From a3172f477f507b0437518e7b9b205c50ab47b2b7 Mon Sep 17 00:00:00 2001
From: Xavier Lagraula <xavier.lagraula@proton.me>
Date: Wed, 6 May 2026 22:34:10 +0200
Subject: [PATCH] Servers named by service provided instead of by application.

---
 README.md                                     | 23 +++++++++++--------
 .../hosts/servers/rp01/configuration.nix      |  8 +++----
 nixos-infra/modules/machine-types/lxc.nix     |  4 ----
 .../services/reverse-proxy/default.nix        |  3 +--
 nixos-infra/scripts/README.md                 |  2 +-
 5 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index 30b045a..aab87c6 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,7 @@
 | ---------------------------------------------------------| ---------------------------------------------------------------------------------| --------------------------------------------------------|
 | **No flakes**                                           | Simplify onboarding and avoid a steep learning curve.                           | Configuration via `configuration.nix` + `callPackage`. |
 | **Modular structure**                                   | Separate configurations by machine type and service.                            | Clear and maintainable directory tree.                 |
+| **Servers named by service, not by application**        | Indicate what the machine does (git01 = Git forge) rather than the software (Gitea). Allows changing the underlying app without renaming. | Hosts under `hosts/servers/<service>01` (e.g. `git01`, `pass01`, `dns01`). |
 | **`callPackage` for modules**                           | Make modules autonomous, portable, and reusable.                                | Each module is an independent Nix package.             |
 | **Separation of `user-profiles/` and `users/`**         | Distinguish generic roles (e.g., `admin`) from concrete users (e.g., `xavier`). | Flexibility to apply profiles to multiple users.       |
 | **`deploy.sh` script**                                  | Automate deployment on existing machines.                                       | Clone/update the repo + `nixos-rebuild switch`.        |
@@ -58,17 +59,17 @@ nixos-infra/
 │
 ├── hosts/                      # Machine configurations
 │   ├── servers/                # Servers (hypervisors, VMs, LXCs)
-│   │   ├── pve01/            # Hypervisor 1
+│   │   ├── hyper01/           # Hypervisor 1
 │   │   │   └── configuration.nix
-│   │   ├── pve02/            # Hypervisor 2
+│   │   ├── hyper02/           # Hypervisor 2
 │   │   │   └── configuration.nix
 │   │   ├── dns01/              # LXC container for DNS (master)
 │   │   │   └── configuration.nix
 │   │   ├── dns02/              # LXC container for DNS (slave)
 │   │   │   └── configuration.nix
-│   │   ├── gitea01/            # LXC container for Gitea
+│   │   ├── git01/              # LXC container for Git forge (e.g. Gitea)
 │   │   │   └── configuration.nix
-│   │   ├── vaultwarden/        # LXC container for Vaultwarden
+│   │   ├── pass01/             # LXC container for password manager (e.g. Vaultwarden)
 │   │   │   └── configuration.nix
 │   │   └── rp01/               # LXC container for reverse proxy
 │   │       └── configuration.nix
@@ -158,11 +159,12 @@ nixos-infra/
 
 | Name     | Machine Type       | Services    | IPv4 | IPv6 Token |
 | ----------| --------------------| -------------| ------| ------------|
-| pve01    | Hypervisor         | Proxmox     |      |            |
-| pve02    | Hypervisor         | Proxmox     |      |            |
+| hyper01  | Hypervisor         | Proxmox     |      |            |
+| hyper02  | Hypervisor         | Proxmox     |      |            |
 | dns01    | LXC Container      | DNS         |      |            |
-| gitea01  | LXC Container      | Gitea       |      |            |
-| vault01  | LXC Container      | Vaultwarden |      |            |
+| git01    | LXC Container      | Git forge   |      |            |
+| pass01   | LXC Container      | Password mgr|      |            |
+| rp01     | LXC Container      | Reverse proxy|     |            |
 | sting    | Workstation        |             |      |            |
 | PC-FRIDA | Workstation        |             |      |            |
 
@@ -285,8 +287,9 @@ nixos-infra/
 ## **💡 Notes and Best Practices**
 
 - **Naming** :
-  - Use explicit names for machines (e.g., `dns01`, `gitea01`).
-  - For LXC containers, prefer short and descriptive names.
+  - **Servers**: Name by service, not by application (e.g., `git01`, `pass01`, `dns01`).
+  - **Workstations**: Use descriptive hostnames (e.g., `sting`, `gaia`).
+  - **Hypervisors**: Prefix with `hyper` (e.g., `hyper01`, `hyper02`).
 - **Security** :
   - Disable root SSH access once deployment is complete.
   - Use SSH keys for authentication.
diff --git a/nixos-infra/hosts/servers/rp01/configuration.nix b/nixos-infra/hosts/servers/rp01/configuration.nix
index 32d414b..0ebcc6a 100644
--- a/nixos-infra/hosts/servers/rp01/configuration.nix
+++ b/nixos-infra/hosts/servers/rp01/configuration.nix
@@ -3,9 +3,9 @@
 {
   imports = [
     # Module pour les conteneurs LXC
-    (builtins.callPackage ../../../modules/machine-types/lxc.nix {})
+    ../../../modules/machine-types/lxc.nix
     # Module pour le reverse proxy
-    (builtins.callPackage ../../../modules/services/reverse-proxy/default.nix {})
+    ../../../modules/services/reverse-proxy/default.nix
   ];
 
   # Configuration réseau (IPv4 + IPv6)
@@ -19,8 +19,8 @@
 
   # Liste des services à exposer via le reverse proxy
   services.reverse-proxy.publicServices = [
-    { host = "gitea"; internalHost = "gitea01"; port = 3000; }
-    { host = "vaultwarden"; internalHost = "vault01"; port = 80; }
+    { host = "git"; internalHost = "git01"; port = 3000; }
+    { host = "pass"; internalHost = "pass01"; port = 80; }
     # Ajoutez ici d'autres services (ex: dns01, etc.)
   ];
 
diff --git a/nixos-infra/modules/machine-types/lxc.nix b/nixos-infra/modules/machine-types/lxc.nix
index f0a66d3..3000a60 100644
--- a/nixos-infra/modules/machine-types/lxc.nix
+++ b/nixos-infra/modules/machine-types/lxc.nix
@@ -26,10 +26,6 @@
     '';
   };
 
-  # Prise en charge IPv6
-  # TODO : check whether explicitly enabling IPv6 is still encessary in 2026
-  networking.ipv6.forwarding = true;
-
   # Default configuration for a LXC container
   config = lib.mkIf config.lxc.enable {
     # Disabling useless services
diff --git a/nixos-infra/modules/services/reverse-proxy/default.nix b/nixos-infra/modules/services/reverse-proxy/default.nix
index 2fe9cd6..2786b41 100644
--- a/nixos-infra/modules/services/reverse-proxy/default.nix
+++ b/nixos-infra/modules/services/reverse-proxy/default.nix
@@ -27,9 +27,8 @@ in
       virtualHosts = map (service: {
         host = "${service.host}.lagraula.fr";
         reverseProxy = "http://${service.internalHost}.lagraula.fr:${toString service.port}";
-        # Challenge ACME HTTP-01 (par défaut)
         tls = {
-          email = "xavier@lagraula.fr";  # À adapter
+          email = config.services.caddy.email or "xavier@lagraula.fr";
         };
       }) (config.services.reverse-proxy.publicServices or []);
 
diff --git a/nixos-infra/scripts/README.md b/nixos-infra/scripts/README.md
index 7391e17..552d406 100644
--- a/nixos-infra/scripts/README.md
+++ b/nixos-infra/scripts/README.md
@@ -86,7 +86,7 @@ agenix -e secrets/<name>.age
 
 ### `update-nixpkgs.sh` — Update the nixpkgs pin
 
-Updates `pkgs/nixpkgs.json` with the latest commit from nixpkgs unstable.
+Updates `pkgs/nixpkgs.json` with the latest commit from nixpkgs stable.
 
 ## Deployment workflow (LXC containers)