Add SD image pipeline, documentation overhaul, and fix module issues

- Add automatic SD image builds for Raspberry Pi via Forgejo Actions - Enable binfmt emulation on cryodev-main for aarch64 cross-builds - Add sd-image.nix module to cryodev-pi configuration - Create comprehensive docs/ structure with installation guides - Split installation docs into: first-install (server), reinstall, new-client (Pi) - Add lib/utils.nix and apps/rebuild from synix - Fix headplane module for new upstream API (tale/headplane) - Fix various module issues (mailserver stateVersion, option conflicts) - Add placeholder secrets.yaml files for both hosts - Remove old INSTRUCTIONS.md (content moved to docs/)
2026-03-11 08:41:58 +01:00 · 2026-03-11 08:41:58 +01:00 · 5ba78886d2
commit 5ba78886d2
parent a5261d8ff0
44 changed files with 3570 additions and 609 deletions
--- a/lib/utils.nix
+++ b/lib/utils.nix
@ -0,0 +1,85 @@
+{ lib, ... }:
+
+let
+  inherit (lib)
+    mkDefault
+    mkEnableOption
+    mkIf
+    mkOption
+    types
+    ;
+in
+{
+  isNotEmptyStr = str: builtins.isString str && str != "";
+
+  mkMailIntegrationOption = service: {
+    enable = mkEnableOption "Mail integration for ${service}.";
+    smtpHost = mkOption {
+      type = types.str;
+      default = "localhost";
+      description = "SMTP host for sending emails.";
+    };
+  };
+
+  mkReverseProxyOption = service: subdomain: {
+    enable = mkEnableOption "Nginx reverse proxy for ${service}.";
+    subdomain = mkOption {
+      type = types.str;
+      default = subdomain;
+      description = "Subdomain for Nginx virtual host. Leave empty for root domain.";
+    };
+    forceSSL = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Force SSL for Nginx virtual host.";
+    };
+  };
+
+  mkUrl =
+    {
+      fqdn,
+      ssl ? false,
+      port ? null,
+      path ? "",
+      ...
+    }:
+    let
+      protocol = if ssl then "https" else "http";
+      portPart = if port != null then ":${toString port}" else "";
+      pathPart = if path != "" then "/${path}" else "";
+    in
+    "${protocol}://${fqdn}${portPart}${pathPart}";
+
+  mkVirtualHost =
+    {
+      address ? "127.0.0.1",
+      port ? null,
+      socketPath ? null,
+      location ? "/",
+      ssl ? false,
+      proxyWebsockets ? true,
+      recommendedProxySettings ? true,
+      extraConfig ? "",
+      ...
+    }:
+    let
+      target =
+        if port != null then
+          "http://${address}:${builtins.toString port}"
+        else if socketPath != null then
+          "http://unix:${socketPath}"
+        else
+          null;
+    in
+    {
+      enableACME = ssl;
+      forceSSL = ssl;
+
+      locations = mkIf (target != null) {
+        "${location}" = {
+          proxyPass = mkDefault target;
+          inherit proxyWebsockets recommendedProxySettings extraConfig;
+        };
+      };
+    };
+}