfg.enable {
-    # Create a user to run the build script under.
-    users.users."${domain}-builder" = {
-      description = "builds ${domain}";
-      group = "${domain}-builder";
-      isSystemUser = true;
-    };
-    users.groups."${domain}-builder" = {};
-
-    # Create the output directory.
-    system.activationScripts."${domain}-create-www" = lib.stringAfter ["var"] ''
-      mkdir -p /var/www/${domain}
-      chown ${domain}-builder /var/www/${domain}
-      chgrp ${domain}-builder /var/www/${domain}
-      chmod 0755 /var/www/${domain}
-    '';
-
-    # Create a systemd service which rebuild the site regularly.
-    #
-    # This can't be done using Nix because the site relies on the git build and
-    # there are some inherent difficulties with including .git/ in the
-    # inputSource for derivations.
-    #
-    # See: https://github.com/NixOS/nix/issues/6900
-    # See: https://github.com/NixOS/nixpkgs/issues/8567
-    #
-    # TODO: Integrate rebuilding with GitHub webhooks to rebuild on push.
-    systemd.services."${domain}-source" = {
-      description = "generate https://${domain} source";
-
-      serviceConfig = {
-        Type = "oneshot";
-        User = "${domain}-builder";
-        Group = "${domain}-builder";
-      };
-      startAt = "*-*-* *:00/5:00";
-
-      path = with pkgs; [
-        git
-        rsync
-        coreutils-full
-        tcl-8_5
-        gnumake
-      ];
-      environment.TCLLIBPATH = "$TCLLIBPATH ${pkgs.tcl-cmark}/lib/tclcmark1.0";
-      script = ''
-        set -ex
-        tmpdir="$(mktemp -d -t linus.onl-source.XXXXXXXXXXXX)"
-        cd "$tmpdir"
-        trap 'rm -rf $tmpdir' EXIT
-        # TODO: Only do minimal possible cloning
-        git clone https://github.com/linnnus/${domain} .
-        make _build
-        rsync --archive --delete _build/ /var/www/${domain}
-      '';
-
-      # TODO: Harden service
-
-      # Network must be online for us to check.
-      after = ["network-online.target"];
-      requires = ["network-online.target"];
-
-      # We must generate some files for NGINX to serve, so this should be run
-      # before NGINX.
-      before = ["nginx.service"];
-      wantedBy = ["nginx.service"];
-    };
-
-    # Register domain name with ddns.
-    services.cloudflare-dyndns.domains = [domain];
-
-    # Register virtual host.
-    services.nginx = {
-      virtualHosts."${domain}" = {
-        # NOTE: 'forceSSL' will cause an infite loop, if the cloudflare proxy does NOT connect over HTTPS.
-        enableACME = cfg.useACME;
-        forceSSL = cfg.useACME;
-        root = "/var/www/${domain}";
-      };
-    };
-  };
-}
diff --git a/hosts/ahmed/notifications.linus.onl.nix b/hosts/ahmed/notifications.linus.onl.nix
deleted file mode 100644
index d77a0e7..0000000
--- a/hosts/ahmed/notifications.linus.onl.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
-  inherit (lib) mkEnableOption mkOption types mkIf optional;
-
-  domain = "notifications.linus.onl";
-
-  # TODO: Make option internal-port.
-  internal-port = 13082;
-
-  cfg = config.modules."notifications.linus.onl";
-in {
-  options.modules."notifications.linus.onl" = {
-    enable = mkEnableOption "notifications.linus.onl static site";
-
-    useACME = mkEnableOption "built-in HTTPS stuff";
-  };
-
-  config = mkIf cfg.enable {
-    services.push-notification-api = {
-      enable = true;
-      # host = "notifications.linus.onl";
-      host = "0.0.0.0";
-      port = internal-port;
-      openFirewall = false; # We're using NGINX reverse proxy.
-    };
-
-    # Register domain name.
-    services.cloudflare-dyndns.domains = ["notifications.linus.onl"];
-
-    # Serve the generated page using NGINX.
-    services.nginx.virtualHosts."notifications.linus.onl" = {
-      enableACME = cfg.useACME;
-      forceSSL = cfg.useACME;
-      locations."/" = {
-        recommendedProxySettings = true;
-        proxyPass = "http://127.0.0.1:${toString internal-port}";
-      };
-    };
-  };
-}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 3fcc34c..c1ab502 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -8,5 +8,8 @@
 
   personal = {
     duksebot = import ./duksebot;
+    graphics = import ./graphics;
+    "linus.onl" = import ./linus.onl;
+    "notifications.linus.onl" = import ./nofitications.linus.onl;
   };
 }
diff --git a/modules/nixos/graphics/default.nix b/modules/nixos/graphics/default.nix
new file mode 100644
index 0000000..f54d043
--- /dev/null
+++ b/modules/nixos/graphics/default.nix
@@ -0,0 +1,37 @@
+# This module configures a basic graphical environment. I use this sometimes for
+# ahmed when muhammed is being repaired.
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkEnableOption mkIf;
+
+  cfg = config.modules.graphics;
+in {
+  options.modules.graphics.enable = mkEnableOption "basic graphical environment";
+
+  config = mkIf cfg.enable {
+    services.xserver.enable = true;
+
+    # Match console keyboard layout but swap capslock and escape.
+    # TODO: Create a custom keymap with esc/capslock swap so console can use it.
+    services.xserver.layout = config.console.keyMap;
+    services.xserver.xkbOptions = "caps:swapescape";
+
+    # Enable touchpad support.
+    services.xserver.libinput.enable = true;
+
+    services.xserver.windowManager.dwm.enable = true;
+
+    # Enable sound.
+    sound.enable = true;
+    hardware.pulseaudio.enable = true;
+
+    environment.systemPackages = with pkgs; [
+      st # suckless terminal - dwm is pretty sucky without this
+      dmenu # application launcher
+    ];
+  };
+}
diff --git a/modules/nixos/linus.onl/default.nix b/modules/nixos/linus.onl/default.nix
new file mode 100644
index 0000000..52703fe
--- /dev/null
+++ b/modules/nixos/linus.onl/default.nix
@@ -0,0 +1,100 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkEnableOption mkOption types mkIf optional;
+
+  domain = "linus.onl";
+
+  cfg = config.modules."${domain}";
+in {
+  options.modules."${domain}" = {
+    enable = mkEnableOption "${domain} static site";
+
+    useACME = mkEnableOption "built-in HTTPS stuff";
+  };
+
+  config = mkIf cfg.enable {
+    # Create a user to run the build script under.
+    users.users."${domain}-builder" = {
+      description = "builds ${domain}";
+      group = "${domain}-builder";
+      isSystemUser = true;
+    };
+    users.groups."${domain}-builder" = {};
+
+    # Create the output directory.
+    system.activationScripts."${domain}-create-www" = lib.stringAfter ["var"] ''
+      mkdir -p /var/www/${domain}
+      chown ${domain}-builder /var/www/${domain}
+      chgrp ${domain}-builder /var/www/${domain}
+      chmod 0755 /var/www/${domain}
+    '';
+
+    # Create a systemd service which rebuild the site regularly.
+    #
+    # This can't be done using Nix because the site relies on the git build and
+    # there are some inherent difficulties with including .git/ in the
+    # inputSource for derivations.
+    #
+    # See: https://github.com/NixOS/nix/issues/6900
+    # See: https://github.com/NixOS/nixpkgs/issues/8567
+    #
+    # TODO: Integrate rebuilding with GitHub webhooks to rebuild on push.
+    systemd.services."${domain}-source" = {
+      description = "generate https://${domain} source";
+
+      serviceConfig = {
+        Type = "oneshot";
+        User = "${domain}-builder";
+        Group = "${domain}-builder";
+      };
+      startAt = "*-*-* *:00/5:00";
+
+      path = with pkgs; [
+        git
+        rsync
+        coreutils-full
+        tcl-8_5
+        gnumake
+      ];
+      environment.TCLLIBPATH = "$TCLLIBPATH ${pkgs.tcl-cmark}/lib/tclcmark1.0";
+      script = ''
+        set -ex
+        tmpdir="$(mktemp -d -t linus.onl-source.XXXXXXXXXXXX)"
+        cd "$tmpdir"
+        trap 'rm -rf $tmpdir' EXIT
+        # TODO: Only do minimal possible cloning
+        git clone https://github.com/linnnus/${domain} .
+        make _build
+        rsync --archive --delete _build/ /var/www/${domain}
+      '';
+
+      # TODO: Harden service
+
+      # Network must be online for us to check.
+      after = ["network-online.target"];
+      requires = ["network-online.target"];
+
+      # We must generate some files for NGINX to serve, so this should be run
+      # before NGINX.
+      before = ["nginx.service"];
+      wantedBy = ["nginx.service"];
+    };
+
+    # Register domain name with ddns.
+    services.cloudflare-dyndns.domains = [domain];
+
+    # Register virtual host.
+    services.nginx = {
+      virtualHosts."${domain}" = {
+        # NOTE: 'forceSSL' will cause an infite loop, if the cloudflare proxy does NOT connect over HTTPS.
+        enableACME = cfg.useACME;
+        forceSSL = cfg.useACME;
+        root = "/var/www/${domain}";
+      };
+    };
+  };
+}
diff --git a/modules/nixos/nofitications.linus.onl/default.nix b/modules/nixos/nofitications.linus.onl/default.nix
new file mode 100644
index 0000000..d77a0e7
--- /dev/null
+++ b/modules/nixos/nofitications.linus.onl/default.nix
@@ -0,0 +1,44 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkEnableOption mkOption types mkIf optional;
+
+  domain = "notifications.linus.onl";
+
+  # TODO: Make option internal-port.
+  internal-port = 13082;
+
+  cfg = config.modules."notifications.linus.onl";
+in {
+  options.modules."notifications.linus.onl" = {
+    enable = mkEnableOption "notifications.linus.onl static site";
+
+    useACME = mkEnableOption "built-in HTTPS stuff";
+  };
+
+  config = mkIf cfg.enable {
+    services.push-notification-api = {
+      enable = true;
+      # host = "notifications.linus.onl";
+      host = "0.0.0.0";
+      port = internal-port;
+      openFirewall = false; # We're using NGINX reverse proxy.
+    };
+
+    # Register domain name.
+    services.cloudflare-dyndns.domains = ["notifications.linus.onl"];
+
+    # Serve the generated page using NGINX.
+    services.nginx.virtualHosts."notifications.linus.onl" = {
+      enableACME = cfg.useACME;
+      forceSSL = cfg.useACME;
+      locations."/" = {
+        recommendedProxySettings = true;
+        proxyPass = "http://127.0.0.1:${toString internal-port}";
+      };
+    };
+  };
+}
-- 
cgit v1.2.3