Refactor: transform host templates into a module

Also move bookdb & bookmarks remote sync into the template, and add
systemd-tmpfiles rules to create all the needed directories.

flake.nix

@@ -121,19 +121,22 @@
                 modules = [
                   { config._module.args = { inherit pkgs; }; }
                   ./shared/options.nix
+                  # modules
+                  ./shared/bookdb/options.nix
                   ./shared/bookmarks/options.nix
-                  ./shared/umami/options.nix
                   ./shared/concourse/options.nix
-                  ./shared/torrents/options.nix
+                  ./shared/erase-your-darlings/options.nix
+                  ./shared/finder/options.nix
+                  ./shared/foundryvtt/options.nix
+                  ./shared/minecraft/options.nix
                   ./shared/oci-containers/options.nix
                   ./shared/pleroma/options.nix
                   ./shared/resolved/options.nix
-                  ./shared/bookdb/options.nix
-                  ./shared/minecraft/options.nix
-                  ./shared/erase-your-darlings/options.nix
-                  ./shared/foundryvtt/options.nix
-                  ./shared/finder/options.nix
                   ./shared/restic-backups/options.nix
+                  ./shared/torrents/options.nix
+                  ./shared/umami/options.nix
+                  # host templates
+                  ./shared/host-templates/website-mirror/options.nix
                 ];
               };
               optionsDoc = pkgs.nixosOptionsDoc {

hosts/carcosa/configuration.nix

@@ -24,10 +24,6 @@ let
   httpdir = "${toString config.nixfiles.eraseYourDarlings.persistDir}/srv/http";
 in
 {
-  imports = [
-    ../_templates/barrucadu-website-mirror.nix
-  ];
-
   ###############################################################################
   ## General
   ###############################################################################
@@ -97,11 +93,22 @@ in
   sops.secrets."nixfiles/restic-backups/env" = { };
 
 
+  ###############################################################################
+  ## Website Mirror
+  ###############################################################################
+
+  nixfiles.hostTemplates.websiteMirror = {
+    enable = true;
+    acmeEnvironmentFile = config.sops.secrets."services/acme/env".path;
+  };
+  sops.secrets."services/acme/env" = { };
+
+
   ###############################################################################
   ## Services
   ###############################################################################
 
-  # WWW - there are more websites, see barrucadu-website-mirror
+  # WWW - there are more websites, see website-mirror
   services.caddy.enable = true;
   services.caddy.extraConfig = ''
     (common_config) {
@@ -322,19 +329,6 @@ in
   sops.secrets."nixfiles/pleroma/exc".owner = config.users.users.pleroma.name;
 
 
-  ###############################################################################
-  ## Nyarlathotep Sync
-  ###############################################################################
-
-  nixfiles.bookdb.remoteSync.receive.enable = true;
-  nixfiles.bookdb.remoteSync.receive.authorizedKeys =
-    [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChVw9DPLafA3lCLCI4Df9rYuxedFQTXAwDOOHUfZ0Ac remote-sync@nyarlathotep" ];
-
-  nixfiles.bookmarks.remoteSync.receive.enable = true;
-  nixfiles.bookmarks.remoteSync.receive.authorizedKeys =
-    [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChVw9DPLafA3lCLCI4Df9rYuxedFQTXAwDOOHUfZ0Ac remote-sync@nyarlathotep" ];
-
-
   ###############################################################################
   ## Remote Builds
   ###############################################################################

hosts/yuggoth/configuration.nix

@@ -13,10 +13,6 @@
 
 with lib;
 {
-  imports = [
-    ../_templates/barrucadu-website-mirror.nix
-  ];
-
   ###############################################################################
   ## General
   ###############################################################################
@@ -38,16 +34,14 @@ with lib;
   sops.secrets."users/barrucadu".neededForUsers = true;
 
   ###############################################################################
-  ## Nyarlathotep Sync
+  ## Website Mirror
   ###############################################################################
 
-  nixfiles.bookdb.remoteSync.receive.enable = true;
-  nixfiles.bookdb.remoteSync.receive.authorizedKeys =
-    [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChVw9DPLafA3lCLCI4Df9rYuxedFQTXAwDOOHUfZ0Ac remote-sync@nyarlathotep" ];
-
-  nixfiles.bookmarks.remoteSync.receive.enable = true;
-  nixfiles.bookmarks.remoteSync.receive.authorizedKeys =
-    [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChVw9DPLafA3lCLCI4Df9rYuxedFQTXAwDOOHUfZ0Ac remote-sync@nyarlathotep" ];
+  nixfiles.hostTemplates.websiteMirror = {
+    enable = true;
+    acmeEnvironmentFile = config.sops.secrets."services/acme/env".path;
+  };
+  sops.secrets."services/acme/env" = { };
 
   ###############################################################################
   ## Remote Builds

scripts/documentation.sh

@@ -41,14 +41,14 @@ import os
 print("# Host Templates")
 print("")
 
-templates = sorted([name for name in os.listdir("hosts/_templates")])
+templates = sorted([name for name in os.listdir("shared/host-templates") if name not in [".", ".."]])
 for template in templates:
-    source_file = f"hosts/_templates/{template}"
+    source_file = f"shared/host-templates/{template}/default.nix"
 
     if not os.path.isfile(source_file):
         continue
 
-    print(f"## {template.replace('.nix','')}")
+    print(f"## {template}")
 
     has_doc = False
     with open(source_file, "r") as f:
@@ -78,6 +78,8 @@ with open(os.getenv("NIXOS_OPTIONS_JSON"), "r") as f:
 modules = {}
 for key, defn in options.items():
     module_name = defn["declarations"][0].split("/shared/")[1].replace("/options.nix", "")
+    if module_name.startswith("host-templates/"):
+        continue
     if module_name == "options.nix":
         # this is the top-level `shared` file
         module_name = ""

shared/default.nix

@@ -30,6 +30,7 @@ in
     ./erase-your-darlings
     ./finder
     ./foundryvtt
+    ./host-templates
     ./minecraft
     ./oci-containers
     ./pleroma

shared/host-templates/default.nix

@@ -0,0 +1,12 @@
+# Template configuration for a variety of functionality.
+#
+# See [the documentation for each template][].
+#
+# [the documentation for each template]: host-templates.html
+{ ... }:
+
+{
+  imports = [
+    ./website-mirror
+  ];
+}