chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sneeuwvlok/machines/ulmo/configuration.nix
Chris Kruining a8a639db6e
check in time
2026-04-02 11:37:34 +02:00

286 lines
7.8 KiB
Nix
Raw Blame History

{
pkgs,
lib,
self,
...
}: {
_module.args = {
pkgs = lib.mkForce (import self.inputs.nixpkgs {
system = "x86_64-linux";
overlays = with self.inputs; [
fenix.overlays.default
nix-minecraft.overlay
flux.overlays.default
];
config = {
allowUnfree = true;
permittedInsecurePackages = [
# I think this is because of zen
"qtwebengine-5.15.19"
# For mautrix-signal, the matrix to signal bridge
"olm-3.2.16"
];
};
});
};
imports = [
./disks.nix
./hardware.nix
self.inputs.home-manager.nixosModules.home-manager
self.inputs.himmelblau.nixosModules.himmelblau
self.inputs.jovian.nixosModules.default
self.inputs.mydia.nixosModules.default
self.inputs.nix-minecraft.nixosModules.minecraft-servers
self.inputs.nvf.nixosModules.default
self.inputs.sops-nix.nixosModules.sops
(self.inputs.import-tree ../../modules/nixos)
];
system.stateVersion = "23.11";
networking = {
interfaces.enp2s0 = {
ipv6.addresses = [
{
address = "2a0d:6e00:1dc9:0::dead:beef";
prefixLength = 64;
}
];
useDHCP = true;
};
defaultGateway = {
address = "192.168.1.1";
interface = "enp2s0";
};
defaultGateway6 = {
address = "fe80::1";
interface = "enp2s0";
};
};
# sneeuwvlok = {
# services = {
# backup.borg.enable = true;
# authentication.zitadel = {
# enable = true;
# organization = {
# nix = {
# user = {
# chris = {
# email = "chris@kruining.eu";
# firstName = "Chris";
# lastName = "Kruining";
# roles = ["ORG_OWNER"];
# instanceRoles = ["IAM_OWNER"];
# };
# kaas = {
# email = "chris+kaas@kruining.eu";
# firstName = "Kaas";
# lastName = "Kruining";
# };
# };
# project = {
# ulmo = {
# projectRoleCheck = true;
# projectRoleAssertion = true;
# hasProjectCheck = true;
# role = {
# jellyfin = {
# group = "jellyfin";
# };
# jellyfin_admin = {
# group = "jellyfin";
# };
# };
# assign = {
# chris = ["jellyfin" "jellyfin_admin"];
# kaas = ["jellyfin"];
# };
# application = {
# jellyfin = {
# redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"];
# grantTypes = ["authorizationCode"];
# responseTypes = ["code"];
# };
# forgejo = {
# redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"];
# grantTypes = ["authorizationCode"];
# responseTypes = ["code"];
# };
# vaultwarden = {
# redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"];
# grantTypes = ["authorizationCode"];
# responseTypes = ["code"];
# exportMap = {
# client_id = "SSO_CLIENT_ID";
# client_secret = "SSO_CLIENT_SECRET";
# };
# };
# matrix = {
# redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"];
# grantTypes = ["authorizationCode"];
# responseTypes = ["code"];
# };
# mydia = {
# redirectUris = ["http://localhost:2010/auth/oidc/callback"];
# grantTypes = ["authorizationCode"];
# responseTypes = ["code"];
# };
# grafana = {
# redirectUris = ["http://localhost:9001/login/generic_oauth"];
# grantTypes = ["authorizationCode"];
# responseTypes = ["code"];
# };
# };
# };
# convex = {
# projectRoleCheck = true;
# projectRoleAssertion = true;
# hasProjectCheck = true;
# application = {
# scry = {
# redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"];
# grantTypes = ["authorizationCode"];
# responseTypes = ["code"];
# };
# };
# };
# };
# action = {
# flattenRoles = {
# script = ''
# (ctx, api) => {
# if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) {
# return;
# }
# const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role));
# api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles }));
# };
# '';
# };
# };
# triggers = [
# {
# flowType = "customiseToken";
# triggerType = "preUserinfoCreation";
# actions = ["flattenRoles"];
# }
# {
# flowType = "customiseToken";
# triggerType = "preAccessTokenCreation";
# actions = ["flattenRoles"];
# }
# ];
# };
# };
# };
# communication.matrix.enable = true;
# development.forgejo.enable = true;
# networking.ssh.enable = true;
# networking.caddy.hosts = {
# # Expose amarht cloud stuff like this until I have a proper solution
# "auth.amarth.cloud" = ''
# reverse_proxy http://192.168.1.223:9092
# '';
# "amarth.cloud" = ''
# reverse_proxy http://192.168.1.223:8080
# '';
# };
# media.enable = true;
# media.glance.enable = true;
# media.mydia.enable = true;
# media.nfs.enable = true;
# media.jellyfin.enable = true;
# # media.servarr = {
# # radarr = {
# # enable = true;
# # port = 2001;
# # rootFolders = [
# # "/var/media/movies"
# # ];
# # };
# # sonarr = {
# # enable = true;
# # # debug = true;
# # port = 2002;
# # rootFolders = [
# # "/var/media/series"
# # ];
# # };
# # lidarr = {
# # enable = true;
# # debug = true;
# # port = 2003;
# # rootFolders = [
# # "/var/media/music"
# # ];
# # };
# # prowlarr = {
# # enable = true;
# # # debug = true;
# # port = 2004;
# # };
# # };
# observability = {
# grafana.enable = true;
# prometheus.enable = true;
# loki.enable = true;
# promtail.enable = true;
# # uptime-kuma.enable = true;
# };
# security.vaultwarden = {
# enable = true;
# database = {
# # type = "sqlite";
# # file = "/var/lib/vaultwarden/state.db";
# type = "postgresql";
# host = "localhost";
# port = 5432;
# sslMode = "disabled";
# };
# };
# };
# editor = {
# nano.enable = true;
# };
# };
}
Reference in a new issue View git blame Copy permalink