jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:zitadel
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
..
compare: jordan:a3d1b16bec43ba62285cf021ae17354794c29c10
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

11 Commits
zitadel ... a3d1b16bec

Author SHA1 Message Date
Jordan Holt
a3d1b16bec flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 3m17s
Details 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/0d510fe40b56ed74907a021d7e1ffd0042592914' (2024-08-12)
  → 'github:nix-community/disko/276a0d055a720691912c6a34abb724e395c8e38a' (2024-08-15)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/a781ff33ae258bbcfd4ed6e673860c3e923bf2cc' (2024-08-10)
  → 'github:NixOS/nixpkgs/c3d4ac725177c030b1e289015989da2ad9d56af0' (2024-08-15)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/5e0ca22929f3342b19569b21b2f3462f053e497b' (2024-08-09)
  → 'github:NixOS/nixpkgs/c3aa7b8938b17aebd2deecf7be0636000d62a2b9' (2024-08-14)
• Updated input 'nixvim':
    'github:nix-community/nixvim/fe5ca4919c07c06fd75b7f6d247f95b1030ae095' (2024-08-10)
  → 'github:nix-community/nixvim/0b6aa80acbcb8387f2a4affb3dd22960ac2899aa' (2024-08-13)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/768acdb06968e53aa1ee8de207fd955335c754b7' (2024-07-30)
  → 'github:numtide/treefmt-nix/349de7bc435bdff37785c2466f054ed1766173be' (2024-08-12)
• Updated input 'plasma-manager':
    'github:nix-community/plasma-manager/b3b9d4ce20d75319c20a7faada08ad9135a1f008' (2024-08-12)
  → 'github:nix-community/plasma-manager/8726ecaa8b8c06910ef31abced57bf08a59730a1' (2024-08-16)
 2024-08-17 11:14:25 +01:00
Jordan Holt
b70b4cd14f Add LDAP support to kanidm
All checks were successful
Check flake / build-amd64-linux (push) Successful in 2m50s
Details
2024-08-12 22:02:58 +01:00
Jordan Holt
36a6ccf65c flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 3m1s
Details 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed' (2024-08-08)
  → 'github:nix-community/disko/0d510fe40b56ed74907a021d7e1ffd0042592914' (2024-08-12)
• Updated input 'nixvim':
    'github:nix-community/nixvim/170df9814c3e41d5a4d6e3339e611801b1f02ce2' (2024-08-06)
  → 'github:nix-community/nixvim/fe5ca4919c07c06fd75b7f6d247f95b1030ae095' (2024-08-10)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/06939f6b7ec4d4f465bf3132a05367cccbbf64da' (2024-08-05)
  → 'github:cachix/git-hooks.nix/c7012d0c18567c889b948781bc74a501e92275d1' (2024-08-09)
• Updated input 'plasma-manager':
    'github:nix-community/plasma-manager/f843f4258eea57c5ba60f6ce1d96d12d6494b56e' (2024-08-11)
  → 'github:nix-community/plasma-manager/b3b9d4ce20d75319c20a7faada08ad9135a1f008' (2024-08-12)
 2024-08-12 21:14:23 +01:00
Jordan Holt
2def8145b4 Only deploy non-Pi servers 2024-08-12 21:13:57 +01:00
Jordan Holt
413869266e Add kanidm
Some checks failed
Check flake / build-amd64-linux (push) Has been cancelled
Details
2024-08-12 20:56:11 +01:00
Jordan Holt
0cb2740a86 Revert "Add authentik" 
This reverts commit 8ca88da93a.
 2024-08-12 19:44:59 +01:00
Jordan Holt
3a77365452 Add tailscale resolver for skycam 2024-08-12 19:44:30 +01:00
Jordan Holt
8ca88da93a Add authentik
All checks were successful
Check flake / build-amd64-linux (push) Successful in 5m44s
Details
2024-08-12 00:10:54 +01:00
Jordan Holt
cf6898565b flake.lock: Update 
Flake lock file updates:

• Updated input 'secrets':
    'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=2725922f5ed145f060e840c93ad5f73606eddb28' (2024-08-11)
  → 'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=db951141cab2de0b4176f4f6fc42a50b30dd3950' (2024-08-11)
 2024-08-11 23:23:46 +01:00
Jordan Holt
cc97ede099 flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/3f1dae074a12feb7327b4bf43cbac0d124488bb7' (2024-07-30)
  → 'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41' (2024-08-10)
• Added input 'authentik-nix':
    'github:nix-community/authentik-nix/80fc87361809f78b8a8cd7e57a14b66a726379ef' (2024-08-05)
• Added input 'authentik-nix/authentik-src':
    'github:goauthentik/authentik/8f207c75046d722c17dee2bcf65fa386b06f5b9a' (2024-08-05)
• Added input 'authentik-nix/flake-compat':
    'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04)
• Added input 'authentik-nix/flake-parts':
    'github:hercules-ci/flake-parts/c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9' (2024-06-30)
• Added input 'authentik-nix/flake-parts/nixpkgs-lib':
    'eb9ceca17d.tar.gz?narHash=sha256-lIbdfCsf8LMFloheeE6N31%2BBMIeixqyQWbSr2vk79EQ%3D' (2024-06-01)
• Added input 'authentik-nix/flake-utils':
    'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11)
• Added input 'authentik-nix/flake-utils/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Added input 'authentik-nix/napalm':
    'github:nix-community/napalm/e1babff744cd278b56abe8478008b4a9e23036cf' (2024-06-09)
• Added input 'authentik-nix/napalm/flake-utils':
    follows 'authentik-nix/flake-utils'
• Added input 'authentik-nix/napalm/nixpkgs':
    follows 'authentik-nix/nixpkgs'
• Added input 'authentik-nix/nixpkgs':
    'github:NixOS/nixpkgs/feb2849fdeb70028c70d73b848214b00d324a497' (2024-07-09)
• Added input 'authentik-nix/poetry2nix':
    'github:nix-community/poetry2nix/4fd045cdb85f2a0173021a4717dc01d92d7ab2b2' (2024-06-28)
• Added input 'authentik-nix/poetry2nix/flake-utils':
    follows 'authentik-nix/flake-utils'
• Added input 'authentik-nix/poetry2nix/nix-github-actions':
    'github:nix-community/nix-github-actions/5163432afc817cf8bd1f031418d1869e4c9d5547' (2023-12-29)
• Added input 'authentik-nix/poetry2nix/nix-github-actions/nixpkgs':
    follows 'authentik-nix/poetry2nix/nixpkgs'
• Added input 'authentik-nix/poetry2nix/nixpkgs':
    follows 'authentik-nix/nixpkgs'
• Added input 'authentik-nix/poetry2nix/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Added input 'authentik-nix/poetry2nix/treefmt-nix':
    'github:numtide/treefmt-nix/68eb1dc333ce82d0ab0c0357363ea17c31ea1f81' (2024-06-16)
• Added input 'authentik-nix/poetry2nix/treefmt-nix/nixpkgs':
    follows 'authentik-nix/poetry2nix/nixpkgs'
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/107bb46eef1f05e86fc485ee8af9b637e5157988' (2024-08-08)
  → 'github:NixOS/nixos-hardware/c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf' (2024-08-10)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/21cc704b5e918c5fbf4f9fff22b4ac2681706d90' (2024-08-06)
  → 'github:NixOS/nixpkgs/a781ff33ae258bbcfd4ed6e673860c3e923bf2cc' (2024-08-10)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/cb9a96f23c491c081b38eab96d22fa958043c9fa' (2024-08-04)
  → 'github:NixOS/nixpkgs/5e0ca22929f3342b19569b21b2f3462f053e497b' (2024-08-09)
• Updated input 'plasma-manager':
    'github:nix-community/plasma-manager/22bea90404c5ff6457913a03c1a54a3caa5b1c57' (2024-08-09)
  → 'github:nix-community/plasma-manager/f843f4258eea57c5ba60f6ce1d96d12d6494b56e' (2024-08-11)
• Updated input 'secrets':
    'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=dfe0e95be5ef539bf28602ff47beeea26cc4d1b8' (2024-08-03)
  → 'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=2725922f5ed145f060e840c93ad5f73606eddb28' (2024-08-11)
 2024-08-11 23:05:46 +01:00
Jordan Holt
6ddb31c36f Evaluate skycam upstream at runtime
All checks were successful
Check flake / build-amd64-linux (push) Successful in 2m52s
Details
2024-08-11 22:27:45 +01:00
11 changed files with 66 additions and 106 deletions
Expand all files Collapse all files

50
flake.lock generated
View File

@@ -107,11 +107,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723080788, "lastModified": 1723685519,
"narHash": "sha256-C5LbM5VMdcolt9zHeLQ0bYMRjUL+N+AL5pK7/tVTdes=", "narHash": "sha256-GkXQIoZmW2zCPp1YFtAYGg/xHNyFH/Mgm79lcs81rq0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed", "rev": "276a0d055a720691912c6a34abb724e395c8e38a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -233,11 +233,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722857853, "lastModified": 1723202784,
"narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=", "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da", "rev": "c7012d0c18567c889b948781bc74a501e92275d1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -459,11 +459,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1723175592, "lastModified": 1723637854,
"narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=", "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -490,11 +490,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1723282977, "lastModified": 1723688146,
"narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=", "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc", "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -517,11 +517,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1722925293, "lastModified": 1723536338,
"narHash": "sha256-saXm5dd/e3PMsYTEcp1Qbzifm3KsZtNFkrWjmLhXHGE=", "narHash": "sha256-1bSEOtZBsAeCkg5vdDbDgOT3z91K8L/KE2s7J9hLYHw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "170df9814c3e41d5a4d6e3339e611801b1f02ce2", "rev": "0b6aa80acbcb8387f2a4affb3dd22960ac2899aa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -541,11 +541,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723232379, "lastModified": 1723804780,
"narHash": "sha256-F4Y3f9305aHGWKqAd3s2GyNRONdpDBuNuK4TCSdaHz8=", "narHash": "sha256-uuiu1UAfYr2Lo+5Ul6eA0UIYouoPvH9aIfYbq7wVF6c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "22bea90404c5ff6457913a03c1a54a3caa5b1c57", "rev": "8726ecaa8b8c06910ef31abced57bf08a59730a1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -576,11 +576,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1723385164, "lastModified": 1723415003,
"narHash": "sha256-/z4nBwpHsGWl1gmGv7FQQgoOcPwUaVzL7rfjI5nTOLg=", "narHash": "sha256-zSzDvI0sHayG5se7ALXhJhl41tConoWYbdqeow6OmBo=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "b47efe67031e12a2d5560b94fdb4de7dca3df80c", "rev": "db951141cab2de0b4176f4f6fc42a50b30dd3950",
"revCount": 24, "revCount": 26,
"type": "git", "type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git" "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
}, },
@@ -658,11 +658,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722330636, "lastModified": 1723454642,
"narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=", "narHash": "sha256-S0Gvsenh0II7EAaoc9158ZB4vYyuycvMGKGxIbERNAM=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "768acdb06968e53aa1ee8de207fd955335c754b7", "rev": "349de7bc435bdff37785c2466f054ed1766173be",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
flake.nix
View File

@@ -112,7 +112,12 @@
magicRollback = true; magicRollback = true;
autoRollback = true; autoRollback = true;
sshUser = "root"; sshUser = "root";
nodes = lib.genAttrs [ "mail" "pi" "skycam" "vps1" ] mkDeployNode; nodes = lib.genAttrs [
"mail"
# "pi"
# "skycam"
"vps1"
] mkDeployNode;
}; };
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;

2
hosts/desktop.nix
View File

@@ -6,7 +6,7 @@
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
(import ../overlays/gnome) (import ../overlays/gnome.nix)
]; ];
services.printing.enable = true; services.printing.enable = true;

2
hosts/skycam/default.nix
View File

@@ -55,7 +55,7 @@
''; '';
nixpkgs.overlays = [ nixpkgs.overlays = [
(import ./../../overlays/libcamera) (import ./../../overlays/libcamera.nix)
]; ];
networking = { networking = {

104
hosts/vps1/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, self, ... }: { config, lib, ... }:
{ {
imports = [ imports = [
@@ -37,91 +37,43 @@
groups = { groups = {
jellyfin = { }; jellyfin = { };
}; };
extraGroups.acme.members = [ "kanidm" "nginx" ];
}; };
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
services.postgresql = { security.acme.certs."auth.vimium.com" = {
ensureUsers = [ postRun = "systemctl restart kanidm.service";
{ group = "acme";
name = "zitadel";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
};
}
];
ensureDatabases = [ "zitadel" ];
}; };
age.secrets."files/services/zitadel/masterkey" = { services.kanidm = let
file = "${self.inputs.secrets}/files/services/zitadel/masterkey.age"; baseDomain = "vimium.com";
owner = "zitadel"; domain = "auth.${baseDomain}";
group = "zitadel"; uri = "https://${domain}";
}; in {
enableClient = true;
systemd.services.zitadel = { enableServer = true;
requires = [ "postgresql.service" ]; clientSettings = {
after = [ "postgresql.service" ]; inherit uri;
};
services.zitadel = {
enable = true;
masterKeyFile = config.age.secrets."files/services/zitadel/masterkey".path;
settings = {
Database.postgres = {
Host = "/run/postgresql";
Port = 5432;
Database = "zitadel";
User = {
Username = "zitadel";
SSL.Mode = "disable";
};
Admin = {
ExistingDatabase = "zitadel";
Username = "zitadel";
SSL.Mode = "disable";
};
};
ExternalDomain = "id.vimium.com";
ExternalPort = 443;
ExternalSecure = true;
Machine = {
Identification = {
Hostname.Enabled = true;
PrivateIp.Enabled = false;
Webhook.Enabled = false;
};
};
Port = 8081;
WebAuthNName = "Vimium";
}; };
steps.FirstInstance = { serverSettings = {
InstanceName = "Vimium"; bindaddress = "[::1]:3013";
Org.Name = "Vimium"; ldapbindaddress = "[::1]:636";
Org.Human = { domain = baseDomain;
UserName = "jordan@vimium.com"; origin = uri;
FirstName = "Jordan"; tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
LastName = "Holt"; tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem";
Email = {
Address = "jordan@vimium.com";
Verified = true;
};
Password = "Password1!";
PasswordChangeRequired = true;
};
LoginPolicy.AllowRegister = false;
}; };
}; };
services.nginx.virtualHosts."id.vimium.com" = { services.nginx.virtualHosts = {
enableACME = true; "auth.vimium.com" = {
forceSSL = true; useACMEHost = "auth.vimium.com";
locations."/" = { forceSSL = true;
extraConfig = '' locations."/" = {
grpc_pass grpc://localhost:${builtins.toString config.services.zitadel.settings.Port}; proxyPass = "https://[::1]:3013";
grpc_set_header Host $host:$server_port; };
'';
}; };
}; };

1
modules/databases/postgresql.nix
View File

@@ -17,7 +17,6 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
enableJIT = true;
initdbArgs = [ initdbArgs = [
"--allow-group-access" "--allow-group-access"
"--encoding=UTF8" "--encoding=UTF8"

6
modules/services/nginx/default.nix
View File

@@ -118,8 +118,12 @@ in {
serverAliases = [ "www.jdholt.com" ]; serverAliases = [ "www.jdholt.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/skycam/snapshot.jpg" = { locations."/skycam/snapshot.jpg" = {
proxyPass = "http://skycam.mesh.vimium.net:8080/snapshot";
extraConfig = '' extraConfig = ''
set $backend "skycam.mesh.vimium.net:8080";
resolver 100.100.100.100;
proxy_pass http://$backend/snapshot;
proxy_cache skycam_cache; proxy_cache skycam_cache;
proxy_cache_valid any 10s; proxy_cache_valid any 10s;
proxy_ignore_headers Cache-Control Expires Set-Cookie; proxy_ignore_headers Cache-Control Expires Set-Cookie;

0
overlays/libcamera/0001-Ignore-IPA-signing.patch → overlays/0001-Ignore-IPA-signing.patch
View File

0
overlays/libcamera/0001-Remove-relative-config-lookups.patch → overlays/0001-Remove-relative-config-lookups.patch
View File

0
overlays/gnome/default.nix → overlays/gnome.nix
View File

0
overlays/libcamera/default.nix → overlays/libcamera.nix
View File