commit 544682d903cd240d4e6df34d8410b842621e9ed9 Author: Ashhhleyyy Date: Mon Oct 2 18:47:47 2023 +0100 feat: initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2093797 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.qcow2 +/result diff --git a/common/generic-desktop.nix b/common/generic-desktop.nix new file mode 100644 index 0000000..1b2798f --- /dev/null +++ b/common/generic-desktop.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: { + services.resolved.enable = true; + services.avahi = { + enable = true; + openFirewall = true; + }; + + time.timeZone = "Europe/London"; + i18n.defaultLocale = "en_GB.utf8"; + + boot.plymouth = { + enable = true; + }; +} diff --git a/common/generic-qemu.nix b/common/generic-qemu.nix new file mode 100644 index 0000000..97abef7 --- /dev/null +++ b/common/generic-qemu.nix @@ -0,0 +1,19 @@ +{ modulesPath, ... }: { + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = + [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.kernelParams = [ + "console=tty1" + "console=ttyS0,115200" + ]; + + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; +} diff --git a/common/generic.nix b/common/generic.nix new file mode 100644 index 0000000..b9371fa --- /dev/null +++ b/common/generic.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: rec { + imports = [ ]; + + boot.tmp.cleanOnBoot = true; + nix.settings.auto-optimise-store = true; + + services.journald.extraConfig = '' + SystemMaxUse=100M + MaxFileSec=7day + ''; + + programs.fish.enable = true; + programs.htop = { + enable = true; + settings = { + hide_kernel_threads = true; + hide_userland_threads = true; + }; + }; + + users.users.ash = { + description = "Ashley"; + isNormalUser = true; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGLHqRBcN584SXXa7snrOs89Wy5Jjvsq+GlFXTTBYfp ash@ash-pc" + ]; + hashedPassword = "$y$j9T$YZw49GYsZi6pm5MH3W2gX1$BKPBL3g4jAWUJP0WY0lRrBLorxzcENVqGTG0dAly3v7"; + extraGroups = [ "wheel" "audio" ]; + }; + + security.doas.enable = true; + security.doas.wheelNeedsPassword = false; + + users.users.root.openssh.authorizedKeys.keys = users.users.ash.openssh.authorizedKeys.keys; + + users.mutableUsers = false; + + console.keyMap = "uk"; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..7026ceb --- /dev/null +++ b/flake.lock @@ -0,0 +1,222 @@ +{ + "nodes": { + "crane": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "fsh", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1668993159, + "narHash": "sha256-9BVTtPFrHRh0HbeEm2bmXsoIWRj1tKM6Nvfl7VMK/X8=", + "owner": "ipetkov", + "repo": "crane", + "rev": "c61d98aaea5667607a36bafe5a6fa87fe5bb2c7e", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "fsh": { + "inputs": { + "crane": "crane", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1684846557, + "narHash": "sha256-mgYwhUKc5r6WC0E1cZ8b0/txQHiTnBvZ8gC0odFfvq0=", + "owner": "ashhhleyyy", + "repo": "fsh", + "rev": "3b45d2e7c4b77158f5b621772c48a0fea2b80a9a", + "type": "github" + }, + "original": { + "owner": "ashhhleyyy", + "repo": "fsh", + "type": "github" + } + }, + "home-manager-unstable": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1684824189, + "narHash": "sha256-k3nCkn5Qy67rCguuw6YkGuL6hOUNRKxQoKOjnapk5sU=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "58eb968c21d309a6c2b020ea8d64e25c38ceebba", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1681001314, + "narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "367c0e1086a4eb4502b24d872cea2c7acdd557f4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1685000237, + "narHash": "sha256-pm+2xP9g9sh6wapk1ulg7/1DdENkTNDB7Kx+6lwGs/k=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "05bef004794f352ea12475a89f3f55b4102c0728", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1686751072, + "narHash": "sha256-i4TGoVhWiwSkGV8D8Hk8A3MZ68rmAxknEVwTYkE3Wjk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "98be10c950909515f626a776e862c24589fde969", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1684754342, + "narHash": "sha256-plGnjnbnPLoZCTdQX21oT7xliQhFtgcWlkuDHgtEb1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7084250df3d7f9735087d3234407f3c1fc2400e3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "fsh": "fsh", + "home-manager-unstable": "home-manager-unstable", + "nixos-generators": "nixos-generators", + "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs-unstable": "nixpkgs-unstable" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "fsh", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "fsh", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1667487142, + "narHash": "sha256-bVuzLs1ZVggJAbJmEDVO9G6p8BH3HRaolK70KXvnWnU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..f9e123d --- /dev/null +++ b/flake.nix @@ -0,0 +1,99 @@ +{ + inputs = { + nixpkgs-stable = { + url = "github:NixOS/nixpkgs/nixos-22.11"; + }; + + nixpkgs-unstable = { + url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + + home-manager-unstable = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; + + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; + + fsh = { + url = "github:ashhhleyyy/fsh"; + inputs.nixpkgs.follows = "nixpkgs-stable"; + }; + }; + + outputs = { self, nixpkgs-stable, nixpkgs-unstable, fsh, home-manager-unstable, nixos-generators, ... }: + let + home-manager = home-manager-unstable; + overlays = [ + fsh.overlays.default + ]; + overlays-module = ({ nixpkgs, ... }: { + nixpkgs.overlays = overlays; + }); + in + { + nixosConfigurations.fern = nixpkgs-unstable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + overlays-module + ./hosts/fern/configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.ash = { ... }: { + imports = [ + fsh.homeModules.fsh + ./home/ash + ./home/ash/desktop.nix + ]; + }; + } + ]; + }; + + nixosConfigurations.alex = nixpkgs-unstable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + overlays-module + ./hosts/alex/configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.ash = { ... }: { + imports = [ + fsh.homeModules.fsh + ./home/ash + ./home/ash/desktop.nix + ./home/ash/vscodium.nix + ]; + }; + } + ]; + }; + + nixosConfigurations.emira = nixpkgs-unstable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + overlays-module + ./hosts/emira/configuration.nix + ./common/generic-qemu.nix + ]; + }; + + packages.x86_64-linux = { + emira = nixos-generators.nixosGenerate { + system = "x86_64-linux"; + modules = [ + overlays-module + ./hosts/emira/configuration.nix + ]; + format = "qcow"; + }; + }; + }; +} diff --git a/home/ash/default.nix b/home/ash/default.nix new file mode 100644 index 0000000..cb68cb7 --- /dev/null +++ b/home/ash/default.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: { + home.stateVersion = "22.11"; + + programs.fish.enable = true; + programs.fsh.enable = true; + + home.packages = with pkgs; [ + wget + ]; +} diff --git a/home/ash/desktop.nix b/home/ash/desktop.nix new file mode 100644 index 0000000..666f9fb --- /dev/null +++ b/home/ash/desktop.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: { + home.packages = with pkgs; [ + nerdfonts + ]; + + programs.kitty = { + enable = true; + theme = "Catppuccin-Mocha"; + font.name = "JetBrainsMono Nerd Font"; + }; +} diff --git a/home/ash/vscodium.nix b/home/ash/vscodium.nix new file mode 100644 index 0000000..b316bf1 --- /dev/null +++ b/home/ash/vscodium.nix @@ -0,0 +1,74 @@ +{ config, pkgs, ... }: { + home.packages = with pkgs; [ + (vscode-with-extensions.override { + vscode = vscodium; + vscodeExtensions = with pkgs.vscode-extensions; [ + bbenoist.nix + ms-python.python + ms-vscode.hexeditor + tamasfe.even-better-toml + elixir-lsp.vscode-elixir-ls + arrterian.nix-env-selector + denoland.vscode-deno + esbenp.prettier-vscode + llvm-vs-code-extensions.vscode-clangd + vscode-extensions.ms-dotnettools.csharp + ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ + { + name = "starfall-visual-studio-code"; + publisher = "sndst00m"; + version = "0.5.4"; + sha256 = "sha256-f1pnuqz8aC3FKUI/GnNor+uY94+1UlYOyW1OvuuMqK8="; + } + { + name = "flutter"; + publisher = "Dart-Code"; + version = "3.73.20230904"; + sha256 = "sha256-2kT5hfCupM1njC07Du9bcavxp2kDIJNIMsMYd7Omr44="; + } + { + name = "dart-code"; + publisher = "Dart-Code"; + version = "3.73.20230927"; + sha256 = "sha256-B6CD+2OgKrIHG87FtKbuqdpn3levm9RO6GFjmnW24z4="; + } + { + name = "direnv"; + publisher = "mkhl"; + version = "0.15.2"; + sha256 = "sha256-Da9Anme6eoKLlkdYaeLFDXx0aQgrtepuUnw2jEPXCVU="; + } + { + name = "Go"; + publisher = "golang"; + version = "0.39.1"; + sha256 = "sha256-xOiMVUkcgwkMjYfNzFB3Qhfg26jf5nssaTfw0U+sAX0="; + } + { + name = "rust-analyzer"; + publisher = "rust-lang"; + version = "0.4.1679"; + sha256 = "sha256-MqaYZSU80MrNHGP8Tfj9Ky8DhCtRgajeVivjMGtvnS8="; + } + { + name = "svelte-vscode"; + publisher = "svelte"; + version = "107.11.0"; + sha256 = "sha256-vz4yO1VhTdpdfXw6daD1TinSTFlmQyYEDrxVklMX8Rk="; + } + { + name = "ruby-lsp"; + publisher = "Shopify"; + version = "0.4.8"; + sha256 = "sha256-Q7ZZs/81+VrHKs3rpMwMfE3+DOS9bDJaoHEpYHoRqoo="; + } + { + name = "wgsl"; + publisher = "PolyMeilex"; + version = "0.1.16"; + sha256 = "sha256-0EcV80N8u3eQB74TNedjM5xbQFY7avUu3A8HWi7eZLk="; + } + ]; + }) + ]; +} diff --git a/hosts/alex/configuration.nix b/hosts/alex/configuration.nix new file mode 100644 index 0000000..5e8808d --- /dev/null +++ b/hosts/alex/configuration.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: { + imports = [ + ../../common/generic-qemu.nix + ../../common/generic.nix + ../../common/generic-desktop.nix + ]; + + networking.hostName = "alex"; + networking.firewall.enable = false; + + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + services.xserver = { + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + layout = "gb"; + # xkbVariant = ""; + }; + + services.printing.enable = true; + + programs.steam.enable = true; + nixpkgs.config.allowUnfree = true; + + system.stateVersion = "22.11"; +} diff --git a/hosts/emira/configuration.nix b/hosts/emira/configuration.nix new file mode 100644 index 0000000..d557dfa --- /dev/null +++ b/hosts/emira/configuration.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: { + imports = [ + ../../common/generic.nix + ../../roles/asterisk.nix + ../../roles/kanidm.nix + ../../roles/coredns + ]; + + networking = { + hostName = "emira"; + nameservers = [ "127.0.0.1" "::1" ]; + dhcpcd.extraConfig = "nohook resolv.conf"; + }; + networking.firewall.enable = false; + + system.stateVersion = "22.11"; +} diff --git a/hosts/fern/configuration.nix b/hosts/fern/configuration.nix new file mode 100644 index 0000000..a98648e --- /dev/null +++ b/hosts/fern/configuration.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: { + imports = [ + ../../common/generic-qemu.nix + ../../common/generic.nix + ../../common/generic-desktop.nix + ]; + + networking.hostName = "fern"; + networking.firewall.enable = false; + + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + services.xserver = { + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + # layout = "gb"; + # xkbVariant = ""; + }; + + services.printing.enable = true; + + programs.steam.enable = true; + nixpkgs.config.allowUnfree = true; + + system.stateVersion = "22.11"; +} diff --git a/roles/asterisk.nix b/roles/asterisk.nix new file mode 100644 index 0000000..805b6cf --- /dev/null +++ b/roles/asterisk.nix @@ -0,0 +1,140 @@ +{ config, pkgs, ... }: { + services.asterisk = { + enable = true; + confFiles = { + "pjsip.conf" = '' + [transport-defaults](!) + type = transport + bind = 0.0.0.0 + + local_net = 127.0.0.0/8 + local_net = 10.0.0.0/8 + local_net = 172.16.0.0/12 + local_net = 192.168.0.0/16 + + [transport-udp](transport-defaults) + protocol = udp + + [transport-tcp](transport-defaults) + protocol = tcp + ''; + + "rtp.conf" = '' + [general] + rtpstart=20000 + rtpend=20999 + ''; + + "pjsip_wizard.conf" = '' + [extension-defaults](!) + type = wizard + accepts_registrations = yes + accepts_auth = yes + aor/remove_existing = yes + aor/max_contacts = 1 + aor/qualify_timeout = 3.0 + endpoint/allow = !all,g722,ulaw + endpoint/subscribe_context = subscribe + endpoint/context = from-internal + endpoint/mailboxes = 6000@default + + [6001](extension-defaults) + endpoint/callerid = Fern <6001> + inbound_auth/username = 6001 + inbound_auth/password = 3303a8dc75771f8a4d653223fbb8f2f1 + aor/qualify_frequency = 30 + endpoint/direct_media = yes + + [6002](extension-defaults) + endpoint/callerid = Lyra <6002> + inbound_auth/username = 6002 + inbound_auth/password = dc18253d8af6af4d5ab36d76e8825d54 + aor/qualify_frequency = 0 + endpoint/direct_media = no + ''; + + "voicemail.conf" = '' + [general] + format = wav49|gsm|wav + serveremail=asterisk-noreply@ashhhleyyy.dev + attach=yes + maxmsg = 100 + maxsecs = 300 + maxgreet = 60 + skipms = 3000 + maxsilence = 10 + silencethreshold = 128 + maxlogins = 3 + emailsubject = New voicemail ''${VM_MSGNUM} in mailbox ''${VM_MAILBOX} + emailbody = Hi ''${VM_NAME},\n\nYou have a new voicemail in mailbox ''${VM_MAILBOX}.\n\nFrom: ''${VM_CALLERID}\nDate: ''${VM_DATE}\nDuration: ''${VM_DUR}\nMessage Number: ''${VM_MSGNUM} + emaildateformat = %A, %B %d, %Y at %r + tz = myzone + locale = en_US.UTF-8 + minpassword = 4 + + [zonemessages] + myzone = Europe/London|'vm-received' Q 'digits/at' IMp + + [default] + 6000 => 1234,Ashley B,ash@ashhhleyyy.dev,,, + ''; + + "queues.conf" = '' + [general] + persistentmembers = yes + autofill = yes + monitor-type = MixMonitor + shared_lastcall = yes + log_membername_as_agent = yes + + [internal-phones] + strategy = ringall + timeout = 30 + announce-frequency = 0 + announce-holdtime = no + announce-position = no + periodic-announce-frequency = 0 + joinempty = yes + leavewhenempty = no + ringinuse = yes + + member => PJSIP/6001,0,Fern,PJSIP/6001 + member => PJSIP/6002,0,Lyra,PJSIP/6002 + ''; + + "extensions.conf" = '' + [public] + exten => _X.,1,Hangup(3) + [default] + exten => _X.,1,Hangup(3) + + [globals] + VOICEMAIL_NUMBER = *99 + VOICEMAIL_BOX = 6000@default + VOICEMAIL_RING_TIMEOUT = 25 + HOME_QUEUE = internal-phones + INTERCOM = 6000 + LOCAL_EXTS = _6XXX + + [subscribe] + exten => _XXXX,hint,PJSIP/''${EXTEN} + + [gosub-intercom] + exten => s,1,Set(PJSIP_HEADER(add,Alert-Info)=auto answer) + same => n,Return() + + [from-internal] + exten => ''${INTERCOM},1,Set(CALLERID(all)=Intercom <''${EXTEN}> + same => n,Page(''${STRREPLACE(QUEUE_MEMBER_LIST(''${HOME_QUEUE}),",","&")},db(gosub-intercom^s^1),10) + same => n,Hangup() + + exten => ''${LOCAL_EXTS},1,Dial(PJSIP/''${EXTEN}) + same => n,Hangup() + + exten => ''${VOICEMAIL_NUMBER},1,Answer(500) + same => n,VoiceMailMain(''${VOICEMAIL_BOX},s) + same => n,Hangup() + ''; + }; + }; +} diff --git a/roles/coredns/ash.ley b/roles/coredns/ash.ley new file mode 100644 index 0000000..f90d790 --- /dev/null +++ b/roles/coredns/ash.ley @@ -0,0 +1,49 @@ +$ORIGIN ash.ley. +$TTL 5m + +; SOA +@ SOA kylie.ash.ley. ash.ashhhleyyy.dev. ( + 2022051901 ; serial number + 28800 ; refresh + 7200 ; Retry + 864000 ; Expire + 60 ; Min TTL + ) +;; --- SERVERS --- +; Root (kylie, formerly maria) +@ IN A 100.123.36.114 + +; maria is down and probably not coming back +;maria IN A 100.119.182.22 + +; Pi 4 +kylie IN A 100.123.36.114 +netdata.kylie IN CNAME kylie.ash.ley. +gitea.kylie IN CNAME kylie.ash.ley. +jellyfin.kylie IN CNAME kylie.ash.ley. +syncthing.kylie IN CNAME kylie.ash.ley. + +; Pi Zero (School mode) +ky IN A 100.80.161.44 +; Pi Zero (Camera mode) +fumiko IN A 100.95.211.68 + +; Pi (Radio) +allison IN A 100.90.231.61 + +; Pi (room sensor) +ana IN A 100.99.239.100 + +; arch VM +chelsie IN A 100.110.143.52 + +;; --- PERSONAL DEVICES --- +; PC +mary IN A 100.111.252.38 + +; Phone +lyra IN A 100.123.71.10 + +;; --- OTHER --- +nucleoid IN A 142.132.178.131 + diff --git a/roles/coredns/default.nix b/roles/coredns/default.nix new file mode 100644 index 0000000..ec5d46c --- /dev/null +++ b/roles/coredns/default.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: rec { + services.coredns = { + enable = true; + config = '' + ley { + bind 0.0.0.0 + file ${pkgs.writeText "ash.ley" (builtins.readFile ./ash.ley)} + prometheus 0.0.0.0:9153 + } + + . { + bind 0.0.0.0 + forward . tls://1.1.1.1 tls://1.0.0.1 + prometheus 0.0.0.0:9153 + } + ''; + }; +} diff --git a/roles/kanidm.nix b/roles/kanidm.nix new file mode 100644 index 0000000..7a79071 --- /dev/null +++ b/roles/kanidm.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: { + services.kanidm = { + # enableServer = true; + # serverSettings = { + # bindaddress = "[::]:8443"; + # ldapbindaddress = "[::]:3636"; + # # We are behind a reverse proxy + # trust_x_forward_for = true; + # tls_chain = ""; + # tls_key = ""; + # log_level = "default"; + # domain = "sso.ashhhleyyy.dev"; + # origin = "https://sso.ashhhleyyy.dev"; + # role = "WriteReplica"; + # }; + + enableClient = true; + + clientSettings = { + uri = "https://sso.ashhhleyyy.dev"; + }; + }; +}