Merge remote-tracking branch 'origin/main'
This commit is contained in:
commit
7c1b5afc31
6 changed files with 65 additions and 7 deletions
21
flake.nix
21
flake.nix
|
@ -210,8 +210,23 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
modifications = final: prev: {
|
modifications = final: prev: rec {
|
||||||
final.helix = helix.outputs.packages.${prev.system}.helix;
|
helix = helix.outputs.packages.${prev.system}.helix;
|
||||||
|
final.helix = helix;
|
||||||
|
# TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
|
||||||
|
# source: https://github.com/wez/wezterm/issues/3771
|
||||||
|
# wezterm = prev.wezterm.overrideAttrs rec {
|
||||||
|
# version = "56a27e93a9ee50aab50ff4d78308f9b3154b5122";
|
||||||
|
# src = prev.fetchFromGitHub {
|
||||||
|
# owner = "wez";
|
||||||
|
# repo = "wezterm";
|
||||||
|
# rev = version;
|
||||||
|
# fetchSubmodules = true;
|
||||||
|
# hash = "sha256-zl0Me24ncrpXUCvkQHlbgUucf0zrkhFFI242wsSQKLw=";
|
||||||
|
# };
|
||||||
|
# cargoLockFile = null;
|
||||||
|
# cargoHash = "";
|
||||||
|
# };
|
||||||
};
|
};
|
||||||
|
|
||||||
unstable-packages = final: _prev: {
|
unstable-packages = final: _prev: {
|
||||||
|
@ -407,7 +422,7 @@
|
||||||
cargo
|
cargo
|
||||||
firefox-no-tabs
|
firefox-no-tabs
|
||||||
linux-desktop-environment-config
|
linux-desktop-environment-config
|
||||||
slippi.homeManagerModules.default
|
# slippi.homeManagerModules.default
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -250,7 +250,7 @@
|
||||||
"https://cache.nixos.org/"
|
"https://cache.nixos.org/"
|
||||||
"https://helix.cachix.org"
|
"https://helix.cachix.org"
|
||||||
"https://nix-community.cachix.org"
|
"https://nix-community.cachix.org"
|
||||||
# "https://nix.h.lyte.dev"
|
"https://nix.h.lyte.dev"
|
||||||
"https://hyprland.cachix.org"
|
"https://hyprland.cachix.org"
|
||||||
];
|
];
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
|
|
|
@ -447,7 +447,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||||
users.groups.daniel.members = ["daniel"];
|
users.groups.daniel.members = ["daniel"];
|
||||||
users.groups.nixadmin.members = ["daniel"];
|
users.groups.nixadmin.members = ["daniel"];
|
||||||
users.users.daniel = {
|
users.users.daniel = {
|
||||||
packages = [pkgs.weechat];
|
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
"nixadmin" # write access to /etc/nixos/ files
|
"nixadmin" # write access to /etc/nixos/ files
|
||||||
"wheel" # sudo access
|
"wheel" # sudo access
|
||||||
|
@ -778,6 +777,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||||
gitMinimal
|
gitMinimal
|
||||||
gnused
|
gnused
|
||||||
nodejs
|
nodejs
|
||||||
|
gnutar # needed for cache action
|
||||||
wget
|
wget
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -999,6 +999,46 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||||
26966
|
26966
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
# kanidm
|
||||||
|
services.kanidm = {
|
||||||
|
enableClient = true;
|
||||||
|
enablePam = true;
|
||||||
|
enableServer = true;
|
||||||
|
|
||||||
|
serverSettings = {
|
||||||
|
bindaddress = "[::]:8443";
|
||||||
|
# ldapbindaddress
|
||||||
|
# TODO: these will need permissions?
|
||||||
|
tls_chain = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev.crt";
|
||||||
|
tls_key = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev.key";
|
||||||
|
domain = "idm.h.lyte.dev";
|
||||||
|
origin = "https://idm.h.lyte.dev";
|
||||||
|
# log_level
|
||||||
|
|
||||||
|
online_backup = {
|
||||||
|
path = "/storage/kanidm/backups/";
|
||||||
|
schedule = "00 22 * * *";
|
||||||
|
# versions = 7;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
unixSettings = {
|
||||||
|
uri = "https://idm.h.lyte.dev";
|
||||||
|
pam_allowed_login_groups = [];
|
||||||
|
# ca_path = "/path/to/ca.pem";
|
||||||
|
};
|
||||||
|
|
||||||
|
clientSettings = {
|
||||||
|
uri = "https://idm.h.lyte.dev";
|
||||||
|
# ca_path = "/tmp/cert.pem";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.caddy.virtualHosts."idm.h.lyte.dev" = {
|
||||||
|
extraConfig = ''reverse_proxy :8443'';
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
# TODO: non-root processes and services that access secrets need to be part of
|
# TODO: non-root processes and services that access secrets need to be part of
|
||||||
|
|
|
@ -46,6 +46,7 @@
|
||||||
additionalHosts = [
|
additionalHosts = [
|
||||||
".beefcake.lan"
|
".beefcake.lan"
|
||||||
"nix.h.lyte.dev"
|
"nix.h.lyte.dev"
|
||||||
|
"idm.h.lyte.dev"
|
||||||
"git.lyte.dev"
|
"git.lyte.dev"
|
||||||
"video.lyte.dev"
|
"video.lyte.dev"
|
||||||
"a.lyte.dev"
|
"a.lyte.dev"
|
||||||
|
|
|
@ -30,9 +30,9 @@ git add -A
|
||||||
|
|
||||||
ssh "root@$target_host" "bash -c '
|
ssh "root@$target_host" "bash -c '
|
||||||
set -m
|
set -m
|
||||||
# sleep 5 mins
|
# sleep 15 mins
|
||||||
echo \"Starting background reboot job...\"
|
echo \"Starting background reboot job...\"
|
||||||
(sleep 300; reboot;) &
|
(sleep 900; reboot;) &
|
||||||
jobs -p
|
jobs -p
|
||||||
disown
|
disown
|
||||||
'" &
|
'" &
|
||||||
|
|
|
@ -52,6 +52,8 @@
|
||||||
src = ./.;
|
src = ./.;
|
||||||
hash = pkgs.lib.fakeHash;
|
hash = pkgs.lib.fakeHash;
|
||||||
cargoHash = "sha256-W7VQlMktGsRPQL9VGVmxYV6C5u2eJ48S7eTpOM+3n8U=";
|
cargoHash = "sha256-W7VQlMktGsRPQL9VGVmxYV6C5u2eJ48S7eTpOM+3n8U=";
|
||||||
|
|
||||||
|
RUSTFLAGS = pkgs.lib.optionalString pkgs.stdenv.isLinux "-C link-arg=-fuse-ld=mold";
|
||||||
};
|
};
|
||||||
|
|
||||||
default = outputs.packages.${pkgs.system}.my-package;
|
default = outputs.packages.${pkgs.system}.my-package;
|
||||||
|
|
Loading…
Reference in a new issue