working

hosts/vps/configuration.nix

@@ -1,4 +1,5 @@
 {
+  config,
   lib,
   inputs,
   pkgs,
@@ -9,7 +10,7 @@
     ./hardware-configuration.nix
     ../../config/base.nix
   ];
-  my = import ./toggles.nix // {
+  my = import ./toggles.nix { inherit config inputs; } // {
     secureHost = true;
     users.nixremote = {
       enable = true;
@@ -19,15 +20,6 @@
         "nixminiserver"
       ];
     };
-    interfaces = lib.mkMerge [
-      {
-        vps = "eth0";
-      }
-    ];
-    services = {
-      network.enable = true;
-      wireguard.enable = true;
-    };
   };
   environment.etc."iptables.rules".source = ../../iptables;
   networking.firewall.enable = lib.mkForce false;

hosts/vps/toggles.nix

@@ -1,12 +1,22 @@
 { config, inputs }:
 let
-  inherit (inputs.self.lib) mkEnabledWithUsers enableList;
+  inherit (inputs.self.lib)
+    enableList
+    mkEnabled
+    mkEnabledProxy
+    mkEnabledWithUsers
+    ;
+  mkEnabledProxyIp = inputs.self.lib.mkEnabledProxyIp config.my.ips.wg-server;
 in
 {
   enableProxy = true;
   enableContainers = true;
   apps.dictionaries.enable = true;
   apps.dictionaries.users = "jawz";
+  services = enableList mkEnabled [
+    "network"
+    "wireguard"
+  ];
   shell = enableList mkEnabledWithUsers [
     "multimedia"
     "tools"
@@ -24,41 +34,32 @@ in
     nextcloud = {
       enableProxy = true;
     };
-  };
-  # // enableList mkEnabledProxy [
-  #   "atticd"
-  #   "bazarr"
-  #   "collabora"
-  #   "gitea"
+  }
+  // enableList mkEnabledProxy [
+    "bazarr"
+    "collabora"
+    "gitea"
     # "homepage"
-  #   "jellyfin"
-  #   "kavita"
-  #   "lidarr"
-  #   "maloja"
-  #   "mealie"
-  #   "metube"
-  #   "microbin"
-  #   "multi-scrobbler"
-  #   "paperless"
-  #   "plex"
-  #   "postgres"
+    "jellyfin"
+    "kavita"
+    "lidarr"
+    "maloja"
+    "mealie"
+    "metube"
+    "microbin"
+    "multi-scrobbler"
+    "plex"
     # "prowlarr"
-  #   "qbittorrent"
-  #   "radarr"
-  #   "sabnzbd"
-  #   "sonarr"
-  #   "yamtrack"
-  #   "stash"
-  #   "synapse"
-  #   "syncplay"
-  #   "unpackerr"
-  # ]
-  # // enableList mkEnabledProxyIp [
-  #   "audiobookshelf"
-  #   "isso"
-  #   "keycloak"
-  #   "linkwarden"
-  #   "oauth2-proxy"
-  #   "vaultwarden"
-  # ];
+    "radarr"
+    "sonarr"
+    "yamtrack"
+  ]
+  // enableList mkEnabledProxyIp [
+    "audiobookshelf"
+    "isso"
+    "keycloak"
+    "linkwarden"
+    "oauth2-proxy"
+    "vaultwarden"
+  ];
 }

modules/modules.nix

@@ -68,6 +68,7 @@ in
         server = "enp0s31f6";
         miniserver = "enp2s0";
         workstation = "enp5s0";
+        vps = "eth0";
       };
       description = "Set of network interface names for all my computers.";
     };

modules/servers/homepage.nix

@@ -9,8 +9,8 @@ let
 in
 {
   options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082;
-  config = lib.mkIf config.my.secureHost {
-    sops.secrets = lib.mkIf cfg.enable {
+  config = lib.mkIf (cfg.enable && config.my.secureHost) {
+    sops.secrets = {
       homepage.sopsFile = ../../secrets/homepage.yaml;
       "private-ca/pem" = {
         sopsFile = ../../secrets/certs.yaml;
@@ -19,7 +19,7 @@ in
       };
     };
     my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path;
-    services.homepage-dashboard = lib.mkIf cfg.enable {
+    services.homepage-dashboard = {
       inherit (cfg) enable;
       listenPort = cfg.port;
       environmentFile = config.sops.secrets.homepage.path;