Merge remote-tracking branch 'origin/main'

This commit is contained in:
Daniel Flanagan 2024-08-06 10:42:12 -05:00
commit 7c1b5afc31
6 changed files with 65 additions and 7 deletions

View file

@ -210,8 +210,23 @@
};
};
modifications = final: prev: {
final.helix = helix.outputs.packages.${prev.system}.helix;
modifications = final: prev: rec {
helix = helix.outputs.packages.${prev.system}.helix;
final.helix = helix;
# TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
# source: https://github.com/wez/wezterm/issues/3771
# wezterm = prev.wezterm.overrideAttrs rec {
# version = "56a27e93a9ee50aab50ff4d78308f9b3154b5122";
# src = prev.fetchFromGitHub {
# owner = "wez";
# repo = "wezterm";
# rev = version;
# fetchSubmodules = true;
# hash = "sha256-zl0Me24ncrpXUCvkQHlbgUucf0zrkhFFI242wsSQKLw=";
# };
# cargoLockFile = null;
# cargoHash = "";
# };
};
unstable-packages = final: _prev: {
@ -407,7 +422,7 @@
cargo
firefox-no-tabs
linux-desktop-environment-config
slippi.homeManagerModules.default
# slippi.homeManagerModules.default
];
};
}

View file

@ -250,7 +250,7 @@
"https://cache.nixos.org/"
"https://helix.cachix.org"
"https://nix-community.cachix.org"
# "https://nix.h.lyte.dev"
"https://nix.h.lyte.dev"
"https://hyprland.cachix.org"
];
trusted-public-keys = [

View file

@ -447,7 +447,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
users.groups.daniel.members = ["daniel"];
users.groups.nixadmin.members = ["daniel"];
users.users.daniel = {
packages = [pkgs.weechat];
extraGroups = [
"nixadmin" # write access to /etc/nixos/ files
"wheel" # sudo access
@ -778,6 +777,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
gitMinimal
gnused
nodejs
gnutar # needed for cache action
wget
];
};
@ -999,6 +999,46 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
26966
];
}
{
# kanidm
services.kanidm = {
enableClient = true;
enablePam = true;
enableServer = true;
serverSettings = {
bindaddress = "[::]:8443";
# ldapbindaddress
# TODO: these will need permissions?
tls_chain = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev.crt";
tls_key = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev.key";
domain = "idm.h.lyte.dev";
origin = "https://idm.h.lyte.dev";
# log_level
online_backup = {
path = "/storage/kanidm/backups/";
schedule = "00 22 * * *";
# versions = 7;
};
};
unixSettings = {
uri = "https://idm.h.lyte.dev";
pam_allowed_login_groups = [];
# ca_path = "/path/to/ca.pem";
};
clientSettings = {
uri = "https://idm.h.lyte.dev";
# ca_path = "/tmp/cert.pem";
};
};
services.caddy.virtualHosts."idm.h.lyte.dev" = {
extraConfig = ''reverse_proxy :8443'';
};
}
];
# TODO: non-root processes and services that access secrets need to be part of

View file

@ -46,6 +46,7 @@
additionalHosts = [
".beefcake.lan"
"nix.h.lyte.dev"
"idm.h.lyte.dev"
"git.lyte.dev"
"video.lyte.dev"
"a.lyte.dev"

View file

@ -30,9 +30,9 @@ git add -A
ssh "root@$target_host" "bash -c '
set -m
# sleep 5 mins
# sleep 15 mins
echo \"Starting background reboot job...\"
(sleep 300; reboot;) &
(sleep 900; reboot;) &
jobs -p
disown
'" &

View file

@ -52,6 +52,8 @@
src = ./.;
hash = pkgs.lib.fakeHash;
cargoHash = "sha256-W7VQlMktGsRPQL9VGVmxYV6C5u2eJ48S7eTpOM+3n8U=";
RUSTFLAGS = pkgs.lib.optionalString pkgs.stdenv.isLinux "-C link-arg=-fuse-ld=mold";
};
default = outputs.packages.${pkgs.system}.my-package;