dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-conf/system/dev/dn-server/default.nix

155 lines
4.2 KiB
Nix
Raw Blame History

{
pkgs,
lib,
inputs,
system,
username,
config,
...
}:
let
inherit (lib) optionalAttrs;
inherit (builtins) toString;
in
{
imports = [
(import ../../modules/nvidia.nix {
nvidia-mode = "offload";
intel-bus-id = "PCI:0:2:0";
nvidia-bus-id = "PCI:1:0:0";
})
./sops-conf.nix
./boot.nix
./hardware-configuration.nix
./networking.nix
./services.nix
./nginx.nix
./step-ca.nix
../../modules/presets/minimal.nix
../../modules/bluetooth.nix
../../modules/gc.nix
../../modules/mail-server
../../modules/stylix.nix
(import ../../modules/paperless-ngx.nix {
domain = "paperless.net.dn";
passwordFile = config.sops.secrets."paperless/adminPassword".path;
})
(import ../../modules/prometheus.nix {
fqdn = "metrics.net.dn";
selfMonitor = true;
configureNginx = true;
scrapes = [
(optionalAttrs config.services.pdns-recursor.enable {
job_name = "powerdns_recursor";
static_configs = [
{
targets = [ "localhost:${toString config.services.pdns-recursor.api.port}" ];
}
];
})
];
})
(import ../../modules/actual {
fqdn = "actual.net.dn";
})
(import ../../modules/nextcloud.nix {
hostname = "nextcloud.net.dn";
dataBackupPath = "/mnt/backup_dn";
dbBackupPath = "/mnt/backup_dn";
adminpassFile = config.sops.secrets."nextcloud/adminPassword".path;
})
(import ../../modules/vaultwarden.nix {
domain = "bitwarden.net.dn";
})
(import ../../modules/grafana.nix {
domain = "grafana.net.dn";
passFile = config.sops.secrets."grafana/password".path;
smtpHost = config.mail-server.domain;
smtpDomain = config.mail-server.domain;
extraSettings = {
"auth.generic_oauth" =
let
OIDCBaseUrl = "https://keycloak.net.dn/realms/master/protocol/openid-connect";
in
{
enabled = true;
allow_sign_up = true;
client_id = "grafana";
client_secret = ''$__file{${config.sops.secrets."grafana/client_secret".path}}'';
scopes = "openid email profile offline_access roles";
email_attribute_path = "email";
login_attribute_path = "username";
name_attribute_path = "full_name";
auth_url = "${OIDCBaseUrl}/auth";
token_url = "${OIDCBaseUrl}/token";
api_url = "${OIDCBaseUrl}/userinfo";
role_attribute_path = "contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'";
};
};
})
../../modules/postgresql.nix
];
environment.systemPackages = with pkgs; [
openssl
];
mail-server = {
enable = true;
configuraACME = true;
mailDir = "~/Maildir";
caFile = "" + ../../extra/ca.crt;
virtualMailDir = "/var/mail/vhosts";
domain = "net.dn";
rootAlias = "${username}";
networks = [
"127.0.0.0/8"
"10.0.0.0/24"
];
virtual = ''
admin@net.dn ${username}@net.dn
postmaster@net.dn ${username}@net.dn
'';
openFirewall = true;
oauth = {
passwordFile = config.sops.secrets."oauth/password".path;
};
ldap = {
passwordFile = config.sops.secrets."ldap/password".path;
webEnv = config.sops.secrets."ldap/env".path;
};
rspamd = {
trainerSecret = config.sops.secrets."rspamd-trainer".path;
};
};
home-manager = {
users."${username}" = {
imports = [
../../../home/user/config.nix
../../../home/user/direnv.nix
../../../home/user/environment.nix
../../../home/user/nvf
../../../home/user/shell.nix
../../../home/user/tmux.nix
../../../home/user/yazi.nix
{
home.packages = with pkgs; [
inputs.ghostty.packages.${system}.default
(python3.withPackages (
p: with p; [
pip
]
))
];
}
# Git
(import ../../../home/user/git.nix {
inherit username;
email = "danny10132024@gmail.com";
})
];
};
};
}
Reference in a new issue View git blame Copy permalink