Format

linux/singularity/caddy.nix

@@ -21,7 +21,7 @@ with config.constants; {
             };
           })
           fqdns);
-      homeSrv = s: "nebula:${portStr.${s}}";
+      homeSrv = s: "${homeServer}:${portStr.${s}}";
       localSrv = s: "${localhost}:${portStr.${s}}";
       mtfqdn = "matrix.${domain}";
       portStr = builtins.mapAttrs (n: v: toString v) port;

linux/singularity/configuration.nix

@@ -1,8 +1,5 @@
 {...}: {
-  boot = {
-    loader.grub.device = "/dev/sda";
-    tmp.cleanOnBoot = true;
-  };
+  boot.loader.grub.device = "/dev/sda";
 
   constants.sopsFile = ../../common/auths.yaml;
 

linux/singularity/default.nix

@@ -1,7 +1,7 @@
+# Public beacon — cloud VPS providing reverse proxy, mail server, Headscale VPN, and Vaultwarden
 {inputs, ...}: {
   imports = with inputs; [
     mailserver.nixosModules.default
-    ../../common
     ./caddy.nix
     ./configuration.nix
     ./hardware-configuration.nix

linux/singularity/headscale.nix

@@ -1,21 +1,14 @@
 {config, ...}: {
-  services = {
-    headscale = with config.constants; {
-      enable = true;
-      address = localhost;
-      port = port.headscale;
-      settings = {
-        dns = {
-          base_domain = "tailscale.${domain}";
-          override_local_dns = false;
-        };
-        server_url = "https://headscale.${domain}";
+  services.headscale = with config.constants; {
+    enable = true;
+    address = localhost;
+    port = port.headscale;
+    settings = {
+      dns = {
+        base_domain = "tailscale.${domain}";
+        override_local_dns = false;
       };
-    };
-    tailscale = {
-      enable = true;
-      port = 27919;
-      useRoutingFeatures = "both";
+      server_url = "https://headscale.${domain}";
     };
   };
 }

linux/singularity/network.nix

@@ -2,7 +2,6 @@
   networking = {
     firewall.allowedTCPPorts = with config.constants.port; [http https];
     hostId = "2cadb253";
-    nftables.enable = true;
   };
 
   services = {
@@ -12,6 +11,7 @@
       domains = builtins.attrNames config.services.caddy.virtualHosts;
     };
     openssh.enable = true;
+    tailscale.useRoutingFeatures = "both";
   };
 
   sops.secrets.cloudflare = {};

linux/singularity/vaultwarden.nix

@@ -1,5 +1,6 @@
 {config, ...}: let
   vaultEnvironment = "vaultwarden/environment";
+  vaultwardenAddr = "vaultwarden@${config.constants.domain}";
 in {
   services.vaultwarden = {
     enable = true;
@@ -11,10 +12,10 @@ in {
       # Disable signup
       SIGNUPS_ALLOWED = false;
       # SMTP config
-      SMTP_FROM = "vaultwarden@${domain}";
+      SMTP_FROM = vaultwardenAddr;
       SMTP_FROM_NAME = "vaultwarden";
-      SMTP_HOST = "mail.${domain}";
-      SMTP_USERNAME = "vaultwarden@${domain}";
+      SMTP_HOST = config.mailserver.fqdn;
+      SMTP_USERNAME = vaultwardenAddr;
       SMTP_PORT = 587;
       SMTP_SECURITY = "starttls";
     };