servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

chore: Formatting
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m26s
Details

Browse Source
This commit is contained in:
uttarayan21
2025-08-14 19:34:20 +05:30
parent 57832be28d
commit c959a3aea8
15 changed files with 164 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/mirai/services/default.nix
View File

@@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
imports = [
./atuin.nix
./authelia.nix

67
nixos/mirai/services/gitea.nix
View File

@@ -3,12 +3,11 @@
config,
pkgs,
...
}:
{
}: {
virtualisation.docker.enable = true;
sops = {
# secrets."gitea/registration".owner = config.systemd.services.gitea-actions-mirai.serviceConfig.User;
secrets."gitea/registration" = { };
secrets."gitea/registration" = {};
secrets."authelia/oidc/gitea/client_secret" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
@@ -128,8 +127,8 @@
"email"
"profile"
];
response_types = [ "code" ];
grant_types = [ "authorization_code" ];
response_types = ["code"];
grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
@@ -141,35 +140,33 @@
};
};
systemd.services.gitea-oauth-setup =
let
name = "authelia";
gitea_oauth_script = pkgs.writeShellApplication {
name = "gitea_oauth2_script";
runtimeInputs = [ config.services.gitea.package ];
text = ''
gitea admin auth delete --id "$(gitea admin auth list | grep "${name}" | cut -d "$(printf '\t')" -f1)"
gitea admin auth add-oauth --provider=openidConnect --name=${name} --key="$CLIENT_ID" --secret="$CLIENT_SECRET" --auto-discover-url=https://auth.darksailor.dev/.well-known/openid-configuration --scopes='openid email profile'
'';
};
in
{
description = "Configure Gitea OAuth with Authelia";
after = [ "gitea.service" ];
wants = [ "gitea.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
User = config.services.gitea.user;
Group = config.services.gitea.group;
RemainAfterExit = true;
ExecStart = "${lib.getExe gitea_oauth_script}";
WorkingDirectory = config.services.gitea.stateDir;
EnvironmentFile = config.sops.templates."GITEA_OAUTH_SETUP.env".path;
};
environment = {
GITEA_WORK_DIR = config.services.gitea.stateDir;
GITEA_CUSTOM = config.services.gitea.customDir;
};
systemd.services.gitea-oauth-setup = let
name = "authelia";
gitea_oauth_script = pkgs.writeShellApplication {
name = "gitea_oauth2_script";
runtimeInputs = [config.services.gitea.package];
text = ''
gitea admin auth delete --id "$(gitea admin auth list | grep "${name}" | cut -d "$(printf '\t')" -f1)"
gitea admin auth add-oauth --provider=openidConnect --name=${name} --key="$CLIENT_ID" --secret="$CLIENT_SECRET" --auto-discover-url=https://auth.darksailor.dev/.well-known/openid-configuration --scopes='openid email profile'
'';
};
in {
description = "Configure Gitea OAuth with Authelia";
after = ["gitea.service"];
wants = ["gitea.service"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "oneshot";
User = config.services.gitea.user;
Group = config.services.gitea.group;
RemainAfterExit = true;
ExecStart = "${lib.getExe gitea_oauth_script}";
WorkingDirectory = config.services.gitea.stateDir;
EnvironmentFile = config.sops.templates."GITEA_OAUTH_SETUP.env".path;
};
environment = {
GITEA_WORK_DIR = config.services.gitea.stateDir;
GITEA_CUSTOM = config.services.gitea.customDir;
};
};
}

19
nixos/mirai/services/grafana.nix
View File

@@ -1,5 +1,4 @@
{ config, ... }:
{
{config, ...}: {
services = {
grafana = {
enable = true;
@@ -112,7 +111,7 @@
settings.process_names = [
{
name = "{{.Comm}}";
cmdline = [ ".*" ];
cmdline = [".*"];
}
];
};
@@ -122,14 +121,14 @@
job_name = "node";
static_configs = [
{
targets = [ "127.0.0.1:9100" ];
targets = ["127.0.0.1:9100"];
labels = {
device = "mirai";
type = "server";
};
}
{
targets = [ "tsuba:9100" ];
targets = ["tsuba:9100"];
labels = {
device = "tsuba";
type = "server";
@@ -137,7 +136,7 @@
};
}
{
targets = [ "ryu:9100" ];
targets = ["ryu:9100"];
labels = {
device = "ryu";
type = "desktop";
@@ -150,14 +149,14 @@
job_name = "process";
static_configs = [
{
targets = [ "127.0.0.1:9256" ];
targets = ["127.0.0.1:9256"];
labels = {
device = "mirai";
type = "server";
};
}
{
targets = [ "tsuba:9256" ];
targets = ["tsuba:9256"];
labels = {
device = "tsuba";
type = "server";
@@ -165,7 +164,7 @@
};
}
{
targets = [ "ryu:9256" ];
targets = ["ryu:9256"];
labels = {
device = "ryu";
type = "desktop";
@@ -178,7 +177,7 @@
job_name = "prometheus";
static_configs = [
{
targets = [ "127.0.0.1:9090" ];
targets = ["127.0.0.1:9090"];
labels = {
device = "mirai";
};

5
nixos/mirai/services/llama.nix
View File

@@ -3,12 +3,11 @@
pkgs,
inputs,
...
}:
{
}: {
sops = {
secrets."llama/api_key".owner = config.services.caddy.user;
secrets."llama/user".owner = config.services.caddy.user;
secrets."openai/api_key" = { };
secrets."openai/api_key" = {};
templates = {
"LLAMA_API_KEY.env".content = ''
LLAMA_API_KEY=${config.sops.placeholder."llama/api_key"}