Add SD image pipeline, documentation overhaul, and fix module issues

- Add automatic SD image builds for Raspberry Pi via Forgejo Actions - Enable binfmt emulation on cryodev-main for aarch64 cross-builds - Add sd-image.nix module to cryodev-pi configuration - Create comprehensive docs/ structure with installation guides - Split installation docs into: first-install (server), reinstall, new-client (Pi) - Add lib/utils.nix and apps/rebuild from synix - Fix headplane module for new upstream API (tale/headplane) - Fix various module issues (mailserver stateVersion, option conflicts) - Add placeholder secrets.yaml files for both hosts - Remove old INSTRUCTIONS.md (content moved to docs/)
2026-03-11 08:41:58 +01:00 · 2026-03-11 08:41:58 +01:00 · 5ba78886d2
commit 5ba78886d2
parent a5261d8ff0
44 changed files with 3570 additions and 609 deletions
--- a/modules/nixos/headplane/default.nix
+++ b/modules/nixos/headplane/default.nix
@ -2,31 +2,30 @@
  inputs,
  config,
  lib,
+  pkgs,
  ...
 }:

 let
  cfg = config.services.headplane;
-  domain = config.networking.domain;
-  subdomain = cfg.reverseProxy.subdomain;
-  fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
  headscale = config.services.headscale;

  inherit (lib)
    mkDefault
    mkIf
-    ;
-
-  inherit (lib.utils)
-    mkReverseProxyOption
-    mkVirtualHost
+    mkOption
+    types
    ;
 in
 {
  imports = [ inputs.headplane.nixosModules.headplane ];

  options.services.headplane = {
-    reverseProxy = mkReverseProxyOption "Headplane" "hp";
+    port = mkOption {
+      type = types.port;
+      default = 3000;
+      description = "Port for headplane to listen on";
+    };
  };

  config = mkIf cfg.enable {
@ -37,14 +36,14 @@ in
    services.headplane = {
      settings = {
        server = {
-          host = mkDefault (if cfg.reverseProxy.enable then "127.0.0.1" else "0.0.0.0");
-          port = mkDefault 3000;
+          host = mkDefault "127.0.0.1";
+          port = mkDefault cfg.port;
          cookie_secret_path = config.sops.secrets."headplane/cookie_secret".path;
        };
        headscale = {
-          url = "http://127.0.0.1:${toString headscale.port}";
-          public_url = headscale.settings.server_url;
-          config_path = "/etc/headscale/config.yaml";
+          url = mkDefault "http://127.0.0.1:${toString headscale.port}";
+          public_url = mkDefault headscale.settings.server_url;
+          config_path = mkDefault "/etc/headscale/config.yaml";
        };
        integration.agent = {
          enabled = mkDefault true;
@ -53,13 +52,6 @@ in
      };
    };

-    services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
-      "${fqdn}" = mkVirtualHost {
-        port = cfg.settings.server.port;
-        ssl = cfg.reverseProxy.forceSSL;
-      };
-    };
-
    sops.secrets =
      let
        owner = headscale.user;