Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-04-04 19:20:58 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of github.com:JulienMalka/nix-config

Browse source
This commit is contained in:
Julien Malka 2022-03-10 15:25:33 +01:00
commit 8ebcb7ef4f
No known key found for this signature in database
GPG key ID: 3C68E13964FEA07F
6 changed files with 121 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
flake.lock generated
View file

@ -86,10 +86,7 @@
"neovim-flake": { "neovim-flake": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": "nixpkgs"
"neovim-nightly-overlay",
"nixpkgs"
]
}, },
"locked": { "locked": {
"dir": "contrib", "dir": "contrib",
@ -131,16 +128,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1646011258, "lastModified": 1645433236,
"narHash": "sha256-+aen4zu5uVp52arEcgL2maCS0zQDuG1t+Azwd/O1gN4=", "narHash": "sha256-4va4MvJ076XyPp5h8sm5eMQvCrJ6yZAbBmyw95dGyw4=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a25df4c2b79c4343bcc72ad671200e5a3e286c41", "rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-21.11", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -175,6 +172,22 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1646011258,
"narHash": "sha256-+aen4zu5uVp52arEcgL2maCS0zQDuG1t+Azwd/O1gN4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a25df4c2b79c4343bcc72ad671200e5a3e286c41",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1646051576, "lastModified": 1646051576,
@ -194,7 +207,7 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"homepage": "homepage", "homepage": "homepage",
"neovim-nightly-overlay": "neovim-nightly-overlay", "neovim-nightly-overlay": "neovim-nightly-overlay",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"nur": "nur", "nur": "nur",
"simple-nixos-mailserver": "simple-nixos-mailserver", "simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",

5
machines/lambda/default.nix
View file

@ -24,6 +24,11 @@
]; ];
# File systems configuration for using the installer's partition layout # File systems configuration for using the installer's partition layout
nix.package = lib.mkForce pkgs.nixUnstable;
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-label/NIXOS_SD"; device = "/dev/disk/by-label/NIXOS_SD";

28
modules/authelia/configuration.yml → modules/authelia/authelia-config.nix
View file

@ -1,16 +1,21 @@
# Taken from 'config.template.yml' for Authelia v4.32.2.
# Update along with 'pkgs/authelia.nix'.
{ cfg }:
''
server:
host: 0.0.0.0 host: 0.0.0.0
port: 9091 port: 9091
server:
read_buffer_size: 4096 read_buffer_size: 4096
write_buffer_size: 4096 write_buffer_size: 4096
path: "authelia" path: "authelia"
log_level: debug log.level: debug
jwt_secret: somethingsomethingrandomrecret jwt_secret: somethingsomethingrandomrecret
default_redirection_url: https://auth.julienmalka.me default_redirection_url: https://autheliafailed.julienmalka.me
authentication_backend: authentication_backend:
disable_reset_password: false disable_reset_password: false
file: file:
path: /config/users_database.yml path: ${./config/users.yml}
password: password:
algorithm: argon2id algorithm: argon2id
iterations: 1 iterations: 1
@ -18,19 +23,24 @@ authentication_backend:
salt_length: 16 salt_length: 16
memory: 512 memory: 512
parallelism: 8 parallelism: 8
access_control: access_control:
default_policy: deny default_policy: deny
rules: rules:
- domain: - domain:
- series.julienmalka.me - "auth.julienmalka.me"
policy: bypass
- domain:
- "series.julienmalka.me"
policy: one_factor policy: one_factor
session: session:
name: authelia_session name: authelia_session
secret: somerandomsecret secret: somerandomsecret
expiration: 1h expiration: 1h
inactivity: 5m inactivity: 5m
remember_me_duration: 1M remember_me_duration: 1M
domain: series.julienmalka.me domain: julienmalka.me
regulation: regulation:
max_retries: 3 max_retries: 3
find_time: 2m find_time: 2m
@ -38,8 +48,10 @@ regulation:
storage: storage:
encryption_key: a_very_important_secret encryption_key: a_very_important_secret
local: local:
path: /config/db.sqlite3 path: /var/lib/authelia/storage.db
notifier: notifier:
disable_startup_check: false disable_startup_check: false
filesystem: filesystem:
filename: /config/notification.txt filename: /var/lib/authelia/notification.txt
''

0
modules/authelia/users.yml → modules/authelia/config/users.yml
View file

62
modules/authelia/default.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
with lib; let with lib; let
cfg = config.luj.authelia; cfg = config.luj.authelia;
autheliaConfig = pkgs.writeText "authelia-config.yml"
(import ./authelia-config.nix { inherit cfg; });
in in
{ {
options.luj.authelia = { options.luj.authelia = {
@ -8,32 +10,46 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
virtualisation.docker.enable = true; systemd = {
virtualisation.oci-containers.containers."authelia" = { services.authelia = {
image = "authelia/authelia";
environment = {
"TZ" = "Europe/Paris";
};
volumes = [
"/srv/authelia:/config/"
];
ports = [ "9091:9091" ];
serviceConfig = {
User = "authelia";
StateDirectory = "authelia";
RuntimeDirectory = "authelia";
StateDirectoryMode = "0700";
RuntimeDirectoryMode = "0700";
}; };
services.nginx.appendHttpConfig = '' script = ''
server { exec ${pkgs.authelia}/bin/authelia --config ${autheliaConfig}
server_name auth.julienmalka.me; '';
listen 80; };
return 301 https://$server_name$request_uri;
}
server { };
server_name auth.julienmalka.me;
listen 443 ssl http2;
location / { users = {
users.authelia = {
group = "authelia";
isSystemUser = true;
};
groups.authelia = {
members = [ "nginx" ];
};
};
services.nginx.virtualHosts."auth.julienmalka.me" = {
enableACME = true;
forceSSL = true;
locations."/" = {
extraConfig = ''
set $upstream_authelia http://127.0.0.1:9091; set $upstream_authelia http://127.0.0.1:9091;
proxy_pass $upstream_authelia; proxy_pass $upstream_authelia;
@ -70,10 +86,10 @@ in
set_real_ip_from fc00::/7; set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For; real_ip_header X-Forwarded-For;
real_ip_recursive on; real_ip_recursive on;
}
}
'';
'';
};
};
}; };
} }

5
modules/status/checks.csv
View file

@ -3,15 +3,10 @@ http, 200, Homepage, https://julienmalka.me
http, 200, CI, https://ci.julienmalka.me http, 200, CI, https://ci.julienmalka.me
http, 200, Binary Cache, https://bin.julienmalka.me/nix-cache-info http, 200, Binary Cache, https://bin.julienmalka.me/nix-cache-info
http, 200, Jellyfin, https://tv.julienmalka.me http, 200, Jellyfin, https://tv.julienmalka.me
http, 200, Deluge, https://downloads.julienmalka.me
http, 200, Sonarr, https://series.julienmalka.me
http, 200, Radarr, https://films.julienmalka.me
http, 200, Jackett, https://jackett.julienmalka.me/UI/Dashboard
port, 0, Newton, newton.julienmalka.me 45 port, 0, Newton, newton.julienmalka.me 45
http, 200, Cloud, cloud.julienmalka.me http, 200, Cloud, cloud.julienmalka.me
port, 0, Mail, mail.julienmalka.me 993 port, 0, Mail, mail.julienmalka.me 993
http, 200, Docs, https://docs.julienmalka.me http, 200, Docs, https://docs.julienmalka.me
http, 200, Lambda, https://nixos.org http, 200, Lambda, https://nixos.org
http, 200, Lidarr, https://songs.julienmalka.me
http, 200, Navidrome, https://music.julienmalka.me http, 200, Navidrome, https://music.julienmalka.me
http, 200, Bruit https://bruit.julienmalka.me http, 200, Bruit https://bruit.julienmalka.me

Can't render this file because it has a wrong number of fields in line 12.