84cc5ff5c4
Some checks failed
Test action / kaas (push) Failing after 1s
WOOP WOOP, it all works! now the next, big, huge, giant, hurdle to overcome is the chicken and egg problem of needing zitadel to generate values that I need inside the nix config of synapse, forgejo, and jellyfin
111 lines
2.6 KiB
Nix
111 lines
2.6 KiB
Nix
{ ... }:
|
|
{
|
|
imports = [
|
|
./disks.nix
|
|
./hardware.nix
|
|
];
|
|
|
|
networking = {
|
|
interfaces.enp2s0 = {
|
|
ipv6.addresses = [
|
|
{ address = "2a0d:6e00:1dc9:0::dead:beef"; prefixLength = 64; }
|
|
];
|
|
|
|
useDHCP = true;
|
|
};
|
|
|
|
defaultGateway = {
|
|
address = "192.168.1.1";
|
|
interface = "enp2s0";
|
|
};
|
|
|
|
defaultGateway6 = {
|
|
address = "fe80::1";
|
|
interface = "enp2s0";
|
|
};
|
|
};
|
|
|
|
# Expose amarht cloud stuff like this until I have a proper solution
|
|
services.caddy.virtualHosts = {
|
|
"auth.amarth.cloud".extraConfig = ''
|
|
reverse_proxy http://192.168.1.223:9092
|
|
'';
|
|
|
|
"amarth.cloud".extraConfig = ''
|
|
reverse_proxy http://192.168.1.223:8080
|
|
'';
|
|
};
|
|
|
|
sneeuwvlok = {
|
|
services = {
|
|
# authentication.authelia.enable = true;
|
|
authentication.zitadel = {
|
|
enable = true;
|
|
|
|
organization = {
|
|
nix = {
|
|
user = {
|
|
chris = {
|
|
email = "chris@kruining.eu";
|
|
firstName = "Chris";
|
|
lastName = "Kruining";
|
|
|
|
roles = [ "ORG_OWNER" ];
|
|
instanceRoles = [ "IAM_OWNER" ];
|
|
};
|
|
};
|
|
|
|
project = {
|
|
ulmo = {
|
|
application = {
|
|
jellyfin = {
|
|
redirectUris = [ "https://jellyfin.kruining.eu/sso/OID/redirect/zitadel" ];
|
|
grantTypes = [ "authorizationCode" ];
|
|
responseTypes = [ "code" ];
|
|
};
|
|
|
|
forgejo = {
|
|
redirectUris = [ "https://git.amarth.cloud/user/oauth2/zitadel/callback" ];
|
|
grantTypes = [ "authorizationCode" ];
|
|
responseTypes = [ "code" ];
|
|
};
|
|
|
|
matrix = {
|
|
redirectUris = [ "https://matrix.kruining.eu/_synapse/client/oidc/callback" ];
|
|
grantTypes = [ "authorizationCode" ];
|
|
responseTypes = [ "code" ];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
communication.matrix.enable = true;
|
|
|
|
development.forgejo.enable = true;
|
|
|
|
networking.ssh.enable = true;
|
|
|
|
media.enable = true;
|
|
media.homer.enable = true;
|
|
media.nfs.enable = true;
|
|
|
|
observability = {
|
|
grafana.enable = true;
|
|
prometheus.enable = true;
|
|
loki.enable = true;
|
|
promtail.enable = true;
|
|
};
|
|
|
|
security.vaultwarden.enable = true;
|
|
};
|
|
|
|
editor = {
|
|
nano.enable = true;
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|