{ description = "OpenGardenCloud"; inputs = { nixpkgs.url = "nixpkgs/nixos-25.11"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; openldap-server = { url = "./services/openldap/"; inputs.nixpkgs.follows = "nixpkgs"; }; nginx-server = { url = "./services/nginx/"; inputs.nixpkgs.follows = "nixpkgs"; }; nextcloud-server = { url = "./services/nextcloud/"; inputs.nixpkgs.follows = "nixpkgs"; }; mail-server = { url = "./services/mail/"; inputs.nixpkgs.follows = "nixpkgs"; }; gitea-server = { url = "./services/gitea/"; inputs.nixpkgs.follows = "nixpkgs"; }; immich-server = { url = "./services/immich/"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, sops-nix, openldap-server, nginx-server, nextcloud-server, mail-server, gitea-server, immich-server, ... }: { # Re-export individual modules nixosModules = { openldap = openldap-server.nixosModules.openldap; nginx = nginx-server.nixosModules.nginx; nextcloud = nextcloud-server.nixosModules.nextcloud; mail = mail-server.nixosModules.mail; gitea = gitea-server.nixosModules.gitea; immich = immich-server.nixosModules.immich; }; # Convenience module: imports all service modules + sets default config nixosModules.ogc = {config, lib, ...}: let cfg = config.ogc; in { imports = [ openldap-server.nixosModules.openldap nginx-server.nixosModules.nextcloud nextcloud-server.nixosModules.nextcloud mail-server.nixosModules.mail gitea-server.nixosModules.gitea immich-server.nixosModules.immich sops-nix.nixosModules.sops ]; options.ogc = { organization = lib.mkOption {type = lib.types.str;}; extension = lib.mkOption {type = lib.types.str;}; domain = lib.mkOption {type = lib.types.str;}; }; config = { networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 2022 ]; #allowedUDPPortRanges = [ #{ from = 4000; to = 4007; } #]; }; ogc = { organization = lib.mkDefault "opengardencloud"; extension = lib.mkDefault "com"; domain = lib.mkDefault "opengardencloud.com"; }; sops = { defaultSopsFile = ./secrets/ogc.yaml; # This will automatically import SSH keys as age keys age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # This is using an age key that is expected to already be in the filesystem age.keyFile = "~/.config/sops/age/keys.txt"; # This will generate a new key if the key specified above does not exist age.generateKey = true; secrets."openldap/admin" = {}; secrets."openldap/nextcloud" = {}; secrets."openldap/mail" = {}; secrets."openldap/gitea" = {}; secrets."openldap/hauk" = {}; secrets."nextcloud/admin" = {}; }; # ── Default configuration for OpenLDAP ───────────────────── # All values use mkDefault so any machine flake can override them. openldap = { enable = lib.mkDefault true; #enable = false; organization = lib.mkDefault cfg.organization; extension = lib.mkDefault cfg.extension; domain = lib.mkDefault cfg.domain; urlList = lib.mkDefault [ "ldap:///" "ldapi:///" ]; adminPasswordFile = lib.mkDefault "/run/secrets/openldap/admin"; services = { nextcloud = { uid = lib.mkDefault "nextcloud"; passwordFile = lib.mkDefault "/run/secrets/openldap/nextcloud"; }; mail = { uid = lib.mkDefault "mail"; passwordFile = lib.mkDefault "/run/secrets/openldap/mail"; }; gitea = { uid = lib.mkDefault "gitea"; passwordFile = lib.mkDefault "/run/secrets/openldap/gitea"; }; hauk = { uid = lib.mkDefault "hauk"; passwordFile = lib.mkDefault "/run/secrets/openldap/hauk"; }; }; }; # Nginx nginx = { enable = lib.mkDefault true; }; # Nextcloud nextcloud = { enable = lib.mkDefault true; adminPasswordFile = lib.mkDefault "/run/secrets/nextcloud/admin"; domain = lib.mkDefault cfg.domain; hostName = lib.mkDefault "nextcloud"; port = lib.mkDefault 8080; }; mail = { enable = lib.mkDefault true; domain = lib.mkDefault cfg.domain; fqdn = lib.mkDefault "mail.${cfg.domain}"; }; gitea = { enable = lib.mkDefault true; hostName = lib.mkDefault "gitea"; sshPort = lib.mkDefault 2022; httpPort = lib.mkDefault 2080; }; # TODO: OpenLDAP immich = { enable = lib.mkDefault false; hostName = lib.mkDefault "immich"; port = lib.mkDefault 543; }; }; }; nixosModules.default = self.nixosModules.ogc; }; }