From aa06c9b3e98731cc7d1e1fedcbc84423ef5981e6 Mon Sep 17 00:00:00 2001
From: Grimmauld <Grimmauld@grimmauld.de>
Date: Thu, 9 May 2024 11:03:43 +0200
Subject: [PATCH] move server module loading to modules folder

---
 fake_flake.nix                                | 14 +----
 modules/default.nix                           | 59 +++++++++++++++++++
 modules/letsencrypt.nix                       | 22 -------
 .../grimmauld-nixos-server/configuration.nix  | 33 ++---------
 4 files changed, 65 insertions(+), 63 deletions(-)
 create mode 100644 modules/default.nix
 delete mode 100644 modules/letsencrypt.nix

diff --git a/fake_flake.nix b/fake_flake.nix
index eb8138d..9909384 100644
--- a/fake_flake.nix
+++ b/fake_flake.nix
@@ -23,19 +23,7 @@ let
 
     grimmauld-nixos-server = [
       ./specific/grimmauld-nixos-server/configuration.nix
-      ./modules/letsencrypt.nix
-
-      ./modules/matrix.nix
-      ./modules/puffer.nix
-      ./modules/gitea.nix
-      ./modules/grafana.nix
-      ./modules/nextcloud.nix
-      ./modules/prometheus.nix
-      # ./modules/mjolnir.nix
-      ./modules/fail2ban.nix
-      ./modules/email.nix
-      ./modules/discord-matrix-bridge.nix
-      ./modules/mastodon.nix
+      ./modules
     ];
   };
 
diff --git a/modules/default.nix b/modules/default.nix
new file mode 100644
index 0000000..a60e7a2
--- /dev/null
+++ b/modules/default.nix
@@ -0,0 +1,59 @@
+{
+  lib,
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
+let
+  inherit (config.networking) domain;
+  root_email = "contact@${domain}";
+in
+{
+  imports = [
+      ./matrix.nix
+      ./puffer.nix
+      ./gitea.nix
+      ./grafana.nix
+      ./nextcloud.nix
+      ./prometheus.nix
+      # ./mjolnir.nix
+      ./fail2ban.nix
+      ./email.nix
+      ./discord-matrix-bridge.nix
+      ./mastodon.nix
+  ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = root_email;
+    certs."${domain}" = {
+      webroot = "/var/lib/acme/acme-challenge/";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+  services.nginx = {
+    # package = pkgs.nginxStable.override { openssl = pkgs.libressl; };
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+    virtualHosts."${domain}" = {
+      forceSSL = true;
+      enableACME = lib.mkForce false; # use the correct cert, not some weird one that matrix-synapse module supplies
+      useACMEHost = domain;
+      locations."/" = {
+        root = "/var/www/${domain}";
+      };
+    };
+  };
+
+  users.users.nginx.extraGroups = [ "acme" ];
+}
diff --git a/modules/letsencrypt.nix b/modules/letsencrypt.nix
deleted file mode 100644
index 4d2317c..0000000
--- a/modules/letsencrypt.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-  lib,
-  config,
-  inputs,
-  pkgs,
-  ...
-}:
-let
-  inherit (config.networking) domain;
-  root_email = "contact@${domain}";
-in
-{
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = root_email;
-    certs."${domain}" = {
-      webroot = "/var/lib/acme/acme-challenge/";
-    };
-  };
-
-  users.users.nginx.extraGroups = [ "acme" ];
-}
diff --git a/specific/grimmauld-nixos-server/configuration.nix b/specific/grimmauld-nixos-server/configuration.nix
index 19e2380..28b1549 100644
--- a/specific/grimmauld-nixos-server/configuration.nix
+++ b/specific/grimmauld-nixos-server/configuration.nix
@@ -11,38 +11,15 @@ in
 {
   imports = [ ./hardware-configuration.nix ];
 
-  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
-  };
-
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
+#  boot = {
+#    kernelPackages = pkgs.linuxPackages_latest;
+#  };
+  
   networking.hostName = "grimmauld-nixos-server";
   networking.domain = "grimmauld.de";
   services.openssh.enable = true;
   system.stateVersion = "23.11";
-  # networking.networkmanager.enable = lib.mkForce false;
-
-  services.nginx = {
-    # package = pkgs.nginxStable.override { openssl = pkgs.libressl; };
-    enable = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
-
-    virtualHosts."${domain}" = {
-      forceSSL = true;
-      enableACME = lib.mkForce false; # use the correct cert, not some weird one that matrix-synapse module supplies
-      useACMEHost = domain;
-      locations."/" = {
-        root = "/var/www/${domain}";
-      };
-    };
-  };
+  networking.networkmanager.enable = lib.mkForce false;
 
   #  users.users.root.openssh.authorizedKeys.keys = (import ./authorizedKeys.nix);
 }