lander/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add mealie

Browse source 
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
This commit is contained in:
Lander Van den Bulcke 2025-09-28 11:52:23 +02:00
parent 4d97659b1b
commit edf76a17d4
Signed by: lander
GPG key ID: 0142722B4B0C536F
4 changed files with 67 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

22
hosts/hosting-01/auth/authelia.nix
View file

@ -48,7 +48,6 @@
address = "smtp://mail.escapeangle.com:587"; address = "smtp://mail.escapeangle.com:587";
username = "authelia@escapeangle.com"; username = "authelia@escapeangle.com";
sender = "authelia@escapeangle.com"; sender = "authelia@escapeangle.com";
}; };
log.level = "info"; log.level = "info";
@ -110,6 +109,27 @@
userinfo_signed_response_alg = "none"; userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic"; token_endpoint_auth_method = "client_secret_basic";
} }
{
client_id = "mealie";
client_name = "Mealie";
client_secret = "$pbkdf2-sha512$310000$Bi3.Z5ewisL.INFbSquvHQ$.Dicey0nFqoqGtmwoncmoNCARnK32twdVUcveWaO9OMKz5f8neIOEFTXSmIL7hf1erO20A08khv9W2I7aReZMw";
public = false;
authorization_policy = "two_factor";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [ "https://recipes.escapeangle.com/login" ];
scopes = [
"openid"
"email"
"profile"
"groups"
];
response_types = [ "code" ];
grant_types = [ "authorization_code" ];
access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
}
]; ];
}; };
}; };

37
hosts/hosting-01/default.nix
View file

@ -100,6 +100,43 @@ in
}; };
}; };
users.users.mealie = {
enable = true;
group = "mealie";
isSystemUser = true;
};
users.groups.mealie = { };
services.mealie = {
enable = true;
settings = {
BASE_URL = "https://recipes.escapeangle.com/";
DB_ENGINE = "postgres";
POSTGRES_SERVER = "db-01.tailnet.escapeangle.com";
OIDC_AUTH_ENABLED = false;
OIDC_SIGNUP_ENABLED = false;
OIDC_CONFIGURATION_URL = "https://auth.escapeangle.com/.well-known/openid-configuration";
OIDC_CLIENT_ID = "mealie";
OIDC_AUTO_REDIRECT = "false";
OIDC_ADMIN_GROUP = "mealie-admins";
OIDC_USER_GROUP = "mealie-users";
};
credentialsFile = config.sops.secrets.mealie-env.path;
};
sops.secrets.mealie-env = {
owner = "mealie";
sopsFile = ./secrets.yaml;
};
services.nginx.virtualHosts."recipes.escapeangle.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.mealie.port}";
};
};
security.acme.defaults.email = "landervandenbulcke@gmail.com"; security.acme.defaults.email = "landervandenbulcke@gmail.com";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;

5
hosts/hosting-01/secrets.yaml
View file

@ -19,6 +19,7 @@ forgejo:
secret-access-key: ENC[AES256_GCM,data:nODhpLuUG2uaaSDbULstA6YFHIRPg3mvgIyHqRB0Vj11f5X0TMuLjp3Feq7UeV9DbQWyjDVtEsRg9VGIywrD/Q==,iv:hsStXkXVLBkEWtBP6dY6z2mwfzv3t4L6E+Ht/18KE4E=,tag:vQBUwqXq41bbQ/+aSUIQJg==,type:str] secret-access-key: ENC[AES256_GCM,data:nODhpLuUG2uaaSDbULstA6YFHIRPg3mvgIyHqRB0Vj11f5X0TMuLjp3Feq7UeV9DbQWyjDVtEsRg9VGIywrD/Q==,iv:hsStXkXVLBkEWtBP6dY6z2mwfzv3t4L6E+Ht/18KE4E=,tag:vQBUwqXq41bbQ/+aSUIQJg==,type:str]
mailer-password: ENC[AES256_GCM,data:sO8Tt1Smwcr8hME/zYs118DiUfbcmhKnT2FCyjyUZfId4cHfjvxHuqZIHvBSlec27sbCmxRBHeCJ3Can6IFCAA==,iv:kPmW6oFCRBEzKScpFrW3Z0xhFCRg+MpiA9qJozakHjE=,tag:9xCVN/wFjN8Kl95PSC9aXA==,type:str] mailer-password: ENC[AES256_GCM,data:sO8Tt1Smwcr8hME/zYs118DiUfbcmhKnT2FCyjyUZfId4cHfjvxHuqZIHvBSlec27sbCmxRBHeCJ3Can6IFCAA==,iv:kPmW6oFCRBEzKScpFrW3Z0xhFCRg+MpiA9qJozakHjE=,tag:9xCVN/wFjN8Kl95PSC9aXA==,type:str]
oidc-secret: ENC[AES256_GCM,data:NeLfEXssdP5f4ff1uz3RwURw+OWAm3QgYz/EPpWb1aE+vIDIhPigiPem1+NrVvdBQ5uysL3VdnLtJPxwppcouoT7VGJkcog+,iv:eCl4I7EC7GTeQNSthk5QrMqNl1B9qvGGxQTspjD+LEU=,tag:qyPKf7E5xNmUI913Fb8n8A==,type:str] oidc-secret: ENC[AES256_GCM,data:NeLfEXssdP5f4ff1uz3RwURw+OWAm3QgYz/EPpWb1aE+vIDIhPigiPem1+NrVvdBQ5uysL3VdnLtJPxwppcouoT7VGJkcog+,iv:eCl4I7EC7GTeQNSthk5QrMqNl1B9qvGGxQTspjD+LEU=,tag:qyPKf7E5xNmUI913Fb8n8A==,type:str]
mealie-env: ENC[AES256_GCM,data:3fZJffJs/WwtmMirHBRkghfPPkTB5sgY6oWNs5GUbkUzOooWurOvm0OcQHAEQf+HLn21kCOk/ilmlrcdMFtzXijClpHuy8n7cwmdGI0bwZ14QPCVlSYvSPisjX0=,iv:tc77J3T4tNGzBnXNBlq4wmfFMFQ44ZFEtl2N1QAt77U=,tag:hW7YceS5/GQveJj8fcf5uA==,type:str]
sops: sops:
age: age:
- recipient: age18g4z53ykxzq35dsjq3a2np4f88xwat0kwtax229l3zn0ykhlpvqqy8fgtv - recipient: age18g4z53ykxzq35dsjq3a2np4f88xwat0kwtax229l3zn0ykhlpvqqy8fgtv
@ -30,8 +31,8 @@ sops:
NW9CUkJQbis1NmpyU0xrb3J4UVNKTDgKsPFnlQBa8LGm6s8uZsUXq9RIt4WzzROc NW9CUkJQbis1NmpyU0xrb3J4UVNKTDgKsPFnlQBa8LGm6s8uZsUXq9RIt4WzzROc
mz9dEVq/R54xvjMRltgzZyu54BWWOQYgkZUEhOnDoqwVnA7XwGGYtA== mz9dEVq/R54xvjMRltgzZyu54BWWOQYgkZUEhOnDoqwVnA7XwGGYtA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-08T11:59:46Z" lastmodified: "2025-09-28T09:49:37Z"
mac: ENC[AES256_GCM,data:16ZM1HZoWkXsZIILHdYY9yMIrPa6GO8VB2pWTCAuZb61qpIdDI1fYqim3w7MO8d0BtpJI7TvhE7kXuGncOo6IUZtpUiV+JkDUtpFor9yx4l58DAO2PwrjTo3vk/hQ/GNllTtAizt78O4i+VpZNgvP4C+h3GBQeJ3guBRpYZZ9ZY=,iv:enIftwBsWNU73kPUXfeHpbGW3Vo9kGHc5II0KdW4Ma8=,tag:okQ3XkJO4oGfWRJatS2AYA==,type:str] mac: ENC[AES256_GCM,data:YL5dyXcK8L+F2A/3TB9rzM/M8d9DraqmFfX5l9diQbgmuMO9ni+H6RC2lhKa2rcACVN+vhABHa6ofX7hwZLagI27cMLf4pOFJif78PFz/GCpSQagGtG7LdihgKDW6FF/sL7MpnkSjF0UbDjJlAwYSgMGtY9IAtj25MaeeZiLheY=,iv:ziYlKl1hV1kPUzGGY5EcVMNBcS2RCRIZpF+/1gCc8VI=,tag:leoSyONpmbvL7E+t6/OOuQ==,type:str]
pgp: pgp:
- created_at: "2025-07-06T18:28:35Z" - created_at: "2025-07-06T18:28:35Z"
enc: |- enc: |-

6
hosts/servers/db-01.nix
View file

@ -12,6 +12,7 @@
"authelia" "authelia"
"forgejo" "forgejo"
"lldap" "lldap"
"mealie"
]; ];
ensureUsers = [ ensureUsers = [
{ {
@ -26,6 +27,10 @@
name = "lldap"; name = "lldap";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{
name = "mealie";
ensureDBOwnership = true;
}
]; ];
}; };
@ -36,6 +41,7 @@
"authelia" "authelia"
"forgejo" "forgejo"
"lldap" "lldap"
"mealie"
]; ];
}; };