2026-02-06 09:20:18 -06:00
4 changed files with 96 additions and 88 deletions
--- a/hosts/vps/toggles.nix
+++ b/hosts/vps/toggles.nix
@@ -38,7 +38,7 @@ in
    "bazarr"
    "collabora"
    "gitea"
-    # "homepage"
+    "homepage"
    "isso"
    "jellyfin"
    "kavita"
@@ -53,7 +53,7 @@ in
    "oauth2-proxy"
    "plausible"
    "plex"
-    # "prowlarr"
+    "prowlarr"
    "radarr"
    "sonarr"
    "vaultwarden"
--- a/modules/servers/homepage.nix
+++ b/modules/servers/homepage.nix
@@ -9,31 +9,33 @@ let
 in
 {
  options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082;
-  config = lib.mkIf (cfg.enable && config.my.secureHost) {
-    sops.secrets = {
-      homepage.sopsFile = ../../secrets/homepage.yaml;
-      "private-ca/pem" = {
+  config = lib.mkMerge [
+    (lib.mkIf (cfg.enable && config.my.secureHost) {
+      sops.secrets.homepage.sopsFile = ../../secrets/homepage.yaml;
+      services.homepage-dashboard = {
+        inherit (cfg) enable;
+        listenPort = cfg.port;
+        environmentFile = config.sops.secrets.homepage.path;
+        settings = {
+          providers.openweathermap = "{{HOMEPAGE_VAR_OPENWEATHERMAP_API_KEY}}";
+          layout = import ./homepage/layout.nix;
+        };
+        widgets = import ./homepage/widgets.nix;
+        services = import ./homepage/services.nix { inherit lib config; };
+        bookmarks =
+          builtins.readDir ./homepage/bookmarks
+          |> builtins.attrNames
+          |> builtins.filter (file: builtins.match ".*\\.nix" file != null)
+          |> map (file: import ./homepage/bookmarks/${file});
+      };
+    })
+    (lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.my.secureHost) {
+      sops.secrets."private-ca/pem" = {
        sopsFile = ../../secrets/certs.yaml;
        owner = "nginx";
        group = "nginx";
      };
-    };
-    my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path;
-    services.homepage-dashboard = {
-      inherit (cfg) enable;
-      listenPort = cfg.port;
-      environmentFile = config.sops.secrets.homepage.path;
-      settings = {
-        providers.openweathermap = "{{HOMEPAGE_VAR_OPENWEATHERMAP_API_KEY}}";
-        layout = import ./homepage/layout.nix;
-      };
-      widgets = import ./homepage/widgets.nix;
-      services = import ./homepage/services.nix { inherit lib config; };
-      bookmarks =
-        builtins.readDir ./homepage/bookmarks
-        |> builtins.attrNames
-        |> builtins.filter (file: builtins.match ".*\\.nix" file != null)
-        |> map (file: import ./homepage/bookmarks/${file});
-    };
-  };
+      my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path;
+    })
+  ];
 }
--- a/modules/servers/prowlarr.nix
+++ b/modules/servers/prowlarr.nix
@@ -9,27 +9,29 @@ let
 in
 {
  options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696;
-  config = lib.mkIf cfg.enable {
-    sops.secrets = lib.mkIf cfg.enable {
-      "private-ca/pem" = {
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      users.users.prowlarr = {
+        uid = 987;
+        group = "piracy";
+        isSystemUser = true;
+      };
+      services = {
+        prowlarr = {
+          inherit (cfg) enable;
+        };
+        flaresolverr = {
+          inherit (cfg) enable;
+        };
+      };
+    })
+    (lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.my.secureHost) {
+      sops.secrets."private-ca/pem" = {
        sopsFile = ../../secrets/certs.yaml;
        owner = "nginx";
        group = "nginx";
      };
-    };
-    my.servers.prowlarr.certPath = config.sops.secrets."private-ca/pem".path;
-    users.users.prowlarr = {
-      uid = 987;
-      group = "piracy";
-      isSystemUser = true;
-    };
-    services = {
-      prowlarr = {
-        inherit (cfg) enable;
-      };
-      flaresolverr = {
-        inherit (cfg) enable;
-      };
-    };
-  };
+      my.servers.prowlarr.certPath = config.sops.secrets."private-ca/pem".path;
+    })
+  ];
 }
--- a/modules/servers/stash.nix
+++ b/modules/servers/stash.nix
@@ -29,52 +29,56 @@ let
 in
 {
  options.my.servers.stash = setup.mkOptions "stash" "xxx" 9999;
-  config = lib.mkIf (cfg.enable && config.my.secureHost) {
-    sops.secrets = {
-      "stash/password".sopsFile = ../../secrets/secrets.yaml;
-      "stash/jwt".sopsFile = ../../secrets/secrets.yaml;
-      "stash/session".sopsFile = ../../secrets/secrets.yaml;
-      "private-ca/pem" = {
+  config = lib.mkMerge [
+    (lib.mkIf (cfg.enable && config.my.secureHost) {
+      sops.secrets = {
+        "stash/password".sopsFile = ../../secrets/secrets.yaml;
+        "stash/jwt".sopsFile = ../../secrets/secrets.yaml;
+        "stash/session".sopsFile = ../../secrets/secrets.yaml;
+      };
+      services.stash = {
+        inherit (cfg) enable;
+        group = "glue";
+        mutableSettings = true;
+        username = "Suing8150";
+        passwordFile = config.sops.secrets."stash/password".path;
+        jwtSecretKeyFile = config.sops.secrets."stash/jwt".path;
+        sessionStoreKeyFile = config.sops.secrets."stash/session".path;
+        settings = {
+          inherit (cfg) port;
+          host = "0.0.0.0";
+          stash = [
+            {
+              path = "/srv/pool/glue/";
+            }
+          ];
+        };
+      };
+      systemd.services.stash = {
+        environment = {
+          PYTHONPATH = "/var/lib/stash/venv/lib/python3.12/site-packages";
+          LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib:${pkgs.glibc}/lib:${pkgs.zlib}/lib:${pkgs.libffi}/lib:${pkgs.openssl}/lib";
+        };
+        serviceConfig = {
+          PrivateUsers = lib.mkForce false;
+          BindReadOnlyPaths = lib.mkForce [ ];
+          BindPaths = lib.mkIf (cfgS.settings != { }) (map (stash: "${stash.path}") cfgS.settings.stash);
+        };
+      };
+      users.users.stash = {
+        uid = 974;
+        isSystemUser = true;
+        group = "glue";
+        packages = [ stashPythonFHS ];
+      };
+    })
+    (lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.my.secureHost) {
+      sops.secrets."private-ca/pem" = {
        sopsFile = ../../secrets/certs.yaml;
        owner = "nginx";
        group = "nginx";
      };
-    };
-    my.servers.stash.certPath = config.sops.secrets."private-ca/pem".path;
-    services.stash = {
-      inherit (cfg) enable;
-      group = "glue";
-      mutableSettings = true;
-      username = "Suing8150";
-      passwordFile = config.sops.secrets."stash/password".path;
-      jwtSecretKeyFile = config.sops.secrets."stash/jwt".path;
-      sessionStoreKeyFile = config.sops.secrets."stash/session".path;
-      settings = {
-        inherit (cfg) port;
-        host = "0.0.0.0";
-        stash = [
-          {
-            path = "/srv/pool/glue/";
-          }
-        ];
-      };
-    };
-    systemd.services.stash = {
-      environment = {
-        PYTHONPATH = "/var/lib/stash/venv/lib/python3.12/site-packages";
-        LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib:${pkgs.glibc}/lib:${pkgs.zlib}/lib:${pkgs.libffi}/lib:${pkgs.openssl}/lib";
-      };
-      serviceConfig = {
-        PrivateUsers = lib.mkForce false;
-        BindReadOnlyPaths = lib.mkForce [ ];
-        BindPaths = lib.mkIf (cfgS.settings != { }) (map (stash: "${stash.path}") cfgS.settings.stash);
-      };
-    };
-    users.users.stash = {
-      uid = 974;
-      isSystemUser = true;
-      group = "glue";
-      packages = [ stashPythonFHS ];
-    };
-  };
+      my.servers.stash.certPath = config.sops.secrets."private-ca/pem".path;
+    })
+  ];
 }