tofu workflow

machines/_default/configuration.nix

@@ -1,10 +1,15 @@
 {
-  lib,
   name,
+  config,
+  lib,
+  inputs,
   ...
 }: {
   imports = [
     ./common_config.nix
+    ../modules
+    inputs.sops-nix.nixosModules.sops
+    # inputs.home-manager.nixosModules.home-manager
   ];
 
   networking.hostName = name;
@@ -13,7 +18,7 @@
     replaceUnknownProfiles = lib.mkDefault true;
     buildOnTarget = lib.mkDefault false;
     targetHost = lib.mkDefault "${name}.lab";
-    tags = lib.mkDefault ["homelab"];
+    tags = lib.mkDefault [config.nixpkgs.system name "homelab"];
   };
 
   sops = {
@@ -21,20 +26,6 @@
     defaultSopsFile = ../../secrets/secrets.yaml;
   };
 
-  # home-manager = {
-  #   useGlobalPkgs = true;
-  #   useUserPackages = true;
-  #   users.cottand = {
-  #     imports = with flakeInputs.cottand.homeManagerModules; [cli];
-  #     home.stateVersion = "22.11";
-  #   };
-  #   users.root = {
-  #     imports = with flakeInputs.cottand.homeManagerModules; [cli];
-  #     home.stateVersion = "22.11";
-  #   };
-  # };
-
-  # consulNode.enable = lib.mkDefault true;
   nodeExporter.enable = lib.mkDefault true;
   journalLog.enable = lib.mkDefault true;
 }

machines/auth/bootstrap/service-accounts.nix

@@ -17,7 +17,7 @@
       }
       {
         "id": "forgejo",
-        "email": "forgejo@procopius.dk",
+        "email": "git@procopius.dk",
         "password": "${config.sops.placeholder."service_accounts/forgejo/password"}",
         "displayName": "Forgejo",
         "groups": [

machines/auth/configuration.nix

@@ -6,5 +6,6 @@
     ./redis.nix
   ];
 
+  deployment.tags = ["authelia" "sso" "ldap" "lldap"];
   system.stateVersion = "25.05";
 }

machines/mail/configuration.nix

@@ -0,0 +1,11 @@
+{inputs, ...}: {
+  imports = [
+    ./mailserver.nix
+    ./networking.nix
+    inputs.simple-nixos-mailserver.nixosModule
+  ];
+
+  deployment.tags = ["mail"];
+
+  system.stateVersion = "25.05";
+}

machines/mail/networking.nix

@@ -1,8 +1,4 @@
 {
-  imports = [
-    ./mailserver.nix
-  ];
-
   networking = {
     interfaces.eth0.ipv4.addresses = [
       {
@@ -13,7 +9,4 @@
     nameservers = ["192.168.1.53"];
     defaultGateway = "192.168.1.1";
   };
-  deployment.targetHost = "192.168.1.25";
-
-  system.stateVersion = "25.05";
 }

machines/monitor/configuration.nix

@@ -10,5 +10,7 @@
     ./jellyfin-exporter.nix
   ];
 
+  deployment.tags = ["grafana" "prometheus"];
+
   system.stateVersion = "25.05";
 }

machines/photos/configuration.nix

@@ -0,0 +1,10 @@
+{outputs, ...}: {
+  imports = [
+    outputs.nixosModules.ente
+    ./ente.nix
+  ];
+
+  deployment.tags = ["ente"];
+
+  system.stateVersion = "25.05";
+}

machines/photos/ente.nix

@@ -0,0 +1,25 @@
+{
+  services.ente.api = {
+    enable = true;
+    enableLocalDB = true;
+
+    domain = "ente-v2.procopius.dk";
+    settings = {
+      # apps = {
+      #   accounts = "https://accounts.procopius.dk";
+      #   cast = "https://cast.procopius.dk";
+      #   public-albums = "https://albums.procopius.dk";
+      # };
+    };
+  };
+  services.ente.web = {
+    enable = true;
+    domains = {
+      api = "ente-v2.procopius.dk";
+      accounts = "accounts.procopius.dk";
+      albums = "albums.procopius.dk";
+      cast = "cast.procopius.dk";
+      photos = "photos.procopius.dk";
+    };
+  };
+}

machines/photos/minio.nix

@@ -0,0 +1,6 @@
+{
+  services.minio = {
+    enable = true;
+    rootCredentialsFile = "/etc/nixos/minio-root-credentials";
+  };
+}

machines/sandbox/configuration.nix

@@ -1,3 +1,5 @@
 {
+  deployment.tags = ["sandbox"];
+
   system.stateVersion = "25.05";
 }