chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sneeuwvlok/machines/ulmo/configuration.nix
Chris Kruining a7a1763fe0
wiiiiips
2026-03-25 16:26:04 +01:00

301 lines
8.4 KiB
Nix
Raw Blame History

{
pkgs,
inputs,
...
}: {
imports = [
./disks.nix
./hardware.nix
../../modules/nixos
];
sneeuwvlok.application.steam.enable = true;
nixpkgs.hostPlatform = "x86_64-linux";
system.stateVersion = "23.11";
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = false;
efi.canTouchEfiVariables = true;
grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = false;
device = "nodev"; # INFO: https://discourse.nixos.org/t/question-about-grub-and-nodev
};
};
supportedFilesystems = ["nfs"];
};
# sneeuwvlok.application.steam.enable = true;
# networking = {
# interfaces.enp2s0 = {
# ipv6.addresses = [
# {
# address = "2a0d:6e00:1dc9:0::dead:beef";
# prefixLength = 64;
# }
# ];
# useDHCP = true;
# };
# defaultGateway = {
# address = "192.168.1.1";
# interface = "enp2s0";
# };
# defaultGateway6 = {
# address = "fe80::1";
# interface = "enp2s0";
# };
# };
# # virtualisation = {
# # containers.enable = true;
# # podman = {
# # enable = true;
# # dockerCompat = true;
# # };
# # oci-containers = {
# # backend = "podman";
# # containers = {
# # homey = {
# # image = "ghcr.io/athombv/homey-shs:latest";
# # autoStart = true;
# # privileged = true;
# # volumes = [
# # "/home/chris/.homey-shs:/homey/user"
# # ];
# # ports = [
# # "4859:4859"
# # ];
# # };
# # };
# # };
# # };
# # sneeuwvlok = {
# # services = {
# # backup.borg.enable = true;
# # authentication.zitadel = {
# # enable = true;
# # organization = {
# # nix = {
# # user = {
# # chris = {
# # email = "chris@kruining.eu";
# # firstName = "Chris";
# # lastName = "Kruining";
# # roles = ["ORG_OWNER"];
# # instanceRoles = ["IAM_OWNER"];
# # };
# # kaas = {
# # email = "chris+kaas@kruining.eu";
# # firstName = "Kaas";
# # lastName = "Kruining";
# # };
# # };
# # project = {
# # ulmo = {
# # projectRoleCheck = true;
# # projectRoleAssertion = true;
# # hasProjectCheck = true;
# # role = {
# # jellyfin = {
# # group = "jellyfin";
# # };
# # jellyfin_admin = {
# # group = "jellyfin";
# # };
# # };
# # assign = {
# # chris = ["jellyfin" "jellyfin_admin"];
# # kaas = ["jellyfin"];
# # };
# # application = {
# # jellyfin = {
# # redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # forgejo = {
# # redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # vaultwarden = {
# # redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # exportMap = {
# # client_id = "SSO_CLIENT_ID";
# # client_secret = "SSO_CLIENT_SECRET";
# # };
# # };
# # matrix = {
# # redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # mydia = {
# # redirectUris = ["http://localhost:2010/auth/oidc/callback"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # grafana = {
# # redirectUris = ["http://localhost:9001/login/generic_oauth"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # };
# # };
# # convex = {
# # projectRoleCheck = true;
# # projectRoleAssertion = true;
# # hasProjectCheck = true;
# # application = {
# # scry = {
# # redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # };
# # };
# # };
# # action = {
# # flattenRoles = {
# # script = ''
# # (ctx, api) => {
# # if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) {
# # return;
# # }
# # const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role));
# # api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles }));
# # };
# # '';
# # };
# # };
# # triggers = [
# # {
# # flowType = "customiseToken";
# # triggerType = "preUserinfoCreation";
# # actions = ["flattenRoles"];
# # }
# # {
# # flowType = "customiseToken";
# # triggerType = "preAccessTokenCreation";
# # actions = ["flattenRoles"];
# # }
# # ];
# # };
# # };
# # };
# # communication.matrix.enable = true;
# # development.forgejo.enable = true;
# # networking.ssh.enable = true;
# # networking.caddy.hosts = {
# # # Expose amarht cloud stuff like this until I have a proper solution
# # "auth.amarth.cloud" = ''
# # reverse_proxy http://192.168.1.223:9092
# # '';
# # "amarth.cloud" = ''
# # reverse_proxy http://192.168.1.223:8080
# # '';
# # };
# # media.enable = true;
# # media.glance.enable = true;
# # media.mydia.enable = true;
# # media.nfs.enable = true;
# # media.jellyfin.enable = true;
# # media.servarr = {
# # radarr = {
# # enable = true;
# # port = 2001;
# # rootFolders = [
# # "/var/media/movies"
# # ];
# # };
# # sonarr = {
# # enable = true;
# # # debug = true;
# # port = 2002;
# # rootFolders = [
# # "/var/media/series"
# # ];
# # };
# # lidarr = {
# # enable = true;
# # debug = true;
# # port = 2003;
# # rootFolders = [
# # "/var/media/music"
# # ];
# # };
# # prowlarr = {
# # enable = true;
# # # debug = true;
# # port = 2004;
# # };
# # };
# # observability = {
# # grafana.enable = true;
# # prometheus.enable = true;
# # loki.enable = true;
# # promtail.enable = true;
# # # uptime-kuma.enable = true;
# # };
# # security.vaultwarden = {
# # enable = true;
# # database = {
# # # type = "sqlite";
# # # file = "/var/lib/vaultwarden/state.db";
# # type = "postgresql";
# # host = "localhost";
# # port = 5432;
# # sslMode = "disabled";
# # };
# # };
# # };
# # editor = {
# # nano.enable = true;
# # };
# # };
}
Reference in a new issue View git blame Copy permalink