cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

Compare commits

base: cnst:compare_broken
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken
...
compare: cnst:1d5bc222747aebdaf9b6258c059501ebd933c4fe
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken

2 Commits
compare_br ... 1d5bc22274

Author SHA1 Message Date
cnst
1d5bc22274 Merge branch 'main' into working 2025-10-05 10:21:16 +02:00
cnst
f2386a851e working 1 2025-10-05 10:11:40 +02:00
6 changed files with 23 additions and 36 deletions
Expand all files Collapse all files

2
hosts/kima/modules.nix
View File

@@ -216,7 +216,7 @@
flags = "--performance"; flags = "--performance";
}; };
tailscale = { tailscale = {
enable = false; enable = true;
}; };
udisks = { udisks = {
enable = true; enable = true;

2
hosts/sobotka/modules.nix
View File

@@ -214,7 +214,7 @@
flags = "--performance"; flags = "--performance";
}; };
tailscale = { tailscale = {
enable = false; enable = true;
}; };
udisks = { udisks = {
enable = true; enable = true;

9
hosts/sobotka/server.nix
View File

@@ -1,5 +1,4 @@
{ config, ... }: {config, ...}: {
{
server = { server = {
enable = true; enable = true;
email = "adam@cnst.dev"; email = "adam@cnst.dev";
@@ -44,10 +43,6 @@
}; };
jellyfin = { jellyfin = {
enable = true; enable = true;
cloudflared = {
tunnelId = "234811e2-bc86-44b2-9abd-493686e25704";
credentialsFile = config.age.secrets.jellyfinCloudflared.path;
};
}; };
uptime-kuma = { uptime-kuma = {
enable = true; enable = true;
@@ -94,7 +89,7 @@
gluetun.enable = true; gluetun.enable = true;
qbittorrent = { qbittorrent = {
enable = true; enable = true;
port = 8387; port = 8080;
}; };
slskd = { slskd = {
enable = true; enable = true;

27
modules/server/authentik/default.nix
View File

@@ -4,13 +4,11 @@
pkgs, pkgs,
self, self,
... ...
}: }: let
let
unit = "authentik"; unit = "authentik";
cfg = config.server.${unit}; cfg = config.server.${unit};
srv = config.server; srv = config.server;
in in {
{
options.server.${unit} = { options.server.${unit} = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${unit}"; description = "Enable ${unit}";
@@ -55,9 +53,11 @@ in
age.secrets = { age.secrets = {
authentikEnv = { authentikEnv = {
file = "${self}/secrets/authentikEnv.age"; file = "${self}/secrets/authentikEnv.age";
owner = "authentik";
}; };
authentikCloudflared = { authentikCloudflared = {
file = "${self}/secrets/authentikCloudflared.age"; file = "${self}/secrets/authentikCloudflared.age";
owner = "authentik";
}; };
}; };
@@ -99,23 +99,22 @@ in
middlewares = { middlewares = {
authentik = { authentik = {
forwardAuth = { forwardAuth = {
# tls.insecureSkipVerify = true; tls.insecureSkipVerify = true;
address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik"; address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true; trustForwardHeader = true;
authResponseHeaders = [ authResponseHeaders = [
"X-authentik-username" "X-authentik-username"
"X-authentik-groups" "X-authentik-groups"
"X-authentik-email" "X-authentik-email"
# "X-authentik-name" "X-authentik-name"
# "X-authentik-uid" "X-authentik-uid"
"X-authentik-jwt" "X-authentik-jwt"
# "X-authentik-meta-jwks" "X-authentik-meta-jwks"
# "X-authentik-meta-outpost" "X-authentik-meta-outpost"
# "X-authentik-meta-provider" "X-authentik-meta-provider"
# "X-authentik-meta-app" "X-authentik-meta-app"
# "X-authentik-meta-version" "X-authentik-meta-version"
]; ];
timeout = "10s";
}; };
}; };
}; };
@@ -130,7 +129,7 @@ in
routers = { routers = {
auth = { auth = {
entryPoints = [ "websecure" ]; entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)"; rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth"; service = "auth";
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";

17
modules/server/www/default.nix
View File

@@ -4,18 +4,11 @@
pkgs, pkgs,
self, self,
... ...
}: }: let
let inherit (lib) mkOption mkEnableOption mkIf types;
inherit (lib)
mkOption
mkEnableOption
mkIf
types
;
cfg = config.server.www; cfg = config.server.www;
srv = config.server; srv = config.server;
in in {
{
options.server.www = { options.server.www = {
enable = mkEnableOption { enable = mkEnableOption {
description = "Enable personal website"; description = "Enable personal website";
@@ -124,14 +117,14 @@ in
services.traefik.dynamicConfigOptions.http = { services.traefik.dynamicConfigOptions.http = {
routers.webfinger = { routers.webfinger = {
entryPoints = [ "websecure" ]; entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`) && Path(`/.well-known/webfinger`)"; rule = "Host(`${cfg.url}`) && Path(`/.well-known/webfinger`)";
service = "webfinger"; service = "webfinger";
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
services.webfinger.loadBalancer.servers = [ services.webfinger.loadBalancer.servers = [
{ url = "http://127.0.0.1:8283"; } {url = "http://127.0.0.1:8283";}
]; ];
}; };
}; };

2
users/cnst/modules/kimamod.nix
View File

@@ -11,7 +11,7 @@
enable = true; enable = true;
}; };
chromium = { chromium = {
enable = false; enable = true;
}; };
discord = { discord = {
enable = true; enable = true;