ports test

modules/core/desktop/dms.nix

@@ -0,0 +1,3 @@
+{
+
+}

modules/core/desktop/noctalia.nix

@@ -0,0 +1,3 @@
+{
+
+}

modules/hosts/box/box.nix

@@ -1,4 +1,3 @@
-
 { den, ... }: {
   den.aspects.box = {
     includes = with den.aspects; [
@@ -8,13 +7,14 @@
       dns
       openssh
 
-      # cloudflared
+      cloudflared
       syncthing
 
       catppuccin
 
       fish
 
+      portmap
       searxng
       copyparty
       glances
@@ -25,19 +25,13 @@
       # sish
       vscode-server
       gitea
-
-      (tunnel 3001 "tvtun")
-      (tunnel 8888 "search")
-      (tunnel 3210 "files")
-      (tunnel 3030 "tube")
-      (tunnel 8975 "reddit")
-      (tunnel 3002 "git")
-      (tunnel 61208 "monitor")
     ];
 
     nixos = {
       networking.hostName = "box";
 
+      # den.tunnels = [ "tvtun" ];
+
       users.users.levi = {
         isNormalUser = true;
         description = "levi";

modules/infra/cloudflared.nix

@@ -1,32 +1,34 @@
-{ den, ... }: let
-  tunnel_uuid = "4118935e-359b-4dd2-95bd-eb27f7b0c5bb";
+let
+  uuid   = "4118935e-359b-4dd2-95bd-eb27f7b0c5bb";
   domain = "bug.tools";
-  creds  = "/home/bug/.cloudflared/${tunnel_uuid}.json";
+  creds  = "/home/bug/.cloudflared/${uuid}.json";
+in {
+  den.aspects.cloudflared = {
+    nixos = { config, pkgs, lib, ... }: {
+      options.den.tunnels = lib.mkOption {
+        default     = [];
+        description = "Cloudflared tunnel subdomains, matched directly against portmap keys.";
+        type = lib.types.listOf lib.types.str;
+      };
 
-  tunnel = port: subdomain: { pkgs, ... }: {
-    environment = {
-      systemPackages = [ pkgs.cloudflared ];
+      config = {
+        environment.systemPackages = [ pkgs.cloudflared ];
+        environment.etc."cloudflared/${uuid}.json".source = creds;
 
-      etc."cloudflared/${tunnel_uuid}.json".source = creds;
-    };
+        services.cloudflared = {
+          enable = true;
 
-    services.cloudflared = {
-      enable = true;
+          tunnels.${uuid} = {
+            credentialsFile = "/etc/cloudflared/${uuid}.json";
+            default         = "http_status:404";
 
-      tunnels.${tunnel_uuid} = {
-        credentialsFile = "/etc/cloudflared/${tunnel_uuid}.json";
-        default = "http_status:404";
-
-        ingress = {
-          "${subdomain}.${domain}" = "http://127.0.0.1:${toString port}";
+            ingress = lib.listToAttrs (map (subdomain: {
+              name  = "${subdomain}.${domain}";
+              value = "http://127.0.0.1:${toString config.den.portmap.${subdomain}}";
+            }) config.den.tunnels);
+          };
         };
       };
     };
   };
-in {
-  den.aspects.tunnel = port: subdomain: den.lib.parametric {
-    includes = [
-      (_: { nixos = tunnel port subdomain; })
-    ];
-  };
-}
+}

modules/services/copyparty.nix

@@ -1,10 +1,12 @@
 { inputs, ... }: {
   den.aspects.copyparty = {
-    nixos = {
+    nixos = { config, ... }: {
       imports = [ inputs.copyparty.nixosModules.default ];
 
       nixpkgs.overlays = [ inputs.copyparty.overlays.default ];
 
+      den.tunnels = [ "files" ];
+
       services.copyparty = {
         enable = true;
 
@@ -13,7 +15,7 @@
 
         settings = {
           i = "0.0.0.0";
-          p = [ 3210 3211 ];
+          p = [ config.den.portmap.files (config.den.portmap.files + 1) ];
           no-reload = true;
           ignored-flag = false;
         };
@@ -22,10 +24,6 @@
           bug = {
             passwordFile = "/home/bug/mailserver/bug.passwd";
           };
-
-          #sang = {
-            #passwordFile = "/home/bug/nix/sang.passwd";
-            #};
         };
 
         groups = {

modules/services/gitea/gitea.nix

@@ -2,7 +2,9 @@
   den.aspects.gitea = {
     includes = [ den.aspects.gitea-mirrors ];
 
-    nixos = {
+    nixos = { config, ... }: {
+      den.tunnels = [ "git" ];
+
       services.gitea = {
         enable = true;
 
@@ -12,7 +14,7 @@
           DISABLE_REGISTRATION = true;
         };
 
-        settings.server.HTTP_PORT = 3002;
+        settings.server.HTTP_PORT = config.den.portmap.git;
 
         mirrors = {
           admin = {

modules/services/glances.nix

@@ -1,6 +1,8 @@
 {
   den.aspects.glances = {
-    nixos = { pkgs, ... }: {
+    nixos = { pkgs, config, ... }: {
+      den.tunnels = [ "monitor" ];
+
       environment.systemPackages = [ pkgs.glances ];
 
       users.users.glances = {
@@ -24,7 +26,7 @@
           ExecStart = ''
           ${pkgs.glances}/bin/glances \
             -w \
-            -p 61208 \
+            -p ${toString config.den.portmap.monitor} \
             -B 0.0.0.0
           '';
 

modules/services/invidious.nix

@@ -1,10 +1,13 @@
 { den, lib, ... }: {
   den.aspects.invidious = {
-    nixos = { pkgs, ... }: let
+    nixos = { pkgs, config, ... }: let
       companionPort = 8282;
       companionPath = "/companion";
       companionKey  = "kKg3RKeZjE7frmvw";
+      port          = config.den.portmap.tube;
     in {
+      den.tunnels = [ "tube" ];
+
       virtualisation.podman.enable = true;
       virtualisation.oci-containers.backend = lib.mkDefault "podman";
 
@@ -29,7 +32,7 @@
           package = pkgs.invidious;
 
           address = "127.0.0.1";
-          port = 3030;
+          port = port;
 
           nginx.enable = false;
           sig-helper.enable = false;
@@ -37,7 +40,7 @@
           settings = {
               domain = "tube.bug.tools";
               https_only = false;
-              external_port = 3030;
+              external_port = port;
 
               invidious_companion = [
                   { private_url = "http://127.0.0.1:${toString companionPort}${companionPath}"; }

modules/services/matrix.nix

@@ -6,6 +6,7 @@
       lib,
       ...
     }: let
+      port   = config.den.portmap.matrix;
       domain = "bug.tools";
       matrixDomain = "matrix.${domain}";
       clientConfig = {
@@ -29,7 +30,7 @@
 
           listeners = [
             {
-              port = 8008;
+              port = port;
               bind_addresses = ["127.0.0.1"];
               type = "http";
               tls = false;
@@ -89,7 +90,7 @@
         enableACME = true;
         forceSSL = true;
         locations."/" = {
-          proxyPass = "http://127.0.0.1:8008";
+          proxyPass = "http://127.0.0.1:${toString port}";
           extraConfig = ''
             proxy_set_header X-Forwarded-For $remote_addr;
             proxy_set_header X-Forwarded-Proto $scheme;

modules/services/portmap.nix

@@ -1 +0,0 @@
-{}

modules/services/ports.nix

@@ -0,0 +1,7 @@
+{ lib, ... }: {
+  den.aspects.portmap.nixos.options.den.portmap = lib.mkOption {
+    type     = lib.types.attrsOf lib.types.port;
+    readOnly = true;
+    default  = import ../../../portmap.nix;
+  };
+}

modules/services/redlib.nix

@@ -1,11 +1,13 @@
 {
   den.aspects.redlib = {
-    nixos = {
+    nixos = { config, ... }: {
+      den.tunnels = [ "reddit" ];
+
       services.redlib = {
         enable = true;
 
         address = "127.0.0.1";
-        port = 8975;
+        port = config.den.portmap.reddit;
         openFirewall = false;
 
         settings = {

modules/services/searxng/searxng.nix

@@ -1,6 +1,8 @@
 {
   den.aspects.searxng = {
-    nixos = {
+    nixos = { config, ... }: {
+      den.tunnels = [ "search" ];
+
       systemd.services.searx-init.serviceConfig.EnvironmentFile = [
         "/home/bug/.searxng.env"
       ];
@@ -15,7 +17,7 @@
         settings = {
           general.instance_name = "search.bug.tools";
 
-          server.port = 8888;
+          server.port = config.den.portmap.search;
           server.bind_address = "0.0.0.0";
           server.secret_key = "$SEARX_SECRET_KEY";
         };

modules/software/janitor/janitor.nix

@@ -1,6 +1,6 @@
 { den, ... }: {
   den.aspects.janitor = {
-    includes = [ den.aspects.janitor-backend ];
+    includes = with den.aspects; [ janitor-backend ];
 
     nixos = {
       services.janitor = {
@@ -34,8 +34,10 @@
           "Games/GBC" = [ "gbc" ];
           "Games/GB" = [ "gb" ];
           "Games/PS1" = [ "cue" "bin" ];
+          "Games/Xbox" = [ "xiso" ];
           "Games/Genesis" = [ "gen" ];
           "Games/Dreamcast" = [ "gdi" "cdi" ];
+          "Games/Saturn" = [ "sat" ];
         };
       };
     };