From 30f17f692c3b58cea67b653a129a0ac246da50b6 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 13 Aug 2025 08:50:26 +0200 Subject: [PATCH] fix various bugs --- .../{authelia.nix => authelia/default.nix} | 0 .../nixos/services/authentication/default.nix | 1 - .../default.nix} | 0 .../{zitadel.nix => zitadel/default.nix} | 3 +- .../services/development/forgejo/default.nix | 51 ++++++++++--------- modules/nixos/services/media/default.nix | 6 ++- .../services/media/nextcloud/default.nix | 4 +- modules/nixos/services/media/nfs/default.nix | 4 +- .../nixos/system/security/sops/default.nix | 2 +- .../nixos/system/security/sudo/default.nix | 5 +- 10 files changed, 40 insertions(+), 36 deletions(-) rename modules/nixos/services/authentication/{authelia.nix => authelia/default.nix} (100%) delete mode 100644 modules/nixos/services/authentication/default.nix rename modules/nixos/services/authentication/{himmelblau.nix => himmelblau/default.nix} (100%) rename modules/nixos/services/authentication/{zitadel.nix => zitadel/default.nix} (93%) diff --git a/modules/nixos/services/authentication/authelia.nix b/modules/nixos/services/authentication/authelia/default.nix similarity index 100% rename from modules/nixos/services/authentication/authelia.nix rename to modules/nixos/services/authentication/authelia/default.nix diff --git a/modules/nixos/services/authentication/default.nix b/modules/nixos/services/authentication/default.nix deleted file mode 100644 index c157af7..0000000 --- a/modules/nixos/services/authentication/default.nix +++ /dev/null @@ -1 +0,0 @@ -{ ... }: {} diff --git a/modules/nixos/services/authentication/himmelblau.nix b/modules/nixos/services/authentication/himmelblau/default.nix similarity index 100% rename from modules/nixos/services/authentication/himmelblau.nix rename to modules/nixos/services/authentication/himmelblau/default.nix diff --git a/modules/nixos/services/authentication/zitadel.nix b/modules/nixos/services/authentication/zitadel/default.nix similarity index 93% rename from modules/nixos/services/authentication/zitadel.nix rename to modules/nixos/services/authentication/zitadel/default.nix index 6142857..1422b4f 100644 --- a/modules/nixos/services/authentication/zitadel.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -21,7 +21,8 @@ in zitadel = { enable = true; openFirewall = true; - masterKeyFile = config.sops.secrets."zitadel/masterKey".path; + # masterKeyFile = config.sops.secrets."zitadel/masterKey".path; + masterKeyFile = "/var/lib/zitadel/master_key"; tlsMode = "external"; settings = { Port = 9092; diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo/default.nix index a773249..baa70cb 100644 --- a/modules/nixos/services/development/forgejo/default.nix +++ b/modules/nixos/services/development/forgejo/default.nix @@ -3,7 +3,7 @@ let inherit (lib) mkIf mkEnableOption; cfg = config.${namespace}.services.development.forgejo; - svr = cfg.settings.server; + domain = "git.kruining.eu"; in { options.${namespace}.services.development.forgejo = { @@ -18,7 +18,8 @@ in settings = { server = { - # DOMAIN = ""; + DOMAIN = domain; + ROOT_URL = "https://${domain}/"; HTTP_PORT = 5002; }; @@ -28,10 +29,10 @@ in SHOW_REGISTRATION_BUTTON = false; }; - actions = { - ENABLED = true; - DEFAULT_ACTIONS_URL = "forgejo"; - }; + # actions = { + # ENABLED = true; + # DEFAULT_ACTIONS_URL = "forgejo"; + # }; session = { COOKIE_SECURE = true; @@ -39,29 +40,29 @@ in }; }; - gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; - instances.default = { - enable = true; - name = "monolith"; - url = "https://git.kruining.eu"; - # Obtaining the path to the runner token file may differ - # tokenFile should be in format TOKEN=, since it's EnvironmentFile for systemd - tokenFile = config.age.secrets.forgejo-runner-token.path; - labels = [ - "ubuntu-latest:docker://node:16-bullseye" - "ubuntu-22.04:docker://node:16-bullseye" - "ubuntu-20.04:docker://node:16-bullseye" - "ubuntu-18.04:docker://node:16-buster" - "native:host" - ]; - }; - }; + # gitea-actions-runner = { + # package = pkgs.forgejo-actions-runner; + # instances.default = { + # enable = true; + # name = "monolith"; + # url = "https://git.kruining.eu"; + # # Obtaining the path to the runner token file may differ + # # tokenFile should be in format TOKEN=, since it's EnvironmentFile for systemd + # tokenFile = config.age.secrets.forgejo-runner-token.path; + # labels = [ + # "ubuntu-latest:docker://node:16-bullseye" + # "ubuntu-22.04:docker://node:16-bullseye" + # "ubuntu-20.04:docker://node:16-bullseye" + # "ubuntu-18.04:docker://node:16-buster" + # "native:host" + # ]; + # }; + # }; caddy = { enable = true; virtualHosts = { - "git.kruining.eu".extraConfig = '' + ${domain}.extraConfig = '' import auth reverse_proxy http://127.0.0.1:5002 diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index 3909cd9..f76e4ae 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -78,7 +78,11 @@ in sonarr = serviceConf; bazarr = serviceConf; lidarr = serviceConf; - flaresolverr = serviceConf; + + flaresolverr = { + enable = true; + openFirewall = true; + }; jellyseerr = { enable = true; diff --git a/modules/nixos/services/media/nextcloud/default.nix b/modules/nixos/services/media/nextcloud/default.nix index 658a5b4..14d6863 100644 --- a/modules/nixos/services/media/nextcloud/default.nix +++ b/modules/nixos/services/media/nextcloud/default.nix @@ -6,7 +6,7 @@ let cfg = config.${namespace}.services.media.nextcloud; in { - options.modules.services.nextcloud = { + options.${namespace}.services.media.nextcloud = { enable = mkEnableOption "Nextcloud"; user = mkOption { @@ -40,7 +40,7 @@ in services.nextcloud = { enable = true; - webserver = "caddy"; + # webserver = "caddy"; package = pkgs.nextcloud31; hostName = "localhost"; diff --git a/modules/nixos/services/media/nfs/default.nix b/modules/nixos/services/media/nfs/default.nix index 7674e69..54b58e7 100644 --- a/modules/nixos/services/media/nfs/default.nix +++ b/modules/nixos/services/media/nfs/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.media.nfs; + cfg = config.${namespace}.services.media.nfs; in { - options.${namespace}.media.nfs = { + options.${namespace}.services.media.nfs = { enable = mkEnableOption "Enable NFS"; }; diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops/default.nix index a75856d..68ab4ca 100644 --- a/modules/nixos/system/security/sops/default.nix +++ b/modules/nixos/system/security/sops/default.nix @@ -13,7 +13,7 @@ in environment.systemPackages = with pkgs; [ sops ]; sops = { - defaultSopsFile = ../../../../secrets/secrets.yaml; + defaultSopsFile = ../../../../../_secrets/secrets.yaml; defaultSopsFormat = "yaml"; age.keyFile = "/home/"; diff --git a/modules/nixos/system/security/sudo/default.nix b/modules/nixos/system/security/sudo/default.nix index 6dedf50..b79efbc 100644 --- a/modules/nixos/system/security/sudo/default.nix +++ b/modules/nixos/system/security/sudo/default.nix @@ -14,9 +14,8 @@ in sudo-rs = { enable = true; - extraConfig = '' - Defaults env_keep += "EDITOR PATH DISPLAY" - ''; + execWheelOnly = true; + extraConfig = ''Defaults env_keep += "EDITOR PATH DISPLAY"''; }; }; };