mirror of
https://github.com/foo-dogsquared/nixos-config.git
synced 2025-04-20 00:19:11 +00:00
chore: format the codebase
This commit is contained in:
parent
f2cdf732cb
commit
04e460142a
@ -5,7 +5,8 @@
|
||||
|
||||
let
|
||||
atuinDomain = "atuin.${config.networking.domain}";
|
||||
in {
|
||||
in
|
||||
{
|
||||
# Atuin sync server because why not.
|
||||
services.atuin = {
|
||||
enable = true;
|
||||
|
||||
@ -6,7 +6,8 @@
|
||||
|
||||
let
|
||||
codeForgeDomain = "code.${config.networking.domain}";
|
||||
in {
|
||||
in
|
||||
{
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
appName = "foodogsquared's code forge";
|
||||
|
||||
@ -9,7 +9,8 @@ let
|
||||
keycloakDbName = if config.services.keycloak.database.createLocally then keycloakUser else config.services.keycloak.database.username;
|
||||
|
||||
certs = config.security.acme.certs;
|
||||
in {
|
||||
in
|
||||
{
|
||||
# Hey, the hub for your application sign-in.
|
||||
services.keycloak = {
|
||||
enable = true;
|
||||
|
||||
@ -16,31 +16,32 @@ in
|
||||
# deployed server.
|
||||
services.openvpn.servers = {
|
||||
server = {
|
||||
config = let
|
||||
certDirectory = certs."${acmeName}".directory;
|
||||
dhParams = config.security.dhparams.params;
|
||||
in
|
||||
''
|
||||
ca ${certDirectory}/chain.pem
|
||||
cert ${certDirectory}/fullchain.pem
|
||||
key ${certDirectory}/key.pem
|
||||
dh ${dhParams."openvpn-server".path}
|
||||
config =
|
||||
let
|
||||
certDirectory = certs."${acmeName}".directory;
|
||||
dhParams = config.security.dhparams.params;
|
||||
in
|
||||
''
|
||||
ca ${certDirectory}/chain.pem
|
||||
cert ${certDirectory}/fullchain.pem
|
||||
key ${certDirectory}/key.pem
|
||||
dh ${dhParams."openvpn-server".path}
|
||||
|
||||
proto udp
|
||||
topology subnet
|
||||
proto udp
|
||||
topology subnet
|
||||
|
||||
server-bridge 172.43.0.1 255.255.255.0 ${vpnAddressPoolStart} ${vpnAddressPoolEnd}
|
||||
server-ipv6 fd00::/8
|
||||
server-bridge 172.43.0.1 255.255.255.0 ${vpnAddressPoolStart} ${vpnAddressPoolEnd}
|
||||
server-ipv6 fd00::/8
|
||||
|
||||
dev vpn-tap
|
||||
dev-type tap
|
||||
dev vpn-tap
|
||||
dev-type tap
|
||||
|
||||
# Connecting clients will be able to reach to one another.
|
||||
client-to-client
|
||||
# Connecting clients will be able to reach to one another.
|
||||
client-to-client
|
||||
|
||||
user nobody
|
||||
group nobody
|
||||
'';
|
||||
user nobody
|
||||
group nobody
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
@ -52,56 +53,57 @@ in
|
||||
# For key generation, debugging, panic configuration, anything else.
|
||||
environment.systemPackages = [ pkgs.openvpn ];
|
||||
|
||||
systemd.network = let
|
||||
vpnBridgeIFName = "vpn-bridge";
|
||||
vpnTapIFName = "vpn-tap";
|
||||
in
|
||||
{
|
||||
netdevs = {
|
||||
"90-${vpnBridgeIFName}".netdevConfig = {
|
||||
Name = vpnBridgeIFName;
|
||||
Kind = "bridge";
|
||||
};
|
||||
|
||||
"90-${vpnTapIFName}" = {
|
||||
netdevConfig = {
|
||||
Name = vpnTapIFName;
|
||||
Kind = "tap";
|
||||
systemd.network =
|
||||
let
|
||||
vpnBridgeIFName = "vpn-bridge";
|
||||
vpnTapIFName = "vpn-tap";
|
||||
in
|
||||
{
|
||||
netdevs = {
|
||||
"90-${vpnBridgeIFName}".netdevConfig = {
|
||||
Name = vpnBridgeIFName;
|
||||
Kind = "bridge";
|
||||
};
|
||||
|
||||
tapConfig = {
|
||||
MultiQueue = true;
|
||||
PacketInfo = true;
|
||||
"90-${vpnTapIFName}" = {
|
||||
netdevConfig = {
|
||||
Name = vpnTapIFName;
|
||||
Kind = "tap";
|
||||
};
|
||||
|
||||
tapConfig = {
|
||||
MultiQueue = true;
|
||||
PacketInfo = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networks = {
|
||||
"50-vpn-bridge-slave-1" = {
|
||||
matchConfig.MACAddress = "86:00:00:32:48:20";
|
||||
networkConfig.Bridge = vpnBridgeIFName;
|
||||
};
|
||||
|
||||
"50-vpn-bridge-slave-tap" = {
|
||||
matchConfig.Name = vpnTapIFName;
|
||||
networkConfig.Bridge = vpnBridgeIFName;
|
||||
};
|
||||
|
||||
"50-vpn-bridge-static" = {
|
||||
matchConfig.Name = vpnBridgeIFName;
|
||||
|
||||
address = [
|
||||
# The private network IP.
|
||||
"172.43.0.1/32"
|
||||
|
||||
# Generate a new unique local IPv6 address.
|
||||
"::"
|
||||
];
|
||||
|
||||
gateway = [ privateNetworkGatewayIP ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networks = {
|
||||
"50-vpn-bridge-slave-1" = {
|
||||
matchConfig.MACAddress = "86:00:00:32:48:20";
|
||||
networkConfig.Bridge = vpnBridgeIFName;
|
||||
};
|
||||
|
||||
"50-vpn-bridge-slave-tap" = {
|
||||
matchConfig.Name = vpnTapIFName;
|
||||
networkConfig.Bridge = vpnBridgeIFName;
|
||||
};
|
||||
|
||||
"50-vpn-bridge-static" = {
|
||||
matchConfig.Name = vpnBridgeIFName;
|
||||
|
||||
address = [
|
||||
# The private network IP.
|
||||
"172.43.0.1/32"
|
||||
|
||||
# Generate a new unique local IPv6 address.
|
||||
"::"
|
||||
];
|
||||
|
||||
gateway = [ privateNetworkGatewayIP ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.dhparams.params.openvpn-server = { };
|
||||
}
|
||||
|
||||
@ -5,7 +5,8 @@
|
||||
|
||||
let
|
||||
ldapDomain = "ldap.${config.networking.domain}";
|
||||
in {
|
||||
in
|
||||
{
|
||||
services.portunus = {
|
||||
enable = true;
|
||||
|
||||
@ -18,37 +19,41 @@ in {
|
||||
tls = true;
|
||||
};
|
||||
|
||||
seedPath = let
|
||||
seedData = {
|
||||
groups = [
|
||||
{
|
||||
name = "admin-team";
|
||||
long_name = "Portunus Administrators";
|
||||
members = [ "foodogsquared" ];
|
||||
permissions = {
|
||||
portunus.is_admin = true;
|
||||
ldap.can_read = true;
|
||||
};
|
||||
}
|
||||
];
|
||||
users = [
|
||||
{
|
||||
login_name = "foodogsquared";
|
||||
given_name = "Gabriel";
|
||||
family_name = "Arazas";
|
||||
email = "foodogsquared@${config.networking.domain}";
|
||||
ssh_public_keys = let
|
||||
readFiles = list: lib.lists.map (path: lib.readFile path) list;
|
||||
in readFiles [
|
||||
../../../../users/home-manager/foo-dogsquared/files/ssh-key.pub
|
||||
../../../../users/home-manager/foo-dogsquared/files/ssh-key-2.pub
|
||||
];
|
||||
password.from_command = [ "${pkgs.coreutils}/bin/cat" config.sops.secrets."plover/ldap/users/foodogsquared/password".path ];
|
||||
}
|
||||
];
|
||||
};
|
||||
settingsFormat = pkgs.formats.json { };
|
||||
in settingsFormat.generate "portunus-seed" seedData;
|
||||
seedPath =
|
||||
let
|
||||
seedData = {
|
||||
groups = [
|
||||
{
|
||||
name = "admin-team";
|
||||
long_name = "Portunus Administrators";
|
||||
members = [ "foodogsquared" ];
|
||||
permissions = {
|
||||
portunus.is_admin = true;
|
||||
ldap.can_read = true;
|
||||
};
|
||||
}
|
||||
];
|
||||
users = [
|
||||
{
|
||||
login_name = "foodogsquared";
|
||||
given_name = "Gabriel";
|
||||
family_name = "Arazas";
|
||||
email = "foodogsquared@${config.networking.domain}";
|
||||
ssh_public_keys =
|
||||
let
|
||||
readFiles = list: lib.lists.map (path: lib.readFile path) list;
|
||||
in
|
||||
readFiles [
|
||||
../../../../users/home-manager/foo-dogsquared/files/ssh-key.pub
|
||||
../../../../users/home-manager/foo-dogsquared/files/ssh-key-2.pub
|
||||
];
|
||||
password.from_command = [ "${pkgs.coreutils}/bin/cat" config.sops.secrets."plover/ldap/users/foodogsquared/password".path ];
|
||||
}
|
||||
];
|
||||
};
|
||||
settingsFormat = pkgs.formats.json { };
|
||||
in
|
||||
settingsFormat.generate "portunus-seed" seedData;
|
||||
};
|
||||
|
||||
# Getting this to be accessible in the reverse proxy of choice.
|
||||
|
||||
@ -10,7 +10,8 @@ let
|
||||
|
||||
# However, this is set on our own.
|
||||
vaultwardenDbName = "vaultwarden";
|
||||
in {
|
||||
in
|
||||
{
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
dbBackend = "postgresql";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user