gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: replaced deploy system, migrated to infrastructure's methodologies

Browse source
This commit is contained in:
Kat Inskip 2024-01-27 20:07:28 -08:00
parent 5cb3895570
commit 89505a91cd
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
24 changed files with 919 additions and 654 deletions
Download patch file Download diff file Expand all files Collapse all files

76
systems/tei/config.nix Normal file
View file

@ -0,0 +1,76 @@
_: {
arch = "x86_64";
type = "NixOS";
modules = [
({
config,
lib,
meta,
pkgs,
...
}: let
inherit (lib.modules) mkIf mkMerge;
inherit (config.services) kanidm mosquitto home-assistant;
in {
imports = let
inherit (meta) nixos;
in [
nixos.reisen-ct
nixos.sops
nixos.tailscale
nixos.cloudflared
nixos.postgres
nixos.nginx
nixos.access.zigbee2mqtt
nixos.access.home-assistant
nixos.vouch
nixos.kanidm
nixos.mosquitto
nixos.home-assistant
nixos.zigbee2mqtt
nixos.syncplay
./cloudflared.nix
];
sops.defaultSopsFile = ./secrets.yaml;
services.kanidm = {
package =
lib.warnIf
(pkgs.kanidm.version != "1.1.0-rc.15")
"upstream kanidm may have localhost oauth2 support now!"
pkgs.kanidm-develop;
};
networking.firewall = {
interfaces.local.allowedTCPPorts = mkMerge [
(mkIf kanidm.enableServer [
kanidm.server.frontend.port
(mkIf kanidm.server.ldap.enable kanidm.server.ldap.port)
])
(mkIf home-assistant.enable [
home-assistant.config.http.server_port
])
(mkIf mosquitto.enable (map (
listener:
listener.port
)
mosquitto.listeners))
];
};
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:CC:66:57";
Type = "ether";
};
address = ["10.1.1.39/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
system.stateVersion = "23.11";
})
];
}