{ config, pkgs, lib, ... }: with lib; let cfg = config.pub-solar.core; in { options.pub-solar.core = { enableCaddy = mkOption { type = types.bool; default = !cfg.lite; }; enableHelp = mkOption { type = types.bool; default = !cfg.lite; }; binaryCaches = mkOption { type = types.listOf types.str; default = []; description = "Binary caches to use."; }; publicKeys = mkOption { type = types.listOf types.str; default = []; description = "Public keys of binary caches."; }; }; config = { # disable NetworkManager and systemd-networkd -wait-online by default systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false; systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false; networking.networkmanager = { # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff. enable = true; # not as stable as wpa_supplicant yet, also more trouble with 5 GHz networks #wifi.backend = "iwd"; }; networking.firewall.enable = true; # Customized binary caches list (with fallback to official binary cache) nix.settings.substituters = cfg.binaryCaches; nix.settings.trusted-public-keys = cfg.publicKeys; # These entries get added to /etc/hosts networking.hosts = { "127.0.0.1" = [] ++ lib.optionals cfg.enableCaddy ["caddy.local"] ++ lib.optionals config.pub-solar.printing.enable ["cups.local"] ++ lib.optionals cfg.enableHelp ["help.local"]; }; # Caddy reverse proxy for local services like cups services.caddy = { enable = cfg.enableCaddy; globalConfig = '' default_bind 127.0.0.1 auto_https off ''; extraConfig = concatStringsSep "\n" [ (lib.optionalString config.pub-solar.printing.enable '' cups.local:80 { request_header Host localhost:631 reverse_proxy unix//run/cups/cups.sock } '') (lib.optionalString cfg.enableHelp '' help.local:80 { root * ${pkgs.psos-docs}/lib/html file_server } '') ]; }; }; }