3.7 KiB
3.7 KiB
Xeovalyte Dotfiles with Nix
New system install guide
1. Install Nixos with ISO
2. Copy hardware configuration to hosts directory
3. Generate ssh-keys
Archserver
ssh-keygen -f ~/.ssh/archserverssh-copy-id -i ~/.ssh/archserver 192.168.1.20
Gitea
ssh-keygen -f ~/.ssh/gitea -t ed25519 -C "me+gitea@xeovalyte.dev"- Upload to Gitea
- Verify ssh key (follow instructions on Gitea)
4. Add SSH keys
ssh-add ~/.ssh/giteassh-add ~/.ssh/archserver
Homelab
List over services
| Service | Description | Link |
|---|---|---|
| Caddy | Reverse proxy | - |
| Kanidm | Openid provider | auth.tbmrs.nl |
| Forgejo | Git provider | git.tbmrs.nl |
| Immich | Photo and videos | photos.tbmrs.nl |
| Homepage | Dashboard | home.tbmrs.nl |
| Uptime Kuma | Uptime monitor | uptime.tbmrs.nl |
| Pingvin share | Sharing of files | share.tbmrs.nl |
| Vaultwarden | Password manager | vault.local.tbmrs.nl |
| Paperless NGX | Documents management | paperless.local.tbmrs.nl |
| Beszel | Resource usage | monitor.local.tbmrs.nl |
| Dufs | File manager | files.tbmrs.nl |
| Syncthing | File syncing | syncthing.local.tbmrs.nl |
| Home Assistant | Home automation | home-assistant.local.tbmrs.nl |
| Bookmarking | ||
| Vikunja | Tasks management | vikunja.local.tbmrs.nl |
| Stalwart | Mailserver | mail.tbmrs.nl |
| Linkding | Bookmark managment | links.local.tbmrs.nl |
Todo
- Install koreader selfhosted sync
Openid commands
Configure new openid client
From: Kanidm Docs
Replace <service> with the name of the service.
- Create a new Kanidm group, and add your regular account to it:
$ kanidm group create <service>_users
$ kanidm group add-members <service>_users your_username
- Create a new OAuth2 application configuration in Kanidm, configure the redirect URL, and scope access to the group:
$ kanidm system oauth2 create <service> <servicename> <service_login_url>
$ kanidm system oauth2 add-redirect-url <service> <redirect_url>
$ kanidm system oauth2 update-scope-map <service> <service>_users email openid profile groups
- (Optional) Disable PKCE
$ kanidm system oauth2 warning-insecure-client-disable-pkce <service>
- Get the OAuth2 client secret from Kanidm
$ kanidm system oauth2 show-basic-secret <service>