swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 13:19:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore:update flake
Some checks failed
Build and Deploy / build (push) Has been cancelled
Details
Flake check / Check flake (push) Has been cancelled
Details
Build and Deploy / deploy (push) Has been cancelled
Details

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-02-03 13:00:32 +01:00
parent 52554d4f92
commit a343de7a90
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
11 changed files with 204 additions and 176 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/home/common/emacs.nix
View file

@ -38,7 +38,7 @@ in
enable = true;
package = pkgs.emacsWithPackagesFromUsePackage {
config = self + /files/emacs/init.el;
package = pkgs.emacs-git-pgtk;
package = pkgs.emacs-unstable-pgtk;
alwaysEnsure = true;
alwaysTangle = true;
extraEmacsPackages = epkgs: [
@ -67,7 +67,7 @@ in
packageRequires = [ epkgs.jsonrpc epkgs.eglot ];
})
(inputs.nixpkgs-dev.legacyPackages.${pkgs.system}.emacsPackagesFor pkgs.emacs-git-pgtk).calfw
(inputs.nixpkgs-dev.legacyPackages.${pkgs.stdenv.hostPlatform.system}.emacsPackagesFor pkgs.emacs-git-pgtk).calfw
# epkgs.calfw
# (epkgs.trivialBuild rec {
# pname = "calfw";

3
modules/home/common/packages.nix
View file

@ -49,7 +49,6 @@
fuse
# ventoy
poppler-utils
vdhcoapp
# nix
alejandra
@ -136,7 +135,7 @@
#nautilus
nautilus
xfce.tumbler
tumbler
libgsf
# wayland stuff

2
modules/nixos/client/nix-ld.nix
View file

@ -31,7 +31,7 @@
freetype
fuse3
gdk-pixbuf
glew110
glew_1_10
glib
gnome2.GConf
pango

1
modules/nixos/common/nodes.nix
View file

@ -34,6 +34,7 @@ let
(splitPath "sops.secrets")
(splitPath "swarselsystems.server.dns")
(splitPath "topology.self.services")
(splitPath "environment.persistence")
]
++ expandOptions (splitPath "networking.nftables.firewall") [ "zones" "rules" ]
++ expandOptions (splitPath "services.firezone.gateway") [ "enable" "name" "apiUrl" "tokenFile" "package" "logLevel" ]

8
modules/nixos/server/firezone.nix
View file

@ -345,6 +345,10 @@ in
};
};
environment.persistence."/persist".directories = lib.mkIf nodeCfg.swarselsystems.isImpermanence [
{ directory = "${serviceDir}-gateway"; mode = "0700"; }
];
boot.kernel.sysctl = {
"net.core.wmem_max" = 16777216;
"net.core.rmem_max" = 134217728;
@ -366,8 +370,8 @@ in
${idmServer} =
let
nodeCfg = nodes.${idmServer}.config;
accountId = "6b3c6ba7-5240-4684-95ce-f40fdae45096";
externalId = "08d714e9-1ab9-4133-a39d-00e843a960cc";
accountId = "3e996ad9-c100-40e8-807a-282a5c5e8b6c";
externalId = "31e7f702-28a7-4bbc-9690-b6db9d4a162a";
in
{
sops.secrets.kanidm-firezone = { inherit (nodeCfg.swarselsystems) sopsFile; owner = "kanidm"; group = "kanidm"; mode = "0440"; };

8
modules/nixos/server/oauth2-proxy.nix
View file

@ -1,4 +1,4 @@
{ lib, config, globals, dns, confLib, ... }:
{ lib, config, pkgs, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "oauth2-proxy"; port = 3004; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf oauthServer nginxAccessRules homeServiceAddress;
@ -165,6 +165,7 @@ in
services = {
${serviceName} = {
enable = true;
package = pkgs.dev.oauth2-proxy;
cookie = {
domain = ".${mainDomain}";
secure = true;
@ -176,13 +177,16 @@ in
httpAddress = "0.0.0.0:${builtins.toString servicePort}";
redirectURL = "https://${serviceDomain}/oauth2/callback";
setXauthrequest = true;
upstream = [
"static://202"
];
extraConfig = {
code-challenge-method = "S256";
whitelist-domain = ".${mainDomain}";
set-authorization-header = true;
pass-access-token = true;
skip-jwt-bearer-tokens = true;
upstream = "static://202";
oidc-issuer-url = "https://${kanidmDomain}/oauth2/openid/oauth2-proxy";
provider-display-name = "Kanidm";
};