jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

treewide: format
All checks were successful
Check flake / build-amd64-linux (push) Successful in 2m53s
Details

Browse Source
This commit is contained in:
Jordan Holt
2025-01-19 11:13:04 +00:00
parent c3283314b7
commit ccb57f954e
77 changed files with 1487 additions and 808 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
hosts/vps1/default.nix
View File

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
imports = [
@ -13,7 +18,7 @@
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
22 # SSH
];
};
};
@ -37,7 +42,10 @@
groups = {
jellyfin = { };
};
extraGroups.acme.members = [ "kanidm" "nginx" ];
extraGroups.acme.members = [
"kanidm"
"nginx"
];
};
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
@ -47,26 +55,28 @@
group = "acme";
};
services.kanidm = let
baseDomain = "vimium.com";
domain = "auth.${baseDomain}";
uri = "https://${domain}";
in {
package = pkgs.unstable.kanidm;
enableClient = true;
enableServer = true;
clientSettings = {
inherit uri;
services.kanidm =
let
baseDomain = "vimium.com";
domain = "auth.${baseDomain}";
uri = "https://${domain}";
in
{
package = pkgs.unstable.kanidm;
enableClient = true;
enableServer = true;
clientSettings = {
inherit uri;
};
serverSettings = {
bindaddress = "[::1]:3013";
ldapbindaddress = "[::1]:636";
domain = baseDomain;
origin = uri;
tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem";
};
};
serverSettings = {
bindaddress = "[::1]:3013";
ldapbindaddress = "[::1]:636";
domain = baseDomain;
origin = uri;
tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem";
};
};
services.nginx.virtualHosts = {
"auth.vimium.com" = {