xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

treewide: apply the new rfc nixfmt

Browse source
This commit is contained in:
xinyangli 2024-08-25 17:45:58 +08:00
parent e702d503b9
commit 7a795e5ed9
Signed by: xin
SSH key fingerprint: SHA256:qZ/tzd8lYRtUFSrfBDBMcUqV4GHKxqeqRA3huItgvbk
53 changed files with 1371 additions and 888 deletions
Download patch file Download diff file Expand all files Collapse all files

8
machines/massicot/default.nix
View file

@ -1,4 +1,10 @@
{ inputs, config, libs, pkgs, ... }:
{
inputs,
config,
libs,
pkgs,
...
}:
{
imports = [

18
machines/massicot/hardware-configuration.nix
View file

@ -5,9 +5,19 @@
efiSupport = true;
device = "nodev";
};
fileSystems."/boot" = { device = "/dev/disk/by-uuid/AC27-D9D6"; fsType = "vfat"; };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/AC27-D9D6";
fsType = "vfat";
};
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
}

51
machines/massicot/kanidm-provision.nix
View file

@ -21,7 +21,11 @@
members = [ "xin" ];
};
immich-users = {
members = [ "xin" "zhuo" "ycm" ];
members = [
"xin"
"zhuo"
"ycm"
];
};
grafana-superadmins = {
members = [ "xin" ];
@ -65,7 +69,12 @@
originLanding = "https://git.xinyang.life/user/oauth2/kandim";
allowInsecureClientDisablePkce = true;
scopeMaps = {
forgejo-access = [ "openid" "email" "profile" "groups" ];
forgejo-access = [
"openid"
"email"
"profile"
"groups"
];
};
claimMaps = {
forgejo_role = {
@ -83,7 +92,12 @@
originLanding = "https://xinyang.life/";
allowInsecureClientDisablePkce = true;
scopeMaps = {
gts-users = [ "openid" "email" "profile" "groups" ];
gts-users = [
"openid"
"email"
"profile"
"groups"
];
};
};
owncloud = {
@ -92,7 +106,11 @@
originLanding = "https://home.xinyang.life:9201/";
public = true;
scopeMaps = {
ocis-users = [ "openid" "email" "profile" ];
ocis-users = [
"openid"
"email"
"profile"
];
};
};
hedgedoc = {
@ -101,7 +119,11 @@
originLanding = "https://docs.xinyang.life/auth/oauth2";
allowInsecureClientDisablePkce = true;
scopeMaps = {
hedgedoc-users = [ "openid" "email" "profile" ];
hedgedoc-users = [
"openid"
"email"
"profile"
];
};
};
immich-mobile = {
@ -110,7 +132,11 @@
originLanding = "https://immich.xinyang.life:8000/api/oauth/mobile-redirect/";
allowInsecureClientDisablePkce = true;
scopeMaps = {
immich-users = [ "openid" "email" "profile" ];
immich-users = [
"openid"
"email"
"profile"
];
};
};
miniflux = {
@ -118,7 +144,11 @@
originUrl = "https://rss.xinyang.life/";
originLanding = "https://rss.xinyang.life/";
scopeMaps = {
miniflux-users = [ "openid" "email" "profile" ];
miniflux-users = [
"openid"
"email"
"profile"
];
};
};
grafana = {
@ -126,7 +156,12 @@
originUrl = "https://grafana.xinyang.life/";
originLanding = "https://grafana.xinyang.life/";
scopeMaps = {
grafana-users = [ "openid" "email" "profile" "groups" ];
grafana-users = [
"openid"
"email"
"profile"
"groups"
];
};
claimMaps = {
grafana_role = {

13
machines/massicot/networking.nix
View file

@ -1,11 +1,14 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
networking = {
interfaces = {
eth0.useDHCP = true;
eth0.ipv6.addresses = [{
address = "2a01:4f8:c17:345f::1";
prefixLength = 64;
}];
eth0.ipv6.addresses = [
{
address = "2a01:4f8:c17:345f::1";
prefixLength = 64;
}
];
};
defaultGateway6 = {
address = "fe80::1";

58
machines/massicot/services.nix
View file

@ -1,10 +1,24 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
kanidm_listen_port = 5324;
in
{
networking.firewall.allowedTCPPorts = [ 80 443 2222 8448 ];
networking.firewall.allowedUDPPorts = [ 80 443 8448 ];
networking.firewall.allowedTCPPorts = [
80
443
2222
8448
];
networking.firewall.allowedUDPPorts = [
80
443
8448
];
custom.vaultwarden = {
enable = true;
@ -32,16 +46,23 @@ in
exporters.miniflux.enable = true;
};
systemd.mounts = map
(share: {
what = "//u380335-sub1.your-storagebox.de/u380335-sub1/${share}";
where = "/mnt/storage/${share}";
type = "cifs";
options = "rw,uid=${share},gid=${share},credentials=${config.sops.secrets.storage_box_mount.path},_netdev,fsc";
before = [ "${share}.service" ];
after = [ "cachefilesd.service" ];
wantedBy = [ "${share}.service" ];
}) [ "forgejo" "gotosocial" "conduit" "hedgedoc" ];
systemd.mounts =
map
(share: {
what = "//u380335-sub1.your-storagebox.de/u380335-sub1/${share}";
where = "/mnt/storage/${share}";
type = "cifs";
options = "rw,uid=${share},gid=${share},credentials=${config.sops.secrets.storage_box_mount.path},_netdev,fsc";
before = [ "${share}.service" ];
after = [ "cachefilesd.service" ];
wantedBy = [ "${share}.service" ];
})
[
"forgejo"
"gotosocial"
"conduit"
"hedgedoc"
];
services.cachefilesd.enable = true;
@ -225,11 +246,14 @@ in
allow_assign_grafana_admin = true;
auto_login = true;
};
"auth" = { disable_login_form = true; };
"auth" = {
disable_login_form = true;
};
};
};
systemd.services.grafana.serviceConfig.EnvironmentFile = config.sops.secrets.grafana_oauth_secret.path;
systemd.services.grafana.serviceConfig.EnvironmentFile =
config.sops.secrets.grafana_oauth_secret.path;
users.users.git = {
isSystemUser = true;
@ -240,9 +264,7 @@ in
users.groups.git = { };
users.users = {
${config.services.caddy.user}.extraGroups = [
config.services.ntfy-sh.group
];
${config.services.caddy.user}.extraGroups = [ config.services.ntfy-sh.group ];
};
services.caddy = {