rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-04-19 13:16:19 +02:00
Code Issues Projects Releases Packages Wiki Activity

Compare commits

base: rouven.seifert:afc0ea55bef99df28010da91c4fb6731ddcff7ca
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy
..
compare: rouven.seifert:2cef422c648b8e2cf43011ac64d321b30e904346
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy

No commits in common. "afc0ea55bef99df28010da91c4fb6731ddcff7ca" and "2cef422c648b8e2cf43011ac64d321b30e904346" have entirely different histories.
afc0ea55be ... 2cef422c64

10 changed files with 22 additions and 87 deletions
Show stats Expand all files Collapse all files

18
flake.lock generated
View file

@ -216,11 +216,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1714042918, "lastModified": 1713789879,
"narHash": "sha256-4AItZA3EQIiSNAxliuYEJumw/LaVfrMv84gYyrs0r3U=", "narHash": "sha256-4Wt3Bg6uOnvwZcECBZaFEdzlWRlGLgd8DqLL4ugLdxg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0c5704eceefcb7bb238a958f532a86e3b59d76db", "rev": "46833c3115e8858370880d892748f0927d8193c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -317,11 +317,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713869268, "lastModified": 1713668931,
"narHash": "sha256-o3CMQeu/S8/4zU0pMtYg51rd1FWdJsI2Xohzng1Ysdg=", "narHash": "sha256-rVlwWQlgFGGK3aPVcKmtYqWgjYnPah5FOIsYAqrMN2w=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "dcb6ac44922858ce3a5b46f77a36d6030181460c", "rev": "07ece11b22217b8459df589f858e92212b74f1a1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -332,11 +332,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1713895582, "lastModified": 1713714899,
"narHash": "sha256-cfh1hi+6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U=", "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "572af610f6151fd41c212f897c71f7056e3fb518", "rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
"type": "github" "type": "github"
}, },
"original": { "original": {

9
hosts/falkenstein/modules/networks/default.nix
View file

@ -87,15 +87,8 @@
}; };
networks."30-dorm" = { networks."30-dorm" = {
matchConfig.Name = "wg0"; matchConfig.Name = "wg0";
addresses = [
{
addressConfig = {
Address = "192.168.43.4/24";
AddPrefixRoute = false;
};
}
];
networkConfig = { networkConfig = {
Address = "192.168.43.4/32";
DNS = "192.168.43.1"; DNS = "192.168.43.1";
Domains = [ Domains = [
"~vpn.rfive.de" "~vpn.rfive.de"

1
hosts/nuc/default.nix
View file

@ -7,7 +7,6 @@
./modules/networks ./modules/networks
./modules/adguard ./modules/adguard
./modules/backup ./modules/backup
./modules/keycloak
./modules/cache ./modules/cache
./modules/matrix ./modules/matrix
./modules/mautrix-telegram ./modules/mautrix-telegram

43
hosts/nuc/modules/keycloak/default.nix
View file

@ -1,43 +0,0 @@
{ config, ... }:
let
domain = "auth.${config.networking.domain}";
in
{
age.secrets.keycloak = {
file = ../../../../secrets/nuc/keycloak/db.age;
};
services.keycloak = {
enable = true;
settings = {
http-port = 8084;
https-port = 19000;
hostname = domain;
# proxy-headers = "forwarded";
proxy = "edge";
};
database = {
# host = "/var/run/postgresql/.s.PGSQL.5432";
# useSSL = false;
# createLocally = false;
passwordFile = config.age.secrets.keycloak.path;
};
initialAdminPassword = "plschangeme";
};
# services.postgresql = {
# enable = true;
# ensureUsers = [
# {
# name = "keycloak";
# ensureDBOwnership = true;
# }
# ];
# ensureDatabases = [ "keycloak" ];
# };
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}";
};
};
}

9
hosts/thinkpad/modules/networks/default.nix
View file

@ -163,15 +163,8 @@
networks."30-wg0" = { networks."30-wg0" = {
matchConfig.Name = "wg0"; matchConfig.Name = "wg0";
linkConfig.RequiredForOnline = false; linkConfig.RequiredForOnline = false;
addresses = [
{
addressConfig = {
Address = "192.168.43.3/24";
AddPrefixRoute = false;
};
}
];
networkConfig = { networkConfig = {
Address = "192.168.43.3/32";
DNS = "192.168.43.1"; DNS = "192.168.43.1";
Domains = [ Domains = [
"~vpn.rfive.de" "~vpn.rfive.de"

2
hosts/thinkpad/modules/networks/uni.nix
View file

@ -95,7 +95,7 @@
systemd.services = { systemd.services = {
openfortivpn-agdsn = { openfortivpn-agdsn = {
description = "AG DSN Fortinet VPN"; description = "AG DSN Fortinet VPN";
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password)"; script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert bbbe0df79764c5f1bd4b332e449e43a40e43eec57c983a1e75a1896e6eae4da5";
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ]; after = [ "network.target" "network-online.target" ];
serviceConfig = { serviceConfig = {

24
hosts/thinkpad/modules/printing/default.nix
View file

@ -1,17 +1,13 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
# environment.systemPackages = with pkgs; [ cups ]; environment.systemPackages = with pkgs; [ cups ];
services.avahi = { # services.printing = {
enable = true; # enable = true;
nssmdns4 = true; # stateless = true;
}; # browsedConf = ''
services.printing = { # BrowsePoll cups.agdsn.network
enable = true; # LocalQueueNamingRemoteCUPS RemoteName
stateless = true; # '';
browsedConf = '' # drivers = with pkgs; [ cups-kyocera ];
BrowsePoll cups.agdsn.network # };
LocalQueueNamingRemoteCUPS RemoteName
'';
drivers = with pkgs; [ cups-kyocera ];
};
} }

1
secrets.nix
View file

@ -20,7 +20,6 @@ in
"secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ]; "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ];
"secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ]; "secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ];
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
"secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; "secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];

BIN
secrets/nuc/keycloak/db.age
View file

Binary file not shown.

2
shared/zsh.nix
View file

@ -45,8 +45,6 @@
export MCFLY_RESULTS=30 export MCFLY_RESULTS=30
export MCFLY_INTERFACE_VIEW=BOTTOM export MCFLY_INTERFACE_VIEW=BOTTOM
export MCFLY_PROMPT="" export MCFLY_PROMPT=""
# fix for networkctl
zstyle ':completion:*:complete:networkctl:*' list-grouped true
source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
unsetopt extendedglob unsetopt extendedglob