diff --git a/flake.lock b/flake.lock index c86905e..94db9df 100644 --- a/flake.lock +++ b/flake.lock @@ -21,47 +21,6 @@ "type": "github" } }, - "authentik-nix": { - "inputs": { - "authentik-src": "authentik-src", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils", - "napalm": "napalm", - "nixpkgs": "nixpkgs_2", - "poetry2nix": "poetry2nix" - }, - "locked": { - "lastModified": 1722879849, - "narHash": "sha256-Hg1I6vmrxWz6RrVROXn1RDCPniOJx93QQg99x/wSkjY=", - "owner": "nix-community", - "repo": "authentik-nix", - "rev": "80fc87361809f78b8a8cd7e57a14b66a726379ef", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "authentik-nix", - "type": "github" - } - }, - "authentik-src": { - "flake": false, - "locked": { - "lastModified": 1722875733, - "narHash": "sha256-LPNcvKiVrwPwc3G/j0a7KoMKAMScbzui0C3IgWXP+g4=", - "owner": "goauthentik", - "repo": "authentik", - "rev": "8f207c75046d722c17dee2bcf65fa386b06f5b9a", - "type": "github" - }, - "original": { - "owner": "goauthentik", - "ref": "version/2024.6.3", - "repo": "authentik", - "type": "github" - } - }, "blobs": { "flake": false, "locked": { @@ -102,8 +61,8 @@ }, "deploy-rs": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_3", + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs_2", "utils": "utils" }, "locked": { @@ -210,22 +169,6 @@ } }, "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_4": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -239,7 +182,7 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_5": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1696426674, @@ -256,24 +199,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1719745305, - "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -294,27 +219,9 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "git-hooks": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_4", "gitignore": "gitignore", "nixpkgs": [ "nixvim", @@ -458,31 +365,6 @@ "type": "github" } }, - "napalm": { - "inputs": { - "flake-utils": [ - "authentik-nix", - "flake-utils" - ], - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1717929455, - "narHash": "sha256-BiI5xWygriOJuNISnGAeL0KYxrEMnjgpg+7wDskVBhI=", - "owner": "nix-community", - "repo": "napalm", - "rev": "e1babff744cd278b56abe8478008b4a9e23036cf", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "napalm", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -504,28 +386,6 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703863825, - "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nixos-hardware": { "locked": { "lastModified": 1723310128, @@ -544,7 +404,7 @@ "nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "nixpkgs": [ "nixpkgs" ], @@ -597,18 +457,6 @@ "type": "indirect" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1717284937, - "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1723175592, @@ -625,22 +473,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1720542800, - "narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "feb2849fdeb70028c70d73b848214b00d324a497", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1702272962, "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", @@ -656,7 +488,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1723282977, "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=", @@ -674,15 +506,15 @@ "nixvim": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts_2", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts", "git-hooks": "git-hooks", "home-manager": "home-manager_3", "nix-darwin": "nix-darwin", "nixpkgs": [ "nixpkgs" ], - "treefmt-nix": "treefmt-nix_2" + "treefmt-nix": "treefmt-nix" }, "locked": { "lastModified": 1722925293, @@ -722,38 +554,9 @@ "type": "github" } }, - "poetry2nix": { - "inputs": { - "flake-utils": [ - "authentik-nix", - "flake-utils" - ], - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ], - "systems": "systems_3", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1719549552, - "narHash": "sha256-efvBV+45uQA6r7aov48H6MhvKp1QUIyIX5gh9oueUzs=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "4fd045cdb85f2a0173021a4717dc01d92d7ab2b2", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "poetry2nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", - "authentik-nix": "authentik-nix", "deploy-rs": "deploy-rs", "disko": "disko", "firefox-gnome-theme": "firefox-gnome-theme", @@ -762,7 +565,7 @@ "kvlibadwaita": "kvlibadwaita", "nixos-hardware": "nixos-hardware", "nixos-mailserver": "nixos-mailserver", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "nixpkgs-unstable": "nixpkgs-unstable", "nixvim": "nixvim", "plasma-manager": "plasma-manager", @@ -817,35 +620,6 @@ } }, "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "id": "systems", - "type": "indirect" - } - }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_5": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -877,28 +651,6 @@ } }, "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1718522839, - "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nixvim", @@ -921,7 +673,7 @@ }, "utils": { "inputs": { - "systems": "systems_4" + "systems": "systems_2" }, "locked": { "lastModified": 1701680307, @@ -939,7 +691,7 @@ }, "utils_2": { "inputs": { - "systems": "systems_5" + "systems": "systems_3" }, "locked": { "lastModified": 1709126324, diff --git a/hosts/vps1/default.nix b/hosts/vps1/default.nix index a195559..cc1e5bd 100644 --- a/hosts/vps1/default.nix +++ b/hosts/vps1/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ config, lib, ... }: { imports = [ @@ -37,10 +37,45 @@ groups = { jellyfin = { }; }; + extraGroups.acme.members = [ "kanidm" "nginx" ]; }; services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; + security.acme.certs."auth.vimium.com" = { + postRun = "systemctl restart kanidm.service"; + group = "acme"; + }; + + services.kanidm = let + baseDomain = "vimium.com"; + domain = "auth.${baseDomain}"; + uri = "https://${domain}"; + in { + enableClient = true; + enableServer = true; + clientSettings = { + inherit uri; + }; + serverSettings = { + bindaddress = "[::1]:3013"; + domain = baseDomain; + origin = uri; + tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem"; + tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem"; + }; + }; + + services.nginx.virtualHosts = { + "auth.vimium.com" = { + useACMEHost = "auth.vimium.com"; + forceSSL = true; + locations."/" = { + proxyPass = "https://[::1]:3013"; + }; + }; + }; + modules = rec { databases.postgresql.enable = true; services = {