Get domain url from machine.vHost config (except for cache).

Add turn server option to nextcloud (untested).

services/gitea.nix

@@ -3,17 +3,20 @@
 with lib;
 
 mkIf (elem "gitea" config.machine.services) {
-  services.gitea = {
+  services.gitea = let
+    cfg = config.machine;
+    domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
+  in {
     enable = true;
     user = "git";
     cookieSecure = true;
-    domain = "git.${config.machine.domain}";
+    domain = domain;
-    rootUrl = "http://git.${config.machine.domain}/";
+    rootUrl = "http://${domain}/";
     database = {
       type = "mysql";
       user = "git";
       name = "gitea";
-      passwordFile = "${config.machine.secretPath}/gitea_db";
+      passwordFile = "${cfg.secretPath}/gitea_db";
     };
     extraConfig = ''
       [repository]

services/hydra.nix

@@ -21,14 +21,18 @@ mkIf (elem "hydra" config.machine.services) {
     }
   ];
 
-  services.hydra = {
+  services = let
+    cfg = config.machine;
+    domain = (findFirst (s: s.service == "hydra") cfg cfg.vHosts).domain;
+  in {
+    hydra = {
       enable = true;
-    hydraURL = "https://builder.${config.machine.domain}"; # externally visible URL
+      hydraURL = domain; # externally visible URL
       listenHost = "localhost";
       port = 3001;
       minimumDiskFree = 15;
       minimumDiskFreeEvaluator = 15;
-    notificationSender = "hydra@mail.${config.machine.domain}"; # e-mail of hydra service
+      notificationSender = "hydra@mail.${cfg.domain}"; # e-mail of hydra service
       useSubstitutes = true;
       debugServer = false;
       # Hints from hydra-queue-runner:
@@ -36,23 +40,24 @@ mkIf (elem "hydra" config.machine.services) {
       # hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
       extraConfig = ''
         max_output_size = 4294967296
-      store_uri = file:///var/cache/hydra?secret-key=${config.machine.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
+        store_uri = file:///var/cache/hydra?secret-key=${cfg.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
         # add ?local-nar-cache= to set nar cache location
-      server_store_uri = https://cache.${config.machine.domain}
+        server_store_uri = https://cache.${cfg.domain}
-      binary_cache_public_uri https://cache.${config.machine.domain}
+        binary_cache_public_uri https://cache.${cfg.domain}
         upload_logs_to_binary_cache = true
       '';
     };
 
-  services.nix-serve = {
+    nix-serve = {
       enable = true;
       bindAddress = "0.0.0.0";
       port = 5000;
-    secretKeyFile = "${config.machine.secretPath}/hydra_cache";
+      secretKeyFile = "${cfg.secretPath}/hydra_cache";
       extraParams = ''
-# Dont know how to change the store root yet...
+        # Dont know how to change the store root yet...
-#      --user hydra-queue-runner
+        # --user hydra-queue-runner
-#      --group hydra
+        # --group hydra
       '';
     };
+  };  
 }

services/mailserver.nix

@@ -4,20 +4,22 @@ with lib;
 
 mkIf (elem "mailserver" config.machine.services) {
   mailserver = let
+    cfg = config.machine;
     domain = config.machine.domain;
-    mkFqdnAlias = name: [ "${name}@${domain}" "${name}@mail.${domain}" ];
+    fdomain = (findFirst (s: s.service == "mail") cfg cfg.vHosts).domain;
+    mkFqdnAlias = name: [ "${name}@${domain}" "${name}@${fdomain}" ];
     mkUser = user: rec {
       name = "${user.name}@${domain}";
       value = {
-        hashedPassword = (fileContents "${config.machine.secretPath}/${user.name}.mail");
+        hashedPassword = (fileContents "${cfg.secretPath}/${user.name}.mail");
-        aliases = [ "${user.name}@mail.${domain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
+        aliases = [ "${user.name}@${fdomain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
       };
     };
   in rec {
     enable = true;
-    fqdn = "mail.${domain}";
+    fqdn = fdomain;
-    domains = [ domain ];
+    domains = [ fdomain domain ];
-    loginAccounts = listToAttrs (map mkUser config.machine.mailAccounts);
+    loginAccounts = listToAttrs (map mkUser cfg.mailAccounts);
 
     # Use Let's Encrypt certificates. Note that this needs to set up a stripped
     # down nginx and opens port 80.

services/nextcloud.nix

@@ -3,20 +3,24 @@
 with lib;
 
 mkIf (elem "nextcloud" config.machine.services) {
-  services.nextcloud = {
+  services = let
+    cfg = config.machine;
+    domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
+  in {
+    nextcloud = {
       enable = true;
       home = "/var/lib/nextcloud";
-    hostName = "storage.${config.machine.domain}";
+      hostName = domain;
       https = true;
       maxUploadSize = "1024M";
       config = {
         adminuser = "derped";
-      adminpassFile = "${config.machine.secretPath}/nextcloud_admin";
+        adminpassFile = "${cfg.secretPath}/nextcloud_admin";
         dbtype = "mysql";
         dbhost = "localhost";
         dbport = "3306";
         dbuser = "nextcloud";
-      dbpassFile = "${config.machine.secretPath}/nextcloud_db";
+        dbpassFile = "${cfg.secretPath}/nextcloud_db";
         dbname = "nextcloud";
         dbtableprefix = "oc_";
       };
@@ -26,4 +30,21 @@ mkIf (elem "nextcloud" config.machine.services) {
         redis = false;
       };
     };
+    # Turn Server used for nextcloud-talk
+    # This stuff is still untested.
+    coturn = mkIf (elem "nextcloud-talk" config.machine.services) {
+      # TLS is not needed as WebRTC is already encrypted.
+      enable = true;
+      realm = domain;
+      listening-port = 3478;
+      use-auth-secret = true;
+      extraConfig = ''
+        fingerprint
+        total-quota=100
+        bps-capacity=0
+        stale-nonce
+        no-multicast-peers
+      '';
+    };
+  };
 }