feat: remove old "freeform" globals and use new structured globals

2025-10-11 07:10:39 +02:00 · 2024-07-31 15:49:44 +02:00 · 2024-07-31 15:49:44 +02:00 · a128dd5f40
commit a128dd5f40
parent 4e717fab96
35 changed files with 214 additions and 59 deletions
--- a/hosts/ward/guests/adguardhome.nix
+++ b/hosts/ward/guests/adguardhome.nix
@ -5,7 +5,7 @@
  pkgs,
  ...
 }: let
-  adguardhomeDomain = "adguardhome.${config.repo.secrets.global.domains.me}";
+  adguardhomeDomain = "adguardhome.${globals.domains.me}";
 in {
  wireguard.proxy-sentinel = {
    client.via = "sentinel";
@ -88,7 +88,7 @@ in {
          # wireguard address for influxdb
          {
            inherit (globals.services.influxdb) domain;
-            answer = config.repo.secrets.global.domains.me;
+            answer = globals.domains.me;
          }
        ]
        # Use the local mirror-proxy for some services (not necessary, just for speed)
@ -102,8 +102,8 @@ in {
          globals.services.influxdb.domain
          globals.services.loki.domain
          globals.services.paperless.domain
-          "home.${config.repo.secrets.global.domains.me}"
-          "fritzbox.${config.repo.secrets.global.domains.me}"
+          "home.${globals.domains.me}"
+          "fritzbox.${globals.domains.me}"
        ];
      filters = [
        {
--- a/hosts/ward/guests/forgejo.nix
+++ b/hosts/ward/guests/forgejo.nix
@ -6,7 +6,7 @@
  pkgs,
  ...
 }: let
-  forgejoDomain = "git.${config.repo.secrets.global.domains.me}";
+  forgejoDomain = "git.${globals.domains.me}";
 in {
  wireguard.proxy-sentinel = {
    client.via = "sentinel";
--- a/hosts/ward/guests/kanidm.nix
+++ b/hosts/ward/guests/kanidm.nix
@ -3,8 +3,7 @@
  globals,
  ...
 }: let
-  inherit (config.repo.secrets.global) domains;
-  kanidmDomain = "auth.${domains.me}";
+  kanidmDomain = "auth.${globals.domains.me}";
  kanidmPort = 8300;

  mkRandomSecret = {
@ -108,7 +107,7 @@ in {
      adminPasswordFile = config.age.secrets.kanidm-admin-password.path;
      idmAdminPasswordFile = config.age.secrets.kanidm-idm-admin-password.path;

-      inherit (config.repo.secrets.global.kanidm) persons;
+      inherit (globals.kanidm) persons;

      # Immich
      groups."immich.access" = {};
@ -191,7 +190,7 @@ in {
      groups."web-sentinel.openwebui" = {};
      systems.oauth2.web-sentinel = {
        displayName = "Web Sentinel";
-        originUrl = "https://oauth2.${domains.me}/";
+        originUrl = "https://oauth2.${globals.domains.me}/";
        basicSecretFile = config.age.secrets.kanidm-oauth2-web-sentinel.path;
        preferShortUsername = true;
        scopeMaps."web-sentinel.access" = ["openid" "email"];
--- a/hosts/ward/guests/netbird.nix
+++ b/hosts/ward/guests/netbird.nix
@ -6,7 +6,7 @@
  ...
 }: let
  sentinelCfg = nodes.sentinel.config;
-  netbirdDomain = "netbird.${config.repo.secrets.global.domains.me}";
+  netbirdDomain = "netbird.${globals.domains.me}";
 in {
  wireguard.proxy-sentinel = {
    client.via = "sentinel";
@ -48,8 +48,8 @@ in {
      dashboard.settings.AUTH_AUTHORITY = "https://${globals.services.kanidm.domain}/oauth2/openid/netbird";

      management = {
-        singleAccountModeDomain = "internal.${config.repo.secrets.global.domains.me}";
-        dnsDomain = "internal.${config.repo.secrets.global.domains.me}";
+        singleAccountModeDomain = "internal.${globals.domains.me}";
+        dnsDomain = "internal.${globals.domains.me}";
        disableAnonymousMetrics = true;
        oidcConfigEndpoint = "https://${globals.services.kanidm.domain}/oauth2/openid/netbird/.well-known/openid-configuration";
        turnDomain = globals.services.coturn.domain;
--- a/hosts/ward/guests/radicale.nix
+++ b/hosts/ward/guests/radicale.nix
@ -1,5 +1,9 @@
-{config, ...}: let
-  radicaleDomain = "radicale.${config.repo.secrets.global.domains.personal}";
+{
+  config,
+  globals,
+  ...
+}: let
+  radicaleDomain = "radicale.${globals.domains.personal}";
 in {
  wireguard.proxy-sentinel = {
    client.via = "sentinel";
--- a/hosts/ward/guests/vaultwarden.nix
+++ b/hosts/ward/guests/vaultwarden.nix
@ -1,9 +1,10 @@
 {
  config,
+  globals,
  lib,
  ...
 }: let
-  vaultwardenDomain = "pw.${config.repo.secrets.global.domains.personal}";
+  vaultwardenDomain = "pw.${globals.domains.personal}";
 in {
  wireguard.proxy-sentinel = {
    client.via = "sentinel";
--- a/hosts/ward/guests/web-proxy.nix
+++ b/hosts/ward/guests/web-proxy.nix
@ -4,7 +4,7 @@
  ...
 }: let
  inherit (config.repo.secrets.local) acme;
-  fritzboxDomain = "fritzbox.${config.repo.secrets.global.domains.me}";
+  fritzboxDomain = "fritzbox.${globals.domains.me}";
 in {
  wireguard.proxy-home = {
    client.via = "ward";
--- a/hosts/ward/kea.nix
+++ b/hosts/ward/kea.nix
@ -1,5 +1,4 @@
 {
-  config,
  lib,
  globals,
  utils,
@ -67,11 +66,11 @@ in {
              ip-address = globals.net.home-lan.hosts.sire-samba.ipv4;
            }
            {
-              hw-address = config.repo.secrets.global.macs.wallbox;
+              hw-address = globals.macs.wallbox;
              ip-address = globals.net.home-lan.hosts.wallbox.ipv4;
            }
            {
-              hw-address = config.repo.secrets.global.macs.home-assistant;
+              hw-address = globals.macs.home-assistant;
              ip-address = globals.net.home-lan.hosts.home-assistant-temp.ipv4;
            }
          ];