rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-04-19 05:06:20 +02:00
Code Issues Projects Releases Packages Wiki Activity

Compare commits

base: rouven.seifert:2cef422c648b8e2cf43011ac64d321b30e904346
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy
..
compare: rouven.seifert:afc0ea55bef99df28010da91c4fb6731ddcff7ca
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy

5 commits
2cef422c64 ... afc0ea55be

Author SHA1 Message Date
Rouven Seifert
afc0ea55be
keycloak: re-init 2024-04-26 10:39:49 +02:00
Rouven Seifert
7bc9e06788
networking: beautify 2024-04-26 10:37:13 +02:00
Rouven Seifert
71c7cf31d2
printing: enable 2024-04-26 10:36:59 +02:00
Rouven Seifert
63d9cabcfb
updates 2024-04-26 10:36:49 +02:00
Rouven Seifert
f3837236e7
zsh: fix networkctl completion 2024-04-26 10:36:09 +02:00
10 changed files with 87 additions and 22 deletions
Show stats Expand all files Collapse all files

18
flake.lock generated
View file

@ -216,11 +216,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713789879, "lastModified": 1714042918,
"narHash": "sha256-4Wt3Bg6uOnvwZcECBZaFEdzlWRlGLgd8DqLL4ugLdxg=", "narHash": "sha256-4AItZA3EQIiSNAxliuYEJumw/LaVfrMv84gYyrs0r3U=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "46833c3115e8858370880d892748f0927d8193c3", "rev": "0c5704eceefcb7bb238a958f532a86e3b59d76db",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -317,11 +317,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713668931, "lastModified": 1713869268,
"narHash": "sha256-rVlwWQlgFGGK3aPVcKmtYqWgjYnPah5FOIsYAqrMN2w=", "narHash": "sha256-o3CMQeu/S8/4zU0pMtYg51rd1FWdJsI2Xohzng1Ysdg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "07ece11b22217b8459df589f858e92212b74f1a1", "rev": "dcb6ac44922858ce3a5b46f77a36d6030181460c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -332,11 +332,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1713714899, "lastModified": 1713895582,
"narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", "narHash": "sha256-cfh1hi+6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6143fc5eeb9c4f00163267708e26191d1e918932", "rev": "572af610f6151fd41c212f897c71f7056e3fb518",
"type": "github" "type": "github"
}, },
"original": { "original": {

9
hosts/falkenstein/modules/networks/default.nix
View file

@ -87,8 +87,15 @@
}; };
networks."30-dorm" = { networks."30-dorm" = {
matchConfig.Name = "wg0"; matchConfig.Name = "wg0";
addresses = [
{
addressConfig = {
Address = "192.168.43.4/24";
AddPrefixRoute = false;
};
}
];
networkConfig = { networkConfig = {
Address = "192.168.43.4/32";
DNS = "192.168.43.1"; DNS = "192.168.43.1";
Domains = [ Domains = [
"~vpn.rfive.de" "~vpn.rfive.de"

1
hosts/nuc/default.nix
View file

@ -7,6 +7,7 @@
./modules/networks ./modules/networks
./modules/adguard ./modules/adguard
./modules/backup ./modules/backup
./modules/keycloak
./modules/cache ./modules/cache
./modules/matrix ./modules/matrix
./modules/mautrix-telegram ./modules/mautrix-telegram

43
hosts/nuc/modules/keycloak/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, ... }:
let
domain = "auth.${config.networking.domain}";
in
{
age.secrets.keycloak = {
file = ../../../../secrets/nuc/keycloak/db.age;
};
services.keycloak = {
enable = true;
settings = {
http-port = 8084;
https-port = 19000;
hostname = domain;
# proxy-headers = "forwarded";
proxy = "edge";
};
database = {
# host = "/var/run/postgresql/.s.PGSQL.5432";
# useSSL = false;
# createLocally = false;
passwordFile = config.age.secrets.keycloak.path;
};
initialAdminPassword = "plschangeme";
};
# services.postgresql = {
# enable = true;
# ensureUsers = [
# {
# name = "keycloak";
# ensureDBOwnership = true;
# }
# ];
# ensureDatabases = [ "keycloak" ];
# };
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}";
};
};
}

9
hosts/thinkpad/modules/networks/default.nix
View file

@ -163,8 +163,15 @@
networks."30-wg0" = { networks."30-wg0" = {
matchConfig.Name = "wg0"; matchConfig.Name = "wg0";
linkConfig.RequiredForOnline = false; linkConfig.RequiredForOnline = false;
addresses = [
{
addressConfig = {
Address = "192.168.43.3/24";
AddPrefixRoute = false;
};
}
];
networkConfig = { networkConfig = {
Address = "192.168.43.3/32";
DNS = "192.168.43.1"; DNS = "192.168.43.1";
Domains = [ Domains = [
"~vpn.rfive.de" "~vpn.rfive.de"

2
hosts/thinkpad/modules/networks/uni.nix
View file

@ -95,7 +95,7 @@
systemd.services = { systemd.services = {
openfortivpn-agdsn = { openfortivpn-agdsn = {
description = "AG DSN Fortinet VPN"; description = "AG DSN Fortinet VPN";
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert bbbe0df79764c5f1bd4b332e449e43a40e43eec57c983a1e75a1896e6eae4da5"; script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password)";
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ]; after = [ "network.target" "network-online.target" ];
serviceConfig = { serviceConfig = {

24
hosts/thinkpad/modules/printing/default.nix
View file

@ -1,13 +1,17 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ cups ]; # environment.systemPackages = with pkgs; [ cups ];
# services.printing = { services.avahi = {
# enable = true; enable = true;
# stateless = true; nssmdns4 = true;
# browsedConf = '' };
# BrowsePoll cups.agdsn.network services.printing = {
# LocalQueueNamingRemoteCUPS RemoteName enable = true;
# ''; stateless = true;
# drivers = with pkgs; [ cups-kyocera ]; browsedConf = ''
# }; BrowsePoll cups.agdsn.network
LocalQueueNamingRemoteCUPS RemoteName
'';
drivers = with pkgs; [ cups-kyocera ];
};
} }

1
secrets.nix
View file

@ -20,6 +20,7 @@ in
"secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ]; "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ];
"secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ]; "secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ];
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
"secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; "secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];

BIN
secrets/nuc/keycloak/db.age Normal file
View file

Binary file not shown.

2
shared/zsh.nix
View file

@ -45,6 +45,8 @@
export MCFLY_RESULTS=30 export MCFLY_RESULTS=30
export MCFLY_INTERFACE_VIEW=BOTTOM export MCFLY_INTERFACE_VIEW=BOTTOM
export MCFLY_PROMPT="" export MCFLY_PROMPT=""
# fix for networkctl
zstyle ':completion:*:complete:networkctl:*' list-grouped true
source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
unsetopt extendedglob unsetopt extendedglob