lorenzo/servers
1
0
Fork 0
Code Pull requests Packages Activity
servers/machines/lebesgue/config/configuration.nix

102 lines
2.7 KiB
Nix
Raw Normal View History

Lebesque Configuration.
2025-02-03 13:00:31 -06:00
{
config,
lib,
pkgs,
...
Nixfmt Tree
2026-02-24 00:00:35 -08:00
}:
{
Lebesque Configuration.
2025-02-03 13:00:31 -06:00
foehammer = {
users.admin = {
enable = true;
hashedPasswordFile = config.sops.secrets.admin-password.path;
};
Add vaultwarden.
2025-02-03 18:10:01 -06:00
Add goatcounter.
2025-07-14 00:40:10 -05:00
services.goatcounter = {
enable = true;
};
Add forgejo, remove authelia.
2025-12-28 20:49:16 -06:00
services.forgejo = {
enable = true;
domain = "forge.foehammer.me";
Change gitea ssh port.
2025-12-28 21:01:24 -06:00
ssh-domain = "lebesgue";
Add forgejo, remove authelia.
2025-12-28 20:49:16 -06:00
};
Return authelia service to lebesgue.
2025-12-31 00:28:39 -06:00
services.authelia = {
enable = true;
domain = "foehammer.me";
url = "https://auth.foehammer.me";
jwtSecretFile = config.sops.secrets.authelia-jwtsecret.path;
userDbFile = config.sops.secrets.authelia-users.path;
# oidcIssuerPrivateKeyFile = config.sops.secrets.authelia-oidc-privkey.path;
# oidcHmacSecretFile = config.sops.secrets.authelia-oidc-hmac.path;
sessionSecretFile = config.sops.secrets.authelia-session-secret.path;
storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption.path;
Connect Authelia to LDAP with LLDAP
2025-12-31 22:54:03 -06:00
ldap = {
addr = "ldap://localhost:${toString config.foehammer.services.lldap.ldap_port}";
baseDN = config.foehammer.services.lldap.base_dn;
user = "UID=authelia,OU=people,${config.foehammer.services.lldap.base_dn}";
passwordFile = config.sops.secrets.authelia-lldap-password.path;
};
Return authelia service to lebesgue.
2025-12-31 00:28:39 -06:00
};
Add matrix homeserver (disabled).
2026-02-24 14:16:03 -08:00
services.continuwuity = {
enable = false;
domain = "matrix.foehammer.me";
signups = false;
allowEncryption = false;
ldap = {
addr = "ldap://localhost:${toString config.foehammer.services.lldap.ldap_port}";
baseDN = config.foehammer.services.lldap.base_dn;
user = "UID=authelia,OU=people,${config.foehammer.services.lldap.base_dn}";
passwordFile = config.sops.secrets.continuwuity-ldap-password.path;
};
};
Add lldap service. Add LDAP service, to allow me to more easily add users to authelia, and other SSO solutions.
2025-12-31 20:22:58 -06:00
services.lldap = {
enable = true;
url = "https://lldap.foehammer.me";
Connect Authelia to LDAP with LLDAP
2025-12-31 22:54:03 -06:00
base_dn = "DC=foehammer,DC=me";
Add lldap service. Add LDAP service, to allow me to more easily add users to authelia, and other SSO solutions.
2025-12-31 20:22:58 -06:00
adminUserPasswordFile = config.sops.secrets.lldap-admin-password.path;
};
Add vaultwarden.
2025-02-03 18:10:01 -06:00
services.vaultwarden = {
enable = true;
domain = "https://passwords.foehammer.me";
signups = false;
envPath = config.sops.secrets.vaultwarden-env.path;
};
Lebesque Configuration.
2025-02-03 13:00:31 -06:00
Refactor Tailscale and Restic Into Common Nixos Modules.
2025-02-07 17:14:52 -06:00
backups.restic = {
enable = true;
repositoryFile = config.sops.secrets.restic-repository.path;
environmentFile = config.sops.secrets.restic-env.path;
passwordFile = config.sops.secrets.restic-password.path;
Nixfmt Tree
2026-02-24 00:00:35 -08:00
paths = [
"/var/lib/vaultwarden"
"/var/lib/authelia"
"/var/lib/forgejo"
];
Refactor Tailscale and Restic Into Common Nixos Modules.
2025-02-07 17:14:52 -06:00
};
tailscale = {
enable = true;
authKeyFile = config.sops.secrets.tskey.path;
};
Lebesque Configuration.
2025-02-03 13:00:31 -06:00
};
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
i18n.defaultLocale = "en_US.UTF-8";
Nixfmt Tree
2026-02-24 00:00:35 -08:00
networking.firewall.allowedTCPPorts = [ 22 ];
Lebesque Configuration.
2025-02-03 13:00:31 -06:00
system.stateVersion = "24.11";
}
Copy permalink