jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:zitadel
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
..
compare: jordan:6ddb31c36f45260f9b03e4071aad998a3de1b9b9
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

1 Commits
zitadel ... 6ddb31c36f

Author SHA1 Message Date
Jordan Holt
6ddb31c36f Evaluate skycam upstream at runtime
All checks were successful
Check flake / build-amd64-linux (push) Successful in 2m52s
Details
2024-08-11 22:27:45 +01:00
10 changed files with 22 additions and 105 deletions
Expand all files Collapse all files

32
flake.lock generated
View File

@@ -8,11 +8,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1723293904, "lastModified": 1722339003,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -388,11 +388,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1723310128, "lastModified": 1723149858,
"narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=", "narHash": "sha256-3u51s7jdhavmEL1ggtd8wqrTH2clTy5yaZmhLvAXTqc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf", "rev": "107bb46eef1f05e86fc485ee8af9b637e5157988",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -459,11 +459,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1723175592, "lastModified": 1722813957,
"narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=", "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -490,11 +490,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1723282977, "lastModified": 1722987190,
"narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=", "narHash": "sha256-68hmex5efCiM2aZlAAEcQgmFI4ZwWt8a80vOeB/5w3A=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc", "rev": "21cc704b5e918c5fbf4f9fff22b4ac2681706d90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -576,11 +576,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1723385164, "lastModified": 1722712220,
"narHash": "sha256-/z4nBwpHsGWl1gmGv7FQQgoOcPwUaVzL7rfjI5nTOLg=", "narHash": "sha256-gEmbk/DROfVZ+v/BAZHDloHzS0KdqIzxtW7z9g2eH4Y=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "b47efe67031e12a2d5560b94fdb4de7dca3df80c", "rev": "dfe0e95be5ef539bf28602ff47beeea26cc4d1b8",
"revCount": 24, "revCount": 22,
"type": "git", "type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git" "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
}, },

2
hosts/desktop.nix
View File

@@ -6,7 +6,7 @@
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
(import ../overlays/gnome) (import ../overlays/gnome.nix)
]; ];
services.printing.enable = true; services.printing.enable = true;

2
hosts/skycam/default.nix
View File

@@ -55,7 +55,7 @@
''; '';
nixpkgs.overlays = [ nixpkgs.overlays = [
(import ./../../overlays/libcamera) (import ./../../overlays/libcamera.nix)
]; ];
networking = { networking = {

86
hosts/vps1/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, self, ... }: { lib, ... }:
{ {
imports = [ imports = [
@@ -41,90 +41,6 @@
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
services.postgresql = {
ensureUsers = [
{
name = "zitadel";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
};
}
];
ensureDatabases = [ "zitadel" ];
};
age.secrets."files/services/zitadel/masterkey" = {
file = "${self.inputs.secrets}/files/services/zitadel/masterkey.age";
owner = "zitadel";
group = "zitadel";
};
systemd.services.zitadel = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
services.zitadel = {
enable = true;
masterKeyFile = config.age.secrets."files/services/zitadel/masterkey".path;
settings = {
Database.postgres = {
Host = "/run/postgresql";
Port = 5432;
Database = "zitadel";
User = {
Username = "zitadel";
SSL.Mode = "disable";
};
Admin = {
ExistingDatabase = "zitadel";
Username = "zitadel";
SSL.Mode = "disable";
};
};
ExternalDomain = "id.vimium.com";
ExternalPort = 443;
ExternalSecure = true;
Machine = {
Identification = {
Hostname.Enabled = true;
PrivateIp.Enabled = false;
Webhook.Enabled = false;
};
};
Port = 8081;
WebAuthNName = "Vimium";
};
steps.FirstInstance = {
InstanceName = "Vimium";
Org.Name = "Vimium";
Org.Human = {
UserName = "jordan@vimium.com";
FirstName = "Jordan";
LastName = "Holt";
Email = {
Address = "jordan@vimium.com";
Verified = true;
};
Password = "Password1!";
PasswordChangeRequired = true;
};
LoginPolicy.AllowRegister = false;
};
};
services.nginx.virtualHosts."id.vimium.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
extraConfig = ''
grpc_pass grpc://localhost:${builtins.toString config.services.zitadel.settings.Port};
grpc_set_header Host $host:$server_port;
'';
};
};
modules = rec { modules = rec {
databases.postgresql.enable = true; databases.postgresql.enable = true;
services = { services = {

1
modules/databases/postgresql.nix
View File

@@ -17,7 +17,6 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
enableJIT = true;
initdbArgs = [ initdbArgs = [
"--allow-group-access" "--allow-group-access"
"--encoding=UTF8" "--encoding=UTF8"

4
modules/services/nginx/default.nix
View File

@@ -118,8 +118,10 @@ in {
serverAliases = [ "www.jdholt.com" ]; serverAliases = [ "www.jdholt.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/skycam/snapshot.jpg" = { locations."/skycam/snapshot.jpg" = {
proxyPass = "http://skycam.mesh.vimium.net:8080/snapshot";
extraConfig = '' extraConfig = ''
set $backend "skycam.mesh.vimium.net:8080";
proxy_pass http://$backend/snapshot;
proxy_cache skycam_cache; proxy_cache skycam_cache;
proxy_cache_valid any 10s; proxy_cache_valid any 10s;
proxy_ignore_headers Cache-Control Expires Set-Cookie; proxy_ignore_headers Cache-Control Expires Set-Cookie;

0
overlays/libcamera/0001-Ignore-IPA-signing.patch → overlays/0001-Ignore-IPA-signing.patch
View File

0
overlays/libcamera/0001-Remove-relative-config-lookups.patch → overlays/0001-Remove-relative-config-lookups.patch
View File

0
overlays/gnome/default.nix → overlays/gnome.nix
View File

0
overlays/libcamera/default.nix → overlays/libcamera.nix
View File