chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

kaas

Browse source
This commit is contained in:
Chris Kruining 2025-12-01 14:14:32 +01:00 committed by chris
parent e6829d99ce
commit afbf168c35
16 changed files with 541 additions and 467 deletions
Download patch file Download diff file Expand all files Collapse all files

129
flake.lock generated
View file

@ -402,7 +402,7 @@
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_4"
"flake-utils": "flake-utils_5"
},
"locked": {
"lastModified": 1715533576,
@ -457,7 +457,25 @@
},
"flake-utils_4": {
"inputs": {
"systems": "systems_6"
"systems": "systems_5"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1694529238,
@ -662,6 +680,25 @@
"type": "github"
}
},
"mydia": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1764568388,
"narHash": "sha256-kl8165eI0lUz9E96sdreZ48/nApydDfJP8IksjBveAw=",
"owner": "getmydia",
"repo": "mydia",
"rev": "74f0cf9a8ca782581ec0a35acf6526fccfbb6e2a",
"type": "github"
},
"original": {
"owner": "getmydia",
"repo": "mydia",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
@ -708,8 +745,8 @@
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5"
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1764556167,
@ -856,6 +893,22 @@
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1762977756,
"narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1764547213,
@ -905,6 +958,22 @@
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1764242076,
"narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
@ -920,7 +989,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1764517877,
"narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",
@ -936,7 +1005,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1761880412,
"narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=",
@ -952,7 +1021,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1764445028,
"narHash": "sha256-ik6H/0Zl+qHYDKTXFPpzuVHSZE+uvVz2XQuQd1IVXzo=",
@ -968,22 +1037,6 @@
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1762977756,
"narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": [
@ -1014,8 +1067,8 @@
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_2",
"mnw": "mnw",
"nixpkgs": "nixpkgs_7",
"systems": "systems_5"
"nixpkgs": "nixpkgs_8",
"systems": "systems_6"
},
"locked": {
"lastModified": 1762622004,
@ -1065,11 +1118,12 @@
"himmelblau": "himmelblau",
"home-manager": "home-manager",
"jovian": "jovian",
"mydia": "mydia",
"nix-minecraft": "nix-minecraft",
"nixos-boot": "nixos-boot",
"nixos-generators": "nixos-generators",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"nvf": "nvf",
"plasma-manager": "plasma-manager",
"snowfall-lib": "snowfall-lib",
@ -1162,7 +1216,7 @@
},
"sops-nix_2": {
"inputs": {
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1764483358,
@ -1187,9 +1241,9 @@
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_3",
"gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_10",
"nur": "nur",
"systems": "systems_7",
"systems": "systems_8",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
@ -1330,13 +1384,28 @@
"type": "github"
}
},
"systems_9": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"terranix": {
"inputs": {
"flake-parts": "flake-parts_4",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_8"
"systems": "systems_9"
},
"locked": {
"lastModified": 1762472226,

75
flake.nix
View file

@ -88,49 +88,54 @@
url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
mydia = {
url = "github:getmydia/mydia";
};
};
outputs = inputs: inputs.snowfall-lib.mkFlake {
inherit inputs;
src = ./.;
outputs = inputs:
inputs.snowfall-lib.mkFlake {
inherit inputs;
src = ./.;
snowfall = {
namespace = "sneeuwvlok";
snowfall = {
namespace = "sneeuwvlok";
meta = {
name = "sneeuwvlok";
title = "Sneeuwvlok";
meta = {
name = "sneeuwvlok";
title = "Sneeuwvlok";
};
};
};
channels-config = {
allowUnfree = true;
permittedInsecurePackages = [
# Due to *arr stack
"dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36"
channels-config = {
allowUnfree = true;
permittedInsecurePackages = [
# Due to *arr stack
"dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36"
# I think this is because of zen
"qtwebengine-5.15.19"
# I think this is because of zen
"qtwebengine-5.15.19"
# For Nheko, the matrix client
"olm-3.2.16"
# For Nheko, the matrix client
"olm-3.2.16"
];
};
overlays = with inputs; [
fenix.overlays.default
nix-minecraft.overlay
flux.overlays.default
];
systems.modules = with inputs; [
clan-core.nixosModules.default
];
homes.modules = with inputs; [
stylix.homeModules.stylix
plasma-manager.homeModules.plasma-manager
];
};
overlays = with inputs; [
fenix.overlays.default
nix-minecraft.overlay
flux.overlays.default
];
systems.modules = with inputs; [
clan-core.nixosModules.default
];
homes.modules = with inputs; [
stylix.homeModules.stylix
plasma-manager.homeModules.plasma-manager
];
};
}

2
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -23,7 +23,7 @@ in
default = false;
example = "true";
description = ''
True sets the org as default org for the instance. Only one org can be default org.
True sets the '${org}' org as default org for the instance. Only one org can be default org.
Nothing happens if you set it to false until you set another org as default org.
'';
};

24
modules/nixos/services/communication/matrix/default.nix
View file

@ -1,5 +1,10 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
namespace,
...
}: let
inherit (builtins) toString toJSON;
inherit (lib) mkIf mkEnableOption;
@ -10,8 +15,7 @@ let
port = 4001;
database = "synapse";
in
{
in {
options.${namespace}.services.communication.matrix = {
enable = mkEnableOption "Matrix server (Synapse)";
};
@ -22,13 +26,13 @@ in
# virtualisation.podman.enable = true;
};
networking.firewall.allowedTCPPorts = [ 4001 ];
networking.firewall.allowedTCPPorts = [4001];
services = {
matrix-synapse = {
enable = true;
extras = [ "oidc" ];
extras = ["oidc"];
extraConfigFiles = [
config.sops.templates."synapse-oidc.yaml".path
@ -52,7 +56,7 @@ in
backchannel_logout_enabled = true;
sso = {
client_whitelist = [ "http://[::1]:9092" ];
client_whitelist = ["http://[::1]:9092"];
update_profile_information = true;
};
@ -75,7 +79,7 @@ in
resources = [
{
names = [ "client" "federation" "openid" "metrics" "media" "health" ];
names = ["client" "federation" "openid" "metrics" "media" "health"];
compress = true;
}
];
@ -132,7 +136,7 @@ in
postgresql = {
enable = true;
ensureDatabases = [ database ];
ensureDatabases = [database];
ensureUsers = [
{
name = database;
@ -192,7 +196,7 @@ in
localpart_template: "{{ user.preferred_username }}"
display_name_template: "{{ user.name }}"
'';
restartUnits = [ "matrix-synapse.service" ];
restartUnits = ["matrix-synapse.service"];
};
};
};

20
modules/nixos/services/development/forgejo/default.nix
View file

@ -1,12 +1,16 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
namespace,
...
}: let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption;
cfg = config.${namespace}.services.development.forgejo;
domain = "git.amarth.cloud";
in
{
in {
options.${namespace}.services.development.forgejo = {
enable = mkEnableOption "Forgejo";
@ -26,7 +30,7 @@ in
virtualisation.podman.enable = true;
};
environment.systemPackages = with pkgs; [ forgejo ];
environment.systemPackages = with pkgs; [forgejo];
services = {
forgejo = {
@ -141,7 +145,7 @@ in
};
};
openssh.settings.AllowUsers = [ "forgejo" ];
openssh.settings.AllowUsers = ["forgejo"];
gitea-actions-runner = {
package = pkgs.forgejo-runner;
@ -184,14 +188,14 @@ in
"forgejo/action_runner_token" = {
owner = "gitea-runner";
group = "gitea-runner";
restartUnits = [ "gitea-runner-default.service" ];
restartUnits = ["gitea-runner-default.service"];
};
"forgejo/email" = {
owner = "forgejo";
group = "forgejo";
key = "email/chris_kruining_eu";
restartUnits = [ "forgejo.service" ];
restartUnits = ["forgejo.service"];
};
};
};

51
modules/nixos/services/media/mydia/default.nix Normal file
View file

@ -0,0 +1,51 @@
{
config,
lib,
namespace,
inputs,
system,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.mydia;
in {
imports = [
inputs.mydia.nixosModules.default
];
options.${namespace}.services.media.mydia = {
enable = mkEnableOption "Enable Mydia";
};
config = mkIf cfg.enable {
services.mydia = {
enable = true;
package = inputs.mydia.packages.${system}.default;
port = 2010;
openFirewall = true;
secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path;
guardianSecretKeyFile = config.sops.secrets."mydia/guardian_secret".path;
oidc = {
enable = true;
issuer = "https://auth.kruining.eu";
clientIdFile = config.sops.secrets."mydia/oidc_id".path;
clientSecretFile = config.sops.secrets."mydia/oidc_secret".path;
scopes = ["openid" "profile" "email"];
};
};
sops.secrets =
["secret_key_base" "guardian_secret" "oidc_id" "oidc_secret"]
|> lib.map (name:
lib.nameValuePair "mydia/${name}" {
owner = config.services.mydia.user;
group = config.services.mydia.group;
restartUnits = ["mydia.service"];
})
|> lib.listToAttrs;
};
}

103
modules/nixos/services/media/servarr/default.nix
View file

@ -1,14 +1,20 @@
{ pkgs, config, lib, namespace, inputs, system, ... }:
let
{
pkgs,
config,
lib,
namespace,
inputs,
system,
...
}: let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.servarr;
in
{
in {
options.${namespace}.services.media = {
servarr = mkOption {
type = types.attrsOf (types.submodule ({ name, ... }: {
type = types.attrsOf (types.submodule ({name, ...}: {
options = {
enable = mkEnableOption "Enable ${name}";
debug = mkEnableOption "Use tofu plan instead of tofu apply for ${name} ";
@ -30,7 +36,11 @@ in
config = {
services =
cfg
|> lib.mapAttrsToList (service: { enable, port, ... }: (mkIf enable {
|> lib.mapAttrsToList (service: {
enable,
port,
...
}: (mkIf enable {
"${service}" = {
enable = true;
openFirewall = true;
@ -58,31 +68,44 @@ in
};
}))
|> lib.mergeAttrsList
|> (set: set // {
postgresql = {
ensureDatabases = cfg |> lib.attrNames;
ensureUsers = cfg |> lib.attrNames |> lib.map (service: {
name = service;
ensureDBOwnership = true;
});
};
})
;
|> (set:
set
// {
postgresql = {
ensureDatabases = cfg |> lib.attrNames;
ensureUsers =
cfg
|> lib.attrNames
|> lib.map (service: {
name = service;
ensureDBOwnership = true;
});
};
});
systemd =
cfg
|> lib.mapAttrsToList (service: { enable, debug, port, rootFolders, ... }: (mkIf enable {
|> lib.mapAttrsToList (service: {
enable,
debug,
port,
rootFolders,
...
}: (mkIf enable {
tmpfiles.rules = [
"d /var/lib/${service}ApplyTerraform 0755 ${service} ${service} -"
];
services."${service}ApplyTerraform" =
let
services."${service}ApplyTerraform" = let
terraformConfiguration = inputs.terranix.lib.terranixConfiguration {
inherit system;
modules = [
({ config, lib, ... }: {
({
config,
lib,
...
}: {
config = {
variable = {
api_key = {
@ -104,20 +127,18 @@ in
resource = {
"${service}_root_folder" =
rootFolders
|> lib.imap (i: f: lib.nameValuePair "local${toString i}" { path = f; })
|> lib.listToAttrs
;
|> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;})
|> lib.listToAttrs;
};
};
})
];
};
in
{
in {
description = "${service} terraform apply";
wantedBy = [ "multi-user.target" ];
wants = [ "${service}.service" ];
wantedBy = ["multi-user.target"];
wants = ["${service}.service"];
script = ''
#!/usr/bin/env bash
@ -141,7 +162,11 @@ in
# Run the infrastructure code
${lib.getExe pkgs.opentofu} \
${if debug then "plan" else "apply -auto-approve"} \
${
if debug
then "plan"
else "apply -auto-approve"
} \
-var-file='${config.sops.templates."${service}/config.tfvars".path}'
'';
@ -158,31 +183,29 @@ in
};
};
}))
|> lib.mergeAttrsList
;
|> lib.mergeAttrsList;
users.users =
cfg
|> lib.mapAttrsToList (service: { enable, ... }: (mkIf enable {
"${service}".extraGroups = [ "media" ];
|> lib.mapAttrsToList (service: {enable, ...}: (mkIf enable {
"${service}".extraGroups = ["media"];
}))
|> lib.mergeAttrsList
;
|> lib.mergeAttrsList;
sops =
cfg
|> lib.mapAttrsToList (service: { enable, ... }: (mkIf enable {
|> lib.mapAttrsToList (service: {enable, ...}: (mkIf enable {
secrets."${service}/apikey" = {
owner = service;
group = service;
restartUnits = [ "${service}.service" ];
restartUnits = ["${service}.service"];
};
templates = {
"${service}/config.env" = {
owner = service;
group = service;
restartUnits = [ "${service}.service" ];
restartUnits = ["${service}.service"];
content = ''
${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}"
'';
@ -191,18 +214,16 @@ in
"${service}/config.tfvars" = {
owner = service;
group = service;
restartUnits = [ "${service}.service" ];
restartUnits = ["${service}.service"];
content = ''
api_key = "${config.sops.placeholder."${service}/apikey"}"
'';
};
};
}))
|> lib.mergeAttrsList
;
|> lib.mergeAttrsList;
};
# cfg
# |> lib.mapAttrsToList (service: { enable, debug, port, rootFolders, ... }: (mkIf enable {

7
modules/nixos/shells/default.nix
View file

@ -1,2 +1,5 @@
{ ... }:
{}
{...}: {
config = {
programs.bash.enableCompletion = true;
};
}

101
packages/mydia/default.nix
View file

@ -1,101 +0,0 @@
{
lib,
fetchFromGitHub,
pkgs,
stdenv,
...
}: let
erlang = pkgs.beam.packagesWith pkgs.beam.interpreters.erlang;
erlangSystem =
{
aarch64-darwin = "macos-arm64";
aarch64-linux = "linux-arm64";
armv7l-linux = "linux-armv7";
x86_64-darwin = "macos-x64";
x86_64-linux = "linux-x64";
}
.${
stdenv.hostPlatform.system
};
version = "v0.6.0";
pname = "mydia";
src = fetchFromGitHub {
owner = "getmydia";
repo = "mydia";
rev = version;
hash = "sha256-JGT52ulnqcx8o+3e0l50TLAwLIWXEI8nwFGUsA95vH0=";
};
mixFodDeps = erlang.fetchMixDeps {
inherit version src;
pname = "mix-deps-${pname}-${version}";
hash = "sha256-19q56IZe8YjuUBXirFGgmBsewJ0cmdOoO1yfiMaWGWk=";
};
npmFodDeps = pkgs.fetchNpmDeps {
src = "${src}/assets";
hash = "sha256-0cz75pxhxvzo1RogsV8gTP6GrgLIboWQXcKpq42JZ6o=";
};
in
erlang.mixRelease {
inherit pname version src mixFodDeps;
enableDebugInfo = true;
nativeBuildInputs = with pkgs; [
which
ffmpeg_6
fdk_aac
sqlite
postgresql
tailwindcss_4
esbuild
pkg-config
];
env = {
EXQLITE_USE_SYSTEM = "1";
EXQLITE_SYSTEM_CFLAGS = "-I${pkgs.sqlite.dev}/include";
EXQLITE_SYSTEM_LDFLAGS = "-L${pkgs.sqlite.out}/lib -lsqlite3";
DATABASE_TYPE = "postgres";
};
preInstall = ''
ln -s ${lib.getExe pkgs.tailwindcss_4} _build/tailwind-${erlangSystem}
ln -s ${lib.getExe pkgs.esbuild} _build/esbuild-${erlangSystem}
ln -s ${npmFodDeps} assets/node_modules
mix do \
deps.loadpaths --no-deps-check, \
tailwind default --minify + esbuild default --minify + phx.digest, \
assets.deploy
'';
meta = {
description = "Your personal media companion, built with Phoenix LiveView";
longDescription = ''
A modern, self-hosted media management platform for tracking, organizing, and monitoring your media library.
# ✨ Features
- 📺 Unified Media Management Track both movies and TV shows with rich metadata from TMDB/TVDB
- 🤖 Automated Downloads Background search and download with quality profiles and smart release ranking
- Download Clients qBittorrent, Transmission, SABnzbd, and NZBGet support
- 🔎 Indexer Integration Search via Prowlarr and Jackett for finding releases
- 📚 Built-in Indexer Library Native Cardigann support (experimental, limited testing)
- 👥 Multi-User System Built-in admin/guest roles with request approval workflow
- 🔐 SSO Support Local authentication plus OIDC/OpenID Connect integration
- 🔔 Release Calendar Track upcoming releases and monitor episodes
- 🎨 Modern Real-Time UI Phoenix LiveView with instant updates and responsive design
'';
homepage = "https://github.com/getmydia/mydia";
changelog = "https://github.com/getmydia/mydia/releases";
license = lib.licenses.agpl3Only;
maintainers = [];
platforms = lib.platforms.all;
mainProgram = pname;
};
}

1
shells/default/default.nix
View file

@ -15,6 +15,7 @@ mkShell {
alejandra
nil
nixd
openssl
inputs.clan-core.packages.${stdenv.hostPlatform.system}.clan-cli
];
}

59
systems/x86_64-linux/ulmo/default.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
imports = [
./disks.nix
./hardware.nix
@ -8,7 +7,10 @@
networking = {
interfaces.enp2s0 = {
ipv6.addresses = [
{ address = "2a0d:6e00:1dc9:0::dead:beef"; prefixLength = 64; }
{
address = "2a0d:6e00:1dc9:0::dead:beef";
prefixLength = 64;
}
];
useDHCP = true;
@ -51,8 +53,8 @@
firstName = "Chris";
lastName = "Kruining";
roles = [ "ORG_OWNER" ];
instanceRoles = [ "IAM_OWNER" ];
roles = ["ORG_OWNER"];
instanceRoles = ["IAM_OWNER"];
};
kaas = {
@ -78,27 +80,27 @@
};
assign = {
chris = [ "jellyfin" "jellyfin_admin" ];
kaas = [ "jellyfin" ];
chris = ["jellyfin" "jellyfin_admin"];
kaas = ["jellyfin"];
};
application = {
jellyfin = {
redirectUris = [ "https://jellyfin.kruining.eu/sso/OID/redirect/zitadel" ];
grantTypes = [ "authorizationCode" ];
responseTypes = [ "code" ];
redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
};
forgejo = {
redirectUris = [ "https://git.amarth.cloud/user/oauth2/zitadel/callback" ];
grantTypes = [ "authorizationCode" ];
responseTypes = [ "code" ];
redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
};
vaultwarden = {
redirectUris = [ "https://vault.kruining.eu/identity/connect/oidc-signin" ];
grantTypes = [ "authorizationCode" ];
responseTypes = [ "code" ];
redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
exportMap = {
client_id = "SSO_CLIENT_ID";
client_secret = "SSO_CLIENT_SECRET";
@ -106,9 +108,15 @@
};
matrix = {
redirectUris = [ "https://matrix.kruining.eu/_synapse/client/oidc/callback" ];
grantTypes = [ "authorizationCode" ];
responseTypes = [ "code" ];
redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
};
mydia = {
redirectUris = ["http://localhost:2010/auth/oidc/callback"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
};
};
};
@ -131,8 +139,16 @@
};
triggers = [
{ flowType = "customiseToken"; triggerType = "preUserinfoCreation"; actions = [ "flattenRoles" ]; }
{ flowType = "customiseToken"; triggerType = "preAccessTokenCreation"; actions = [ "flattenRoles" ]; }
{
flowType = "customiseToken";
triggerType = "preUserinfoCreation";
actions = ["flattenRoles"];
}
{
flowType = "customiseToken";
triggerType = "preAccessTokenCreation";
actions = ["flattenRoles"];
}
];
};
};
@ -146,6 +162,7 @@
media.enable = true;
media.homer.enable = true;
media.mydia.enable = true;
media.nfs.enable = true;
media.servarr = {
# radarr = {