isabelroses.com / dotfiles
my over complex system configurations dotfiles.isabelroses.com/
nixos nix flake dotfiles linux
10
fork

Configure Feed

Select the types of activity you want to include in your feed.

nixos/services: remove hostling

isabel 0069b951 9179a96f

-85
-1
modules/nixos/services/default.nix
··· 10 10 ./borgbackup.nix 11 11 ./cloudflared.nix 12 12 ./forgejo.nix 13 - ./hostling.nix 14 13 ./immich.nix 15 14 ./jellyfin.nix 16 15 ./kanidm.nix
-58
modules/nixos/services/hostling.nix
··· 1 - { 2 - lib, 3 - self, 4 - config, 5 - ... 6 - }: 7 - let 8 - inherit (lib) mkIf; 9 - inherit (self.lib) mkServiceOption mkSecret; 10 - 11 - cfg = config.garden.services.hostling; 12 - in 13 - { 14 - options.garden.services.hostling = mkServiceOption "hostling" { 15 - port = 3025; 16 - host = "127.0.0.1"; 17 - domain = "cdn.${config.networking.domain}"; 18 - }; 19 - 20 - config = mkIf cfg.enable { 21 - sops.secrets.hostling = mkSecret { 22 - file = "hostling"; 23 - key = "env"; 24 - }; 25 - 26 - services = { 27 - hostling = { 28 - enable = true; 29 - createDbLocally = true; 30 - 31 - environmentFile = config.sops.secrets.hostling.path; 32 - 33 - settings = { 34 - inherit (cfg) port; 35 - behind_reverse_proxy = true; 36 - trusted_proxy = cfg.host; 37 - public_url = "https://${cfg.domain}"; 38 - 39 - s3 = { 40 - bucket = "isa-cdn"; 41 - region = "europe-1"; 42 - endpoint = "in64u.upcloudobjects.com"; 43 - proxyfiles = true; 44 - }; 45 - }; 46 - }; 47 - 48 - nginx.virtualHosts.${cfg.domain} = { 49 - locations."/" = { 50 - proxyPass = "http://${cfg.host}:${toString cfg.port}"; 51 - extraConfig = '' 52 - client_max_body_size 1G; 53 - ''; 54 - }; 55 - }; 56 - }; 57 - }; 58 - }
-25
modules/nixos/services/kanidm.nix
··· 73 73 group = "kanidm"; 74 74 mode = "440"; 75 75 }; 76 - kanidm-oauth2-hostling = mkSecret { 77 - file = "kanidm"; 78 - key = "oauth2-hostling"; 79 - owner = "kanidm"; 80 - group = "kanidm"; 81 - mode = "440"; 82 - }; 83 76 }; 84 77 85 78 services = { ··· 123 116 "linkwarden.access" 124 117 "wakapi.access" 125 118 "immich.access" 126 - "hostling.access" 127 119 ]; 128 120 }; 129 121 ··· 136 128 "wakapi.access" = { }; 137 129 138 130 "immich.access" = { }; 139 - 140 - "hostling.access" = { }; 141 131 }; 142 132 143 133 systems.oauth2 = { ··· 204 194 "profile" 205 195 ]; 206 196 }; 207 - 208 - hostling = { 209 - displayName = "hostling"; 210 - originUrl = "https://${cfg'.hostling.domain}/api/auth/login/openid-connect/callback"; 211 - originLanding = "https://${cfg'.hostling.domain}/"; 212 - basicSecretFile = config.sops.secrets.kanidm-oauth2-hostling.path; 213 - allowInsecureClientDisablePkce = true; 214 - preferShortUsername = true; 215 - scopeMaps."hostling.access" = [ 216 - "openid" 217 - "email" 218 - "profile" 219 - ]; 220 - }; 221 - 222 197 }; 223 198 }; 224 199 };
-1
systems/minerva/default.nix
··· 28 28 blahaj.enable = true; 29 29 kanidm.enable = true; 30 30 mailserver.enable = true; 31 - hostling.enable = true; 32 31 borgbackup.enable = true; 33 32 34 33 # web