feat(exports): service access

2026-02-09 04:19:19 -08:00 · 2024-02-19 17:34:39 -08:00 · 2024-02-19 17:34:39 -08:00 · 871b1c5b2d
commit 871b1c5b2d
parent 91918b8061
69 changed files with 1317 additions and 509 deletions
--- a/systems/tei/cloudflared.nix
+++ b/systems/tei/cloudflared.nix
@ -1,46 +1,14 @@
 {
-  access,
  config,
  lib,
+  access,
  ...
 }: let
  inherit (lib.modules) mkIf;
-  inherit (lib.attrsets) listToAttrs nameValuePair;
-  inherit (access) nixosFor;
-  inherit (config.networking) hostName;
-  inherit (config.services) nginx;
+  inherit (config.services) home-assistant nginx;
  cfg = config.services.cloudflared;
  apartment = "5e85d878-c6b2-4b15-b803-9aeb63d63543";
-  accessHostFor = {
-    hostName,
-    system ? nixosFor hostName,
-    network ? "lan",
-    ...
-  }: let
-    host = access.getHostnameFor hostName network;
-  in
-    if hostName == config.networking.hostName
-    then "localhost"
-    else host;
-  ingressForNginx = {
-    host ? system.networking.fqdn,
-    port ? 80,
-    hostName,
-    system ? nixosFor hostName,
-  } @ args:
-    nameValuePair host {
-      service = "http://${accessHostFor args}:${toString port}";
-    };
-  ingressForHass = {
-    host ? system.services.home-assistant.domain,
-    port ? system.services.home-assistant.config.http.server_port,
-    hostName,
-    system ? nixosFor hostName,
-    ...
-  } @ args:
-    nameValuePair host {
-      service = "http://${accessHostFor args}:${toString port}";
-    };
+  localNginx = "http://localhost:${toString nginx.defaultHTTPListenPort}";
 in {
  sops.secrets.cloudflared-tunnel-apartment.owner = cfg.user;
  services.cloudflared = {
@ -48,21 +16,20 @@ in {
      ${apartment} = {
        credentialsFile = config.sops.secrets.cloudflared-tunnel-apartment.path;
        default = "http_status:404";
-        ingress = listToAttrs [
-          (ingressForNginx {
-            host = nginx.virtualHosts.zigbee2mqtt.serverName;
-            inherit hostName;
-          })
-          (ingressForNginx {
-            host = nginx.virtualHosts.grocy.serverName;
-            inherit hostName;
-          })
-          (ingressForNginx {
-            host = nginx.virtualHosts.barcodebuddy.serverName;
-            inherit hostName;
-          })
-          (ingressForHass {inherit hostName;})
-        ];
+        ingress = {
+          ${nginx.virtualHosts.zigbee2mqtt.serverName} = {
+            service = localNginx;
+          };
+          ${nginx.virtualHosts.grocy.serverName} = {
+            service = localNginx;
+          };
+          ${nginx.virtualHosts.barcodebuddy.serverName} = {
+            service = localNginx;
+          };
+          ${home-assistant.domain} = assert home-assistant.enable; {
+            service = access.proxyUrlFor { serviceName = "home-assistant"; };
+          };
+        };
      };
    };
  };
--- a/systems/tei/default.nix
+++ b/systems/tei/default.nix
@ -7,5 +7,12 @@ _: {
  modules = [
    ./nixos.nix
  ];
-  access.tailscale.enable = true;
+  exports = {
+    services = {
+      tailscale.enable = true;
+      home-assistant.enable = true;
+      zigbee2mqtt.enable = true;
+      postgresql.enable = true;
+    };
+  };
 }