MASSIVE

hosts/architect/default.nix

@@ -15,9 +15,9 @@ in
     ./hardware.nix
     ./firewall.nix
     ./nginx.nix
-    ./sonarr.nix
+    # ./sonarr.nix
-    ./bazarr.nix
+    # ./bazarr.nix
-    ./nzbget.nix
+    # ./nzbget.nix
     ./nextcloud.nix
     ./matrix.nix
     ./fail2ban.nix
@@ -38,21 +38,6 @@ in
 
   age.identityPaths = [ "/root/.ssh/id_ed25519" ];
 
-  pepe.core.network.interfaces = {
-    lan = {
-      interface = "enp6s0";
-      type = "lan";
-      net = "10.0.0.0/24";
-      devices = {
-        architect = { address = "10.0.0.250"; hostname = "architect.${domain}"; };
-        brigettine = { address = "10.0.0.1"; hostname = "router.${domain}"; };
-        dreamel10 = { address = "10.0.0.199"; hostname = "dreamel10.${domain}"; };
-        reolinkcamera = { address = "10.0.0.200"; hostname = "reolinkcamera.${domain}"; };
-        lgtv = { address = "10.0.0.202"; hostname = "lgtv.${domain}"; };
-      };
-    };
-  };
-  
   architect = {
 
     firewall = {
@@ -154,6 +139,21 @@ in
         enable = true;
         path = "/media";
       };
+
+      network.interfaces = {
+        lan = {
+          interface = "enp6s0";
+          type = "lan";
+          net = "10.0.0.0/24";
+          devices = {
+            architect = { address = "10.0.0.250"; hostname = "architect.${domain}"; };
+            brigettine = { address = "10.0.0.1"; hostname = "router.${domain}"; };
+            dreamel10 = { address = "10.0.0.199"; hostname = "dreamel10.${domain}"; };
+            reolinkcamera = { address = "10.0.0.200"; hostname = "reolinkcamera.${domain}"; };
+            lgtv = { address = "10.0.0.202"; hostname = "lgtv.${domain}"; };
+          };
+        };
+      };
     };
 
     services = {
@@ -168,11 +168,10 @@ in
         package = pkgs.unstablePkgs.immich;
       };
 
-      minio = {
+      # minio = {
-        enable = true;
+      #   enable = true;
-        domain = "s3.giugl.io";
+      #   domain = "s3.giugl.io";
-        package = pkgs.minio_legacy_fs;
+      # };
-      };
 
       radarr = {
         enable = true;

hosts/architect/minio.nix

@@ -1,35 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  domain = "s3.giugl.io";
-
-  utilities = import ./utilities.nix { inherit lib config; };
-  inherit (utilities) architectInterfaceAddress;
-in
-{
-  services = {
-    minio = {
-      enable = true;
-      package = pkgs.minio_legacy_fs;
-    };
-
-    nginx.virtualHosts.${domain} = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:9000";
-        extraConfig = ''
-          client_max_body_size 500M;
-          allow ${config.architect.networks.lan.net};
-          allow ${config.architect.networks.tailscale.net};
-          deny all;
-        '';
-      };
-    };
-  };
-
-  networking.extraHosts = ''
-    ${architectInterfaceAddress "lan"} ${domain}
-    ${architectInterfaceAddress "tailscale"} ${domain}
-  '';
-}

hosts/architect/options.nix

@@ -1,7 +1,6 @@
 { config, lib, ... }:
 
 {
-  # Legacy compatibility layer
   options.architect = {
     firewall = lib.mkOption {
       internal = true;

hosts/architect/tailscale.nix

@@ -7,11 +7,10 @@ let
   inherit (utilities) generateDeviceStrings;
 in
 {
-  architect = {
+  pepe.core.network.interfaces.tailscale = {
-    networks.tailscale = {
     interface = "ts0";
     net = "100.64.0.0/10";
-
+    type = "vpn";
     devices = {
       architect = { address = "100.64.0.1"; hostname = "architect.${domain}"; };
       kmerr = { address = "100.64.0.2"; hostname = "kmerr.${domain}"; };
@@ -23,16 +22,15 @@ in
       appletv = { address = "100.64.0.13"; hostname = "appletv.${domain}"; };
       watkinshouse = { address = "100.64.0.14"; hostname = "watkinshouse.${domain}"; };
       afsun = { address = "100.64.0.15"; hostname = "afsun.${domain}"; };
-        jacopo-desktop= { address = "100.64.0.21"; hostname = "afsun.${domain}"; };
+      jacopo-desktop = { address = "100.64.0.21"; hostname = "afsun.${domain}"; };
-        jacopo-tv= { address = "100.64.0.22"; hostname = "afsun.${domain}"; };
+      jacopo-tv = { address = "100.64.0.22"; hostname = "afsun.${domain}"; };
-      };
     };
   };
 
   services = {
     tailscale = {
       enable = true;
-      interfaceName = config.architect.networks.tailscale.interface;
+      interfaceName = config.pepe.core.network.interfaces.tailscale.interface;
       package = pkgs.unstablePkgs.tailscale;
     };
   };

modules/core/dns.nix

@@ -57,7 +57,7 @@ in
                               expr client_ip() == '${deviceIP}'
                             }
                             
-                            forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::${cfg.nextDNSId} tls://2a07:a8c1::${cfg.nextDNSId} {
+                            forward . tls://45.90.28.77 tls://45.90.30.77 {
                                 tls_servername ${name}-${cfg.nextDNSId}.dns.nextdns.io
                                 health_check 5s                        
                             }
@@ -99,7 +99,7 @@ in
         ${generateCoreDNSConfig allDomains}
 
         . {
-          forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::${cfg.nextDNSId} tls://2a07:a8c1::${cfg.nextDNSId} {
+          forward . tls://45.90.28.77 tls://45.90.30.77 {
               tls_servername lan-${cfg.nextDNSId}.dns.nextdns.io
               health_check 5s                        
           } 

modules/core/network.nix

@@ -53,17 +53,6 @@ in
       description = "Interfaces grouped by type (lan, wan, vpn) for easy access.";
       internal = true;
     };    
-    
-    interfaceTypes = mkOption {
-      type = types.attrsOf types.str;
-      default = {
-        lan = "lan";
-        wan = "wan";
-        vpn = "vpn";
-      };
-      description = "Interface type identifiers for easy reference.";
-    };
-    
   };
   
   config = {
@@ -73,7 +62,5 @@ in
       wan = lib.attrNames (lib.filterAttrs (_: iface: iface.type == "wan") cfg.interfaces);
       vpn = lib.attrNames (lib.filterAttrs (_: iface: iface.type == "vpn") cfg.interfaces);
     };
-    
-    # We don't need the groups anymore as we're using interfacesByType directly
   };
 }

modules/services/gitea/default.nix

@@ -18,8 +18,7 @@ in
   config = mkIf cfg.enable {
     pepe.core = {
       firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
-      vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
+      vhost.hosts.${cfg.domain} = {
-        dnsInterfaces = [ interfaceTypes.lan interfaceTypes.vpn ];
         locations."/" = {
           port = config.services.gitea.settings.server.HTTP_PORT;
           allowLAN = true;

modules/services/immich/default.nix

@@ -22,8 +22,7 @@ in
       };
     };
 
-    pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
+    pepe.core.vhost.hosts.${cfg.domain} = {
-      dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ];
       locations."/" = {
         host = "[::1]";
         port = config.services.immich.port;

modules/services/minio/default.nix

@@ -8,7 +8,7 @@ in
 {
   options.pepe.services.minio = with lib; {
     enable = mkEnableOption "Enable MinIO S3-compatible object storage";
-    package = mkPackageOption pkgs "minio" { default = pkgs.minio_legacy_fs; };
+    package = mkPackageOption pkgs "minio" {};
     domain = mkOption {
       type = types.str;
       default = null;
@@ -21,8 +21,7 @@ in
       package = cfg.package;
     };
 
-    pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
+    pepe.core.vhost.hosts.${cfg.domain} = {
-      dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ];
       locations."/" = {
         port = 9000;
         allowLAN = true;

modules/services/radarr/default.nix

@@ -21,8 +21,7 @@ in
       package = cfg.package;
     };
 
-    pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
+    pepe.core.vhost.hosts.${cfg.domain} = {
-      dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ];
       locations."/" = {
         port = 7878;
         allowLAN = true;