{ pkgs, lib, self, ... }: { _module.args = { pkgs = lib.mkForce (import self.inputs.nixpkgs { system = "x86_64-linux"; overlays = with self.inputs; [ fenix.overlays.default nix-minecraft.overlay flux.overlays.default ]; config = { allowUnfree = true; permittedInsecurePackages = [ # I think this is because of zen "qtwebengine-5.15.19" # For mautrix-signal, the matrix to signal bridge "olm-3.2.16" ]; }; }); }; imports = [ ./disks.nix ./hardware.nix self.inputs.home-manager.nixosModules.home-manager self.inputs.himmelblau.nixosModules.himmelblau self.inputs.jovian.nixosModules.default self.inputs.mydia.nixosModules.default self.inputs.nix-minecraft.nixosModules.minecraft-servers self.inputs.nvf.nixosModules.default self.inputs.sops-nix.nixosModules.sops (self.inputs.import-tree ../../modules/nixos) ]; system.stateVersion = "23.11"; networking = { interfaces.enp2s0 = { ipv6.addresses = [ { address = "2a0d:6e00:1dc9:0::dead:beef"; prefixLength = 64; } ]; useDHCP = true; }; defaultGateway = { address = "192.168.1.1"; interface = "enp2s0"; }; defaultGateway6 = { address = "fe80::1"; interface = "enp2s0"; }; }; # sneeuwvlok = { # services = { # backup.borg.enable = true; # authentication.zitadel = { # enable = true; # organization = { # nix = { # user = { # chris = { # email = "chris@kruining.eu"; # firstName = "Chris"; # lastName = "Kruining"; # roles = ["ORG_OWNER"]; # instanceRoles = ["IAM_OWNER"]; # }; # kaas = { # email = "chris+kaas@kruining.eu"; # firstName = "Kaas"; # lastName = "Kruining"; # }; # }; # project = { # ulmo = { # projectRoleCheck = true; # projectRoleAssertion = true; # hasProjectCheck = true; # role = { # jellyfin = { # group = "jellyfin"; # }; # jellyfin_admin = { # group = "jellyfin"; # }; # }; # assign = { # chris = ["jellyfin" "jellyfin_admin"]; # kaas = ["jellyfin"]; # }; # application = { # jellyfin = { # redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; # grantTypes = ["authorizationCode"]; # responseTypes = ["code"]; # }; # forgejo = { # redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; # grantTypes = ["authorizationCode"]; # responseTypes = ["code"]; # }; # vaultwarden = { # redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; # grantTypes = ["authorizationCode"]; # responseTypes = ["code"]; # exportMap = { # client_id = "SSO_CLIENT_ID"; # client_secret = "SSO_CLIENT_SECRET"; # }; # }; # matrix = { # redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; # grantTypes = ["authorizationCode"]; # responseTypes = ["code"]; # }; # mydia = { # redirectUris = ["http://localhost:2010/auth/oidc/callback"]; # grantTypes = ["authorizationCode"]; # responseTypes = ["code"]; # }; # grafana = { # redirectUris = ["http://localhost:9001/login/generic_oauth"]; # grantTypes = ["authorizationCode"]; # responseTypes = ["code"]; # }; # }; # }; # convex = { # projectRoleCheck = true; # projectRoleAssertion = true; # hasProjectCheck = true; # application = { # scry = { # redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; # grantTypes = ["authorizationCode"]; # responseTypes = ["code"]; # }; # }; # }; # }; # action = { # flattenRoles = { # script = '' # (ctx, api) => { # if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { # return; # } # const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); # api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); # }; # ''; # }; # }; # triggers = [ # { # flowType = "customiseToken"; # triggerType = "preUserinfoCreation"; # actions = ["flattenRoles"]; # } # { # flowType = "customiseToken"; # triggerType = "preAccessTokenCreation"; # actions = ["flattenRoles"]; # } # ]; # }; # }; # }; # communication.matrix.enable = true; # development.forgejo.enable = true; # networking.ssh.enable = true; # networking.caddy.hosts = { # # Expose amarht cloud stuff like this until I have a proper solution # "auth.amarth.cloud" = '' # reverse_proxy http://192.168.1.223:9092 # ''; # "amarth.cloud" = '' # reverse_proxy http://192.168.1.223:8080 # ''; # }; # media.enable = true; # media.glance.enable = true; # media.mydia.enable = true; # media.nfs.enable = true; # media.jellyfin.enable = true; # # media.servarr = { # # radarr = { # # enable = true; # # port = 2001; # # rootFolders = [ # # "/var/media/movies" # # ]; # # }; # # sonarr = { # # enable = true; # # # debug = true; # # port = 2002; # # rootFolders = [ # # "/var/media/series" # # ]; # # }; # # lidarr = { # # enable = true; # # debug = true; # # port = 2003; # # rootFolders = [ # # "/var/media/music" # # ]; # # }; # # prowlarr = { # # enable = true; # # # debug = true; # # port = 2004; # # }; # # }; # observability = { # grafana.enable = true; # prometheus.enable = true; # loki.enable = true; # promtail.enable = true; # # uptime-kuma.enable = true; # }; # security.vaultwarden = { # enable = true; # database = { # # type = "sqlite"; # # file = "/var/lib/vaultwarden/state.db"; # type = "postgresql"; # host = "localhost"; # port = 5432; # sslMode = "disabled"; # }; # }; # }; # editor = { # nano.enable = true; # }; # }; }