refactor(modules): reduce host repetition

modules/notability.nix

@@ -0,0 +1,136 @@
+{lib, ...}: let
+	caddyLib = import ./_lib/caddy.nix;
+	local = import ./_lib/local.nix;
+	secretLib = import ./_lib/secrets.nix {inherit lib;};
+	inherit (local) user;
+	notabilityScripts = ./_notability;
+	tahani = local.hosts.tahani;
+in {
+	den.aspects.notability.nixos = {
+		config,
+		inputs',
+		pkgs,
+		...
+	}: let
+		homeDir = tahani.home;
+		dataRoot = "${homeDir}/.local/share/notability-ingest";
+		stateRoot = "${homeDir}/.local/state/notability-ingest";
+		notesRoot = "${homeDir}/Notes";
+		webdavRoot = "${dataRoot}/webdav-root";
+		userPackages = with pkgs; [
+			qmd
+			poppler-utils
+			rclone
+			sqlite
+			zk
+		];
+		commonPath = with pkgs;
+			[
+				inputs'.llm-agents.packages.pi
+				coreutils
+				inotify-tools
+				nushell
+				util-linux
+			]
+			++ userPackages;
+		commonEnvironment = {
+			HOME = homeDir;
+			NOTABILITY_ARCHIVE_ROOT = "${dataRoot}/archive";
+			NOTABILITY_DATA_ROOT = dataRoot;
+			NOTABILITY_DB_PATH = "${stateRoot}/db.sqlite";
+			NOTABILITY_NOTES_DIR = notesRoot;
+			NOTABILITY_RENDER_ROOT = "${dataRoot}/rendered-pages";
+			NOTABILITY_SESSIONS_ROOT = "${stateRoot}/sessions";
+			NOTABILITY_STATE_ROOT = stateRoot;
+			NOTABILITY_TRANSCRIPT_ROOT = "${stateRoot}/transcripts";
+			NOTABILITY_WEBDAV_ROOT = webdavRoot;
+			XDG_CONFIG_HOME = "${homeDir}/.config";
+		};
+		mkTmpDirRule = path: "d ${path} 0755 ${user.name} users -";
+		mkNotabilityService = {
+			description,
+			script,
+			after ? [],
+			requires ? [],
+			environment ? {},
+		}: {
+			inherit after description requires;
+			wantedBy = ["multi-user.target"];
+			path = commonPath;
+			environment = commonEnvironment // environment;
+			serviceConfig = {
+				ExecStart = "${pkgs.nushell}/bin/nu ${notabilityScripts}/${script}";
+				Group = "users";
+				Restart = "always";
+				RestartSec = 5;
+				User = user.name;
+				WorkingDirectory = homeDir;
+			};
+		};
+	in {
+		sops.secrets.tahani-notability-webdav-password =
+			secretLib.mkUserBinarySecret {
+				name = "tahani-notability-webdav-password";
+				sopsFile = ../secrets/tahani-notability-webdav-password;
+			};
+
+		home-manager.users.${user.name} = {
+			home.packages = userPackages;
+			home.file.".config/qmd/index.yml".text = ''
+				collections:
+				  notes:
+				    path: ${notesRoot}
+				    pattern: "**/*.md"
+			'';
+		};
+
+		systemd.tmpfiles.rules =
+			builtins.map mkTmpDirRule [
+				notesRoot
+				dataRoot
+				webdavRoot
+				"${dataRoot}/archive"
+				"${dataRoot}/rendered-pages"
+				stateRoot
+				"${stateRoot}/jobs"
+				"${stateRoot}/jobs/queued"
+				"${stateRoot}/jobs/running"
+				"${stateRoot}/jobs/failed"
+				"${stateRoot}/jobs/done"
+				"${stateRoot}/jobs/results"
+				"${stateRoot}/sessions"
+				"${stateRoot}/transcripts"
+			];
+
+		services.caddy.virtualHosts =
+			caddyLib.mkTailscaleVHost {
+				name = "tahani";
+				configText = ''
+					handle /notability* {
+						reverse_proxy 127.0.0.1:9980
+					}
+				'';
+			};
+
+		systemd.services.notability-webdav =
+			mkNotabilityService {
+				description = "Notability WebDAV landing zone";
+				script = "webdav.nu";
+				after = ["network.target"];
+				environment = {
+					NOTABILITY_WEBDAV_ADDR = "127.0.0.1:9980";
+					NOTABILITY_WEBDAV_BASEURL = "/notability";
+					NOTABILITY_WEBDAV_PASSWORD_FILE = config.sops.secrets.tahani-notability-webdav-password.path;
+					NOTABILITY_WEBDAV_USER = "notability";
+				};
+			};
+
+		systemd.services.notability-watch =
+			mkNotabilityService {
+				description = "Watch and ingest Notability WebDAV uploads";
+				script = "watch.nu";
+				after = ["notability-webdav.service"];
+				requires = ["notability-webdav.service"];
+			};
+	};
+}