chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: chris:e3238aa60cfa9440249fcdb2ab1b0d4485251fe2
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere
..
compare: chris:5668e1048da9153d17336616c8bcc93fe4ad1911
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere

No commits in common. "e3238aa60cfa9440249fcdb2ab1b0d4485251fe2" and "5668e1048da9153d17336616c8bcc93fe4ad1911" have entirely different histories.
e3238aa60c ... 5668e1048d

12 changed files with 94 additions and 294 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.envrc
View file

@ -1,2 +0,0 @@
# shellcheck shell=bash
use flake

1
.just/machine.just
View file

@ -4,7 +4,6 @@
@list: @list:
ls -1 ../systems/x86_64-linux/ ls -1 ../systems/x86_64-linux/
[no-exit-message]
[doc('Update the target machine')] [doc('Update the target machine')]
@update machine: @update machine:
just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | tr '\n' ' ')" just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | tr '\n' ' ')"

4
.just/vars.just
View file

@ -16,7 +16,7 @@ list machine:
{{ sops }} set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" '"{{ value }}"' {{ sops }} set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" '"{{ value }}"'
git add {{ base_path }}/{{ machine }}/secrets.yml git add {{ base_path }}/{{ machine }}/secrets.yml
git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine}}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null git commit -m 'ops(secrets): set secret "{{ key }}" for machine "{{ machine}}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null
echo "Done" echo "Done"
@ -27,6 +27,6 @@ list machine:
{{ sops }} unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" {{ sops }} unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')"
git add {{ base_path }}/{{ machine }}/secrets.yml git add {{ base_path }}/{{ machine }}/secrets.yml
git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine}}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null git commit -m 'ops(secrets): removed secret "{{ key }}" from machine "{{ machine}}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null
echo "Done" echo "Done"

229
flake.lock generated
View file

@ -68,81 +68,6 @@
"type": "github" "type": "github"
} }
}, },
"clan-core": {
"inputs": {
"data-mesher": "data-mesher",
"disko": "disko",
"flake-parts": "flake-parts",
"nix-darwin": "nix-darwin",
"nix-select": "nix-select",
"nixos-facter-modules": "nixos-facter-modules",
"nixpkgs": [
"nixpkgs"
],
"sops-nix": "sops-nix",
"systems": "systems",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1762254206,
"narHash": "sha256-ZyQUrUSuIUZRmMPzeCXI4vDFhHOLNtGUMBaHXCD6nEQ=",
"rev": "43a7652624e76d60a93325c711d01620801d4382",
"type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/43a7652624e76d60a93325c711d01620801d4382.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"
}
},
"data-mesher": {
"inputs": {
"flake-parts": [
"clan-core",
"flake-parts"
],
"nixpkgs": [
"clan-core",
"nixpkgs"
],
"treefmt-nix": [
"clan-core",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1760612273,
"narHash": "sha256-pP/bSqUHubxAOTI7IHD5ZBQ2Qm11Nb4pXXTPv334UEM=",
"rev": "0099739c78be750b215cbdefafc9ba1533609393",
"type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0099739c78be750b215cbdefafc9ba1533609393.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"clan-core",
"nixpkgs"
]
},
"locked": {
"lastModified": 1761899396,
"narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=",
"owner": "nix-community",
"repo": "disko",
"rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"erosanix": { "erosanix": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -299,27 +224,6 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"clan-core",
"nixpkgs"
]
},
"locked": {
"lastModified": 1762040540,
"narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "0010412d62a25d959151790968765a70c436598b",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nvf", "nvf",
@ -340,7 +244,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_3": { "flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"stylix", "stylix",
@ -361,7 +265,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_4": { "flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"terranix", "terranix",
@ -384,7 +288,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -421,7 +325,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -439,7 +343,7 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -457,7 +361,7 @@
}, },
"flake-utils_4": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1694529238,
@ -660,27 +564,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-darwin": {
"inputs": {
"nixpkgs": [
"clan-core",
"nixpkgs"
]
},
"locked": {
"lastModified": 1762186368,
"narHash": "sha256-dzLBZKccS0jMefj+WAYwsk7gKDluqavC7I4KfFwVh8k=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "69921864a70b58787abf5ba189095566c3f0ffd3",
"type": "github"
},
"original": {
"owner": "nix-darwin",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -723,19 +606,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-select": {
"locked": {
"lastModified": 1755887746,
"narHash": "sha256-lzWbpHKX0WAn/jJDoCijIDss3rqYIPawe46GDaE6U3g=",
"rev": "92c2574c5e113281591be01e89bb9ddb31d19156",
"type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/92c2574c5e113281591be01e89bb9ddb31d19156.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz"
}
},
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1736643958, "lastModified": 1736643958,
@ -766,21 +636,6 @@
"type": "github" "type": "github"
} }
}, },
"nixos-facter-modules": {
"locked": {
"lastModified": 1761137276,
"narHash": "sha256-4lDjGnWRBLwqKQ4UWSUq6Mvxu9r8DSqCCydodW/Jsi8=",
"owner": "nix-community",
"repo": "nixos-facter-modules",
"rev": "70bcd64225d167c7af9b475c4df7b5abba5c7de8",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-facter-modules",
"type": "github"
}
},
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
@ -1010,10 +865,10 @@
"nvf": { "nvf": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts",
"mnw": "mnw", "mnw": "mnw",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_7",
"systems": "systems_5" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1760153667, "lastModified": 1760153667,
@ -1054,7 +909,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"clan-core": "clan-core",
"erosanix": "erosanix", "erosanix": "erosanix",
"fenix": "fenix", "fenix": "fenix",
"firefox": "firefox", "firefox": "firefox",
@ -1071,7 +925,7 @@
"nvf": "nvf", "nvf": "nvf",
"plasma-manager": "plasma-manager", "plasma-manager": "plasma-manager",
"snowfall-lib": "snowfall-lib", "snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix_2", "sops-nix": "sops-nix",
"stylix": "stylix", "stylix": "stylix",
"terranix": "terranix", "terranix": "terranix",
"zen-browser": "zen-browser" "zen-browser": "zen-browser"
@ -1138,27 +992,6 @@
} }
}, },
"sops-nix": { "sops-nix": {
"inputs": {
"nixpkgs": [
"clan-core",
"nixpkgs"
]
},
"locked": {
"lastModified": 1760998189,
"narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"sops-nix_2": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_8"
}, },
@ -1183,11 +1016,11 @@
"base16-helix": "base16-helix", "base16-helix": "base16-helix",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_2",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_9", "nixpkgs": "nixpkgs_9",
"nur": "nur", "nur": "nur",
"systems": "systems_7", "systems": "systems_6",
"tinted-foot": "tinted-foot", "tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty", "tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes", "tinted-schemes": "tinted-schemes",
@ -1313,28 +1146,13 @@
"type": "github" "type": "github"
} }
}, },
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"terranix": { "terranix": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_8" "systems": "systems_7"
}, },
"locked": { "locked": {
"lastModified": 1757278723, "lastModified": 1757278723,
@ -1431,27 +1249,6 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"clan-core",
"nixpkgs"
]
},
"locked": {
"lastModified": 1761311587,
"narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"zen-browser": { "zen-browser": {
"inputs": { "inputs": {
"home-manager": "home-manager_2", "home-manager": "home-manager_2",

9
flake.nix
View file

@ -83,11 +83,6 @@
url = "github:terranix/terranix"; url = "github:terranix/terranix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
clan-core = {
url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = inputs: inputs.snowfall-lib.mkFlake { outputs = inputs: inputs.snowfall-lib.mkFlake {
@ -124,10 +119,6 @@
flux.overlays.default flux.overlays.default
]; ];
systems.modules = with inputs; [
clan-core.nixosModules.default
];
homes.modules = with inputs; [ homes.modules = with inputs; [
stylix.homeModules.stylix stylix.homeModules.stylix
plasma-manager.homeModules.plasma-manager plasma-manager.homeModules.plasma-manager

78
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, namespace, system, inputs, ... }: { config, lib, pkgs, namespace, system, inputs, ... }:
let let
inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs' concatMapAttrs filterAttrsRecursive listToAttrs imap0 head drop length; inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs' concatMapAttrs concatMap listToAttrs imap0 getAttrs getAttr hasAttr typeOf head drop length;
inherit (lib.${namespace}.strings) toSnakeCase; inherit (lib.${namespace}.strings) toSnakeCase;
cfg = config.${namespace}.services.authentication.zitadel; cfg = config.${namespace}.services.authentication.zitadel;
@ -340,7 +340,7 @@ in
# Organizations # Organizations
zitadel_org = cfg.organization |> select [] (name: { isDefault, ... }: zitadel_org = cfg.organization |> select [] (name: { isDefault, ... }:
{ inherit name isDefault; } { inherit name isDefault; }
|> toResource name |> toResource name
); );
# Projects per organization # Projects per organization
@ -348,8 +348,8 @@ in
{ {
inherit name hasProjectCheck privateLabelingSetting projectRoleAssertion projectRoleCheck; inherit name hasProjectCheck privateLabelingSetting projectRoleAssertion projectRoleCheck;
} }
|> withRef "org" org |> withRef "org" org
|> toResource "${org}_${name}" |> toResource "${org}_${name}"
); );
# Each OIDC app per project # Each OIDC app per project
@ -361,26 +361,26 @@ in
idTokenRoleAssertion = true; idTokenRoleAssertion = true;
accessTokenType = "JWT"; accessTokenType = "JWT";
} }
|> withRef "org" org |> withRef "org" org
|> withRef "project" "${org}_${project}" |> withRef "project" "${org}_${project}"
|> toResource "${org}_${project}_${name}" |> toResource "${org}_${project}_${name}"
); );
# Each project role # Each project role
zitadel_project_role = cfg.organization |> select [ "project" "role" ] (org: project: name: value: zitadel_project_role = cfg.organization |> select [ "project" "role" ] (org: project: name: value:
{ inherit (value) displayName group; roleKey = name; } { inherit (value) displayName group; roleKey = name; }
|> withRef "org" org |> withRef "org" org
|> withRef "project" "${org}_${project}" |> withRef "project" "${org}_${project}"
|> toResource "${org}_${project}_${name}" |> toResource "${org}_${project}_${name}"
); );
# Each project role assignment # Each project role assignment
zitadel_user_grant = cfg.organization |> select [ "project" "assign" ] (org: project: user: roles: zitadel_user_grant = cfg.organization |> select [ "project" "assign" ] (org: project: user: roles:
{ roleKeys = roles; } { roleKeys = roles; }
|> withRef "org" org |> withRef "org" org
|> withRef "project" "${org}_${project}" |> withRef "project" "${org}_${project}"
|> withRef "user" "${org}_${user}" |> withRef "user" "${org}_${user}"
|> toResource "${org}_${project}_${user}" |> toResource "${org}_${project}_${user}"
); );
# Users # Users
@ -390,30 +390,24 @@ in
isEmailVerified = true; isEmailVerified = true;
} }
|> withRef "org" org |> withRef "org" org
|> toResource "${org}_${name}" |> toResource "${org}_${name}"
); );
# Global user roles # Global user roles
zitadel_instance_member = zitadel_instance_member = cfg.organization |> select [ "user" ] (org: name: value:
cfg.organization { roles = value.instanceRoles; }
|> filterAttrsRecursive (n: v: !(v ? "instanceRoles" && (length v.instanceRoles) == 0))
|> select [ "user" ] (org: name: { instanceRoles, ... }:
{ roles = instanceRoles; }
|> withRef "user" "${org}_${name}" |> withRef "user" "${org}_${name}"
|> toResource "${org}_${name}" |> toResource "${org}_${name}"
); );
# Organazation specific roles # Organazation specific roles
zitadel_org_member = zitadel_org_member = cfg.organization |> select [ "user" ] (org: name: { roles, ... }:
cfg.organization { inherit roles; }
|> filterAttrsRecursive (n: v: !(v ? "roles" && (length v.roles) == 0))
|> select [ "user" ] (org: name: { roles, ... }:
{ inherit roles; }
|> withRef "org" org |> withRef "org" org
|> withRef "user" "${org}_${name}" |> withRef "user" "${org}_${name}"
|> toResource "${org}_${name}" |> toResource "${org}_${name}"
); );
# Organazation's actions # Organazation's actions
zitadel_action = cfg.organization |> select [ "action" ] (org: name: { timeout, allowedToFail, script, ...}: zitadel_action = cfg.organization |> select [ "action" ] (org: name: { timeout, allowedToFail, script, ...}:
@ -422,27 +416,25 @@ in
timeout = "${toString timeout}s"; timeout = "${toString timeout}s";
script = "const ${name} = ${script}"; script = "const ${name} = ${script}";
} }
|> withRef "org" org |> withRef "org" org
|> toResource "${org}_${name}" |> toResource "${org}_${name}"
); );
# Organazation's action assignments # Organazation's action assignments
zitadel_trigger_actions = zitadel_trigger_actions = cfg.organization
cfg.organization
|> concatMapAttrs (org: { triggers, ... }: |> concatMapAttrs (org: { triggers, ... }:
triggers triggers
|> imap0 (i: { flowType, triggerType, actions, ... }: (let name = "trigger_${toString i}"; in |> imap0 (i: { flowType, triggerType, actions, ... }: (let name = "trigger_${toString i}"; in
{ {
inherit flowType triggerType; inherit flowType triggerType;
actionIds = actionIds = actions
actions |> map (action: (lib.tfRef "zitadel_action.${org}_${toSnakeCase action}.id"));
|> map (action: (lib.tfRef "zitadel_action.${org}_${toSnakeCase action}.id")); }
} |> withRef "org" org
|> withRef "org" org |> toResource "${org}_${name}"
|> toResource "${org}_${name}" ))
)) |> listToAttrs
|> listToAttrs
); );
# SMTP config # SMTP config

2
modules/nixos/services/backup/borg/default.nix
View file

@ -16,7 +16,7 @@ in
paths = "/var/media/test"; paths = "/var/media/test";
encryption.mode = "none"; encryption.mode = "none";
environment.BORG_SSH = "ssh -i /home/chris/.ssh/id_ed25519 -4"; environment.BORG_SSH = "ssh -i /home/chris/.ssh/id_ed25519 -4";
repo = "ssh://chris@beheer.hazelhof.nl:222/media"; repo = "ssh://chris@beheer.hazelhof.nl:222/home/chris/backups/media";
compression = "auto,zstd"; compression = "auto,zstd";
startAt = "daily"; startAt = "daily";
}; };

9
modules/nixos/services/communication/matrix/default.nix
View file

@ -46,8 +46,8 @@ in
precence.enabled = true; precence.enabled = true;
# Since we'll be using OIDC for auth disable all local options # Since we'll be using OIDC for auth disable all local options
enable_registration = false; enable_registration = true;
enable_registration_without_verification = false; enable_registration_without_verification = true;
password_config.enabled = false; password_config.enabled = false;
backchannel_logout_enabled = true; backchannel_logout_enabled = true;
@ -186,11 +186,6 @@ in
- profile - profile
client_id: '${config.sops.placeholder."synapse/oidc_id"}' client_id: '${config.sops.placeholder."synapse/oidc_id"}'
client_secret: '${config.sops.placeholder."synapse/oidc_secret"}' client_secret: '${config.sops.placeholder."synapse/oidc_secret"}'
backchannel_logout_enabled: true
user_mapping_provider:
config:
localpart_template: "{{ user.preferred_username }}"
display_name_template: "{{ user.name }}"
''; '';
restartUnits = [ "matrix-synapse.service" ]; restartUnits = [ "matrix-synapse.service" ];
}; };

2
modules/nixos/services/development/forgejo/default.nix
View file

@ -121,7 +121,7 @@ in
}; };
mirror = { mirror = {
ENABLED = true; ENABLED = false;
}; };
session = { session = {

39
modules/nixos/services/media/default.nix
View file

@ -72,6 +72,12 @@ in
settings = { settings = {
auth.AuthenticationMethod = "External"; auth.AuthenticationMethod = "External";
# postgres = {
# PostgresHost = "localhost";
# PostgresPort = "5432";
# PostgresUser = "media";
# };
}; };
}; };
@ -146,6 +152,39 @@ in
group = cfg.group; group = cfg.group;
}; };
# postgresql = {
# enable = true;
# ensureDatabases = [
# "radarr-main" "radarr-log"
# "sonarr-main" "sonarr-log"
# "lidarr-main" "lidarr-log"
# "prowlarr-main" "prowlarr-log"
# ];
# identMap = ''
# media media radarr-main
# media media radarr-log
# media media sonarr-main
# media media sonarr-log
# media media lidarr-main
# media media lidarr-log
# media media prowlarr-main
# media media prowlarr-log
# '';
# ensureUsers = [
# { name = "radarr-main"; ensureDBOwnership = true; }
# { name = "radarr-log"; ensureDBOwnership = true; }
# { name = "sonarr-main"; ensureDBOwnership = true; }
# { name = "sonarr-log"; ensureDBOwnership = true; }
# { name = "lidarr-main"; ensureDBOwnership = true; }
# { name = "lidarr-log"; ensureDBOwnership = true; }
# { name = "prowlarr-main"; ensureDBOwnership = true; }
# { name = "prowlarr-log"; ensureDBOwnership = true; }
# ];
# };
caddy = { caddy = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {

10
shells/default/default.nix
View file

@ -1,10 +0,0 @@
{ mkShell, inputs, pkgs, ... }:
mkShell {
packages = with pkgs; [
bash
sops
just
inputs.clan-core.packages.x86_64-linux.clan-cli
];
}

3
systems/x86_64-linux/ulmo/default.nix
View file

@ -38,8 +38,7 @@
sneeuwvlok = { sneeuwvlok = {
services = { services = {
backup.borg.enable = true; # authentication.authelia.enable = true;
authentication.zitadel = { authentication.zitadel = {
enable = true; enable = true;