jordan/nix-config
1
1
Fork 0
Code Issues 14 Pull Requests Actions Projects 3 Wiki Activity

Add kanidm
Some checks failed
Check flake / build-amd64-linux (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Jordan Holt 2024-08-12 20:56:11 +01:00
parent 0cb2740a86
commit 413869266e
Signed by: jordan
GPG Key ID: B8CFFF61F1CCF520
2 changed files with 48 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

272
flake.lock generated
View File

@ -21,47 +21,6 @@
"type": "github"
}
},
"authentik-nix": {
"inputs": {
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": "nixpkgs_2",
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1722879849,
"narHash": "sha256-Hg1I6vmrxWz6RrVROXn1RDCPniOJx93QQg99x/wSkjY=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "80fc87361809f78b8a8cd7e57a14b66a726379ef",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "authentik-nix",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1722875733,
"narHash": "sha256-LPNcvKiVrwPwc3G/j0a7KoMKAMScbzui0C3IgWXP+g4=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "8f207c75046d722c17dee2bcf65fa386b06f5b9a",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2024.6.3",
"repo": "authentik",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
@ -102,8 +61,8 @@
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_3",
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
},
"locked": {
@ -210,22 +169,6 @@
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@ -239,7 +182,7 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_5": {
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -256,24 +199,6 @@
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1719745305,
"narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
@ -294,27 +219,9 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_4",
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
@ -458,31 +365,6 @@
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
"authentik-nix",
"flake-utils"
],
"nixpkgs": [
"authentik-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717929455,
"narHash": "sha256-BiI5xWygriOJuNISnGAeL0KYxrEMnjgpg+7wDskVBhI=",
"owner": "nix-community",
"repo": "napalm",
"rev": "e1babff744cd278b56abe8478008b4a9e23036cf",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "napalm",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
@ -504,28 +386,6 @@
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"authentik-nix",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703863825,
"narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1723310128,
@ -544,7 +404,7 @@
"nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
@ -597,18 +457,6 @@
"type": "indirect"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1717284937,
"narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1723175592,
@ -625,22 +473,6 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1720542800,
"narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "feb2849fdeb70028c70d73b848214b00d324a497",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
@ -656,7 +488,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_3": {
"locked": {
"lastModified": 1723282977,
"narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=",
@ -674,15 +506,15 @@
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_2",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_2"
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1722925293,
@ -722,38 +554,9 @@
"type": "github"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": [
"authentik-nix",
"flake-utils"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"authentik-nix",
"nixpkgs"
],
"systems": "systems_3",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1719549552,
"narHash": "sha256-efvBV+45uQA6r7aov48H6MhvKp1QUIyIX5gh9oueUzs=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "4fd045cdb85f2a0173021a4717dc01d92d7ab2b2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"authentik-nix": "authentik-nix",
"deploy-rs": "deploy-rs",
"disko": "disko",
"firefox-gnome-theme": "firefox-gnome-theme",
@ -762,7 +565,7 @@
"kvlibadwaita": "kvlibadwaita",
"nixos-hardware": "nixos-hardware",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim",
"plasma-manager": "plasma-manager",
@ -817,35 +620,6 @@
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -877,28 +651,6 @@
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"authentik-nix",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1718522839,
"narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixvim",
@ -921,7 +673,7 @@
},
"utils": {
"inputs": {
"systems": "systems_4"
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
@ -939,7 +691,7 @@
},
"utils_2": {
"inputs": {
"systems": "systems_5"
"systems": "systems_3"
},
"locked": {
"lastModified": 1709126324,

37
hosts/vps1/default.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }:
{ config, lib, ... }:
{
imports = [
@ -37,10 +37,45 @@
groups = {
jellyfin = { };
};
extraGroups.acme.members = [ "kanidm" "nginx" ];
};
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
security.acme.certs."auth.vimium.com" = {
postRun = "systemctl restart kanidm.service";
group = "acme";
};
services.kanidm = let
baseDomain = "vimium.com";
domain = "auth.${baseDomain}";
uri = "https://${domain}";
in {
enableClient = true;
enableServer = true;
clientSettings = {
inherit uri;
};
serverSettings = {
bindaddress = "[::1]:3013";
domain = baseDomain;
origin = uri;
tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem";
};
};
services.nginx.virtualHosts = {
"auth.vimium.com" = {
useACMEHost = "auth.vimium.com";
forceSSL = true;
locations."/" = {
proxyPass = "https://[::1]:3013";
};
};
};
modules = rec {
databases.postgresql.enable = true;
services = {