michael/nix-dots
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: michael:0e7b17b468ff54d050d255c18fdaf556cb2c43fb
Branches Tags
michael:main
..
compare: michael:4834639add1905cb2a554679687baab225ae4b4a
Branches Tags
michael:main

3 Commits
0e7b17b468 ... 4834639add

Author SHA1 Message Date
Michael Thomas
4834639add config(git): enable pull.rebase by default 2025-05-17 12:02:13 -04:00
Michael Thomas
d273c9a515 fix(mealie): use keycloak for auth 2025-05-17 11:56:10 -04:00
Michael Thomas
36cd5d3d16 feat(nova): add keycloak w/ separate module 2025-05-17 11:56:10 -04:00
9 changed files with 97 additions and 49 deletions
Show Stats Expand all files Collapse all files

46
common/system/default.nix
View File

@ -3,35 +3,25 @@
pkgs, pkgs,
... ...
}: { }: {
nix = { nix.gc = {
gc = { automatic = true;
automatic = true; options = "--delete-older-than 30d";
options = "--delete-older-than 30d";
};
optimise.automatic = true;
settings = {
extra-experimental-features = [
"flakes"
"nix-command"
];
keep-outputs = true;
log-lines = 25;
tarball-ttl = 43200;
trusted-users = [
"root"
config.my.user
];
};
package = pkgs.nix;
}; };
nix.optimise.automatic = true;
environment.systemPackages = with pkgs; [ nix.settings = {
unstable.nh extra-experimental-features = [
]; "flakes"
"nix-command"
# TODO: make sure hostnames always match flake output name ];
environment.variables."NH_FLAKE" = ''${config.hm.home.homeDirectory}/Projects/nix-dots''; keep-outputs = true;
log-lines = 25;
tarball-ttl = 43200;
trusted-users = [
"root"
config.my.user
];
};
nix.package = pkgs.nix;
programs.zsh.enable = true; programs.zsh.enable = true;
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
} }

2
darwin/sketchybar/default.nix
View File

@ -16,7 +16,7 @@ in {
hm.my.sketchybar.enable = true; hm.my.sketchybar.enable = true;
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
unstable.sketchybar-app-font sketchybar-app-font
]; ];
}; };
} }

2
flakes/darwin.nix
View File

@ -30,7 +30,7 @@
); );
in { in {
flake.darwinConfigurations = { flake.darwinConfigurations = {
neptune = mkDarwin { mac = mkDarwin {
modules = [ modules = [
{ {
hm = import ../user/environments/mac/home.nix; hm = import ../user/environments/mac/home.nix;

6
machines/nova/configuration.nix
View File

@ -51,6 +51,12 @@
programs.zsh.enable = true; programs.zsh.enable = true;
my.server = {
domain = "thomasfmly.org";
firewallInterface = "enp1s0";
};
my.services.keycloak.enable = true;
my.services.mealie.enable = true; my.services.mealie.enable = true;
my.services.nextcloud.enable = true; my.services.nextcloud.enable = true;

11
modules/services/mealie/default.nix
View File

@ -31,12 +31,13 @@ in {
# OIDC # OIDC
OIDC_AUTH_ENABLED = true; OIDC_AUTH_ENABLED = true;
OIDC_CONFIGURATION_URL = "https://authentik.thomasfmly.org/application/o/mealie/.well-known/openid-configuration"; OIDC_CONFIGURATION_URL = "https://auth.thomasfmly.org/realms/gringotts/.well-known/openid-configuration";
OIDC_CLIENT_ID = "FLFfJCP0nWsxGfHpAf26XfoqMaIoUuaVdODJLW28"; OIDC_CLIENT_ID = "mealie";
OIDC_CLIENT_SECRET = "YSEfBhGQUmzAKnrAEi9413NM4m8juF8u7e8zOLzfCA1JXZdRsgj8WWXTKLqEeGhCiQsVvD1iX52sFcWqOWo2r7tpolpUUVymj8O4kfMWampO1Nn65K2aPFtuXu3soUwB"; OIDC_CLIENT_SECRET = "cBh876vWKoMgJSWLVJkVv6kPvUoNkvxD";
OIDC_ADMIN_GROUP = "Administrators"; OIDC_GROUPS_CLAIM = "roles";
OIDC_ADMIN_GROUP = "admin";
OIDC_AUTO_REDIRECT = true; OIDC_AUTO_REDIRECT = true;
OIDC_PROVIDER_NAME = "Authentik"; OIDC_PROVIDER_NAME = "Keycloak";
}; };
}; };

53
nixos/keycloak/default.nix Normal file
View File

@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.my.services.keycloak;
inherit (config.my.server) domain firewallInterface;
keycloakDomain = "auth.${domain}";
keycloakUrl = "https://${keycloakDomain}";
in {
options.my.services.keycloak = {
enable = mkEnableOption "Keycloak";
proxy = mkEnableOption "Keycloak reverse proxy entry";
port = mkOption {
type = types.port;
default = 7654;
example = 8080;
description = "HTTP port for the Keycloak service.";
};
};
config = mkMerge [
(mkIf cfg.enable {
age.secrets.keycloakDb.file = ../../secrets/keycloak-db.age;
services.keycloak = {
enable = true;
package = pkgs.keycloak;
settings = {
hostname = keycloakUrl;
hostname-admin = keycloakUrl;
hostname-strict = false;
hostname-strict-https = false;
proxy-headers = "xforwarded";
http-enabled = true;
http-port = cfg.port;
};
database.passwordFile = config.age.secrets.keycloakDb.path;
themes = with pkgs; {
keywind = keycloak-theme-keywind;
};
};
networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port];
})
(mkIf cfg.proxy {
services.caddy.virtualHosts."${keycloakDomain}".extraConfig = ''
reverse_proxy http://${proxyIP}:${toString cfg.port}
'';
})
];
}

22
overlays/default.nix
View File

@ -1,4 +1,7 @@
{inputs, ...}: { {inputs, ...}: {
rust-overlay = inputs.rust-overlay.overlays.default;
vscode-extensions = inputs.nix-vscode-extensions.overlays.default;
# This one brings our custom packages from the 'pkgs' directory # This one brings our custom packages from the 'pkgs' directory
additions = final: prev: additions = final: prev:
{ {
@ -14,18 +17,13 @@
# This one contains whatever you want to overlay # This one contains whatever you want to overlay
# You can change versions, add patches, set compilation flags, anything really. # You can change versions, add patches, set compilation flags, anything really.
# https://nixos.wiki/wiki/Overlays # https://nixos.wiki/wiki/Overlays
modifications = final: prev: { modifications = final: prev:
# address build failure on darwin, remove after 25.05 if prev.stdenv.isDarwin
nodejs_20-slim = prev.nodejs-slim_22; then {
nodejs_20 = prev.nodejs_22; # avoid build failure on darwin
nodejs-slim = prev.nodejs-slim_22; inherit (final.unstable) ghostscript;
nodejs = prev.nodejs_22; }
}; else {};
# External overlays
# Included after the above to ensure modifications are applied
rust-overlay = inputs.rust-overlay.overlays.default;
vscode-extensions = inputs.nix-vscode-extensions.overlays.default;
# When applied, the unstable nixpkgs set (declared in the flake inputs) will # When applied, the unstable nixpkgs set (declared in the flake inputs) will
# be accessible through 'pkgs.unstable' # be accessible through 'pkgs.unstable'

2
pkgs/nvim/default.nix
View File

@ -8,7 +8,7 @@
icons = import ./config/icons.nix; icons = import ./config/icons.nix;
pkgsMaster = inputs.master.legacyPackages.${system}; pkgsMaster = inputs.master.legacyPackages.${system};
nixvimModule = { nixvimModule = {
inherit pkgs; pkgs = inputs.nixpkgs.legacyPackages.${system};
module = import ./config; module = import ./config;
extraSpecialArgs = {inherit icons pkgsMaster;}; extraSpecialArgs = {inherit icons pkgsMaster;};
}; };

2
user/modules/git.nix
View File

@ -17,7 +17,7 @@
userName = "Michael Thomas"; userName = "Michael Thomas";
extraConfig = { extraConfig = {
credential.helper = lib.mkDefault "store"; credential.helper = lib.mkDefault "store";
pull.rebase = "false"; pull.rebase = "true";
init.defaultBranch = "main"; init.defaultBranch = "main";
}; };
}; };