diff --git a/fake_flake.nix b/fake_flake.nix index 50e6b9c..ac82abb 100644 --- a/fake_flake.nix +++ b/fake_flake.nix @@ -31,7 +31,7 @@ let { # xonsh update url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/305316.patch"; - hash = "sha256-oUjCyA18RvIChTUwPqkO4+v2skTqLBYf2DMd+ADiGE8="; + hash = "sha256-/OSbAur16Q1XZ/Nhf8VAzaQ3gqbaxWkQlf5G4UWKnh8="; } ]; @@ -43,7 +43,6 @@ in "${nivSources.agenix}/modules/age.nix" "${nivSources.nixos-mailserver}/default.nix" "${nivSources.nixos-matrix-modules}/module.nix" - (import nivSources.authentik-nix).nixosModules.default # fixme: ideally we'd not rely on the flake syntax to load the module (builtins.getFlake (asGithubRef nivSources.chaotic)).nixosModules.default diff --git a/modules/auth.nix b/modules/auth.nix index 7258d1a..30497bd 100644 --- a/modules/auth.nix +++ b/modules/auth.nix @@ -1,38 +1,10 @@ -<<<<<<< HEAD -{ config, pkgs ... }: +{ config, pkgs, ... }: let inherit (config.serverConfig) vhosts; inherit (config.networking) domain; -in in { - age.secrets.authentik_env = { - file = ../secrets/authentik_env.age; -# owner = "authentik"; -# group = "authentik"; - mode = "0600"; - }; + services.openldap = { + enable = true; - services.authentik = { -# enable = true; - # The environmentFile needs to be on the target host! - # Best use something like sops-nix or agenix to manage it - environmentFile = config.age.secrets.authentik_env.path; - -# authentikComponents = { -# staticWorkdirDeps = pkgs.authentikComponents.staticWorkdirDeps; - # }; - - settings = { - email = rec { - host = vhosts.mail_host.host; - port = 465; - username = "admin@${domain}"; - use_tls = true; - use_ssl = true; - from = username; - }; - disable_startup_analytics = true; - avatars = "initials"; - }; }; } diff --git a/modules/default.nix b/modules/default.nix index 30702a6..73e4a36 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -135,6 +135,10 @@ in port = 6379; open = false; }; + open_ldap_port = { + port = 389; + open = false; + }; }; vhosts = { diff --git a/modules/prometheus.nix b/modules/prometheus.nix index 14e2f06..eb97aa8 100644 --- a/modules/prometheus.nix +++ b/modules/prometheus.nix @@ -15,13 +15,12 @@ in targets = let inherit (lib) - toString filter isAttrs attrValues ; in - map (v: "127.0.0.1:${toString v.port}") ( + map (v: "127.0.0.1:${builtins.toString v.port}") ( filter (v: (isAttrs v) && v.enable) (attrValues config.services.prometheus.exporters) ); } diff --git a/secrets/authentik_env.age b/secrets/authentik_env.age deleted file mode 100644 index 8b139a6..0000000 --- a/secrets/authentik_env.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-rsa jWbwAg -wOku8nfaZn+SYKhPgDbnU2OFXP7bBnrhE8H87YRgkg2eReMD1t4fzg6GiGCW9Urj -ia3xivhGNq6GavB7RS1LKx3cRqjjIXHdtG0XERe72vY6bjfbA4afamJI6pKLzmti -M5dhZpqOA1WPrkZTGy+f6P+klpl3WEUg+vyslcfIO3pRPwazebER8EwtlxEzZkCH -HM015bFmJJQ26WD9wNj4IhpuOi6BO1ZtcyiEJigs8ylCnoBH9D8okaMzqlEb8G1E -MhCb4umcrXsNHux4qG33NQbo/ZaN8+1tPnOpkSE2wslYy8gvFaMSCWcHVzpf1tlL -GpDheRXrbN+cgczpmSD2CECv8EWLcI5fvqsKRRbH2WHvKa9tcwc9RKPWeeL9flNX -wpqQMbUBGGbXPJNd/D63xNKCOEcZuskRwiSgGYqrr864YY1kFvBxRM2BP/xcpKRh -2YKHrL4Bp/It5NHnkVSWqxF6CnajuXEL+R2Yh8aIl932gOpCwZSGkZnqVbLsdX3i -x3tFmB+Cfi9yrIWSPtxy2yswj09OT1sVkaDPRzYW3GD8JMQIl7INn9QdW9O9AzoE -Nhr44vbc1pnSjWucxaCD3+htt0PZLELV4001xlBFkpyuErjZcgJ3/x1rhKeXPwpo -q70dkDXEetnkfXiZ8uDKzeAzXBMEFjui5v/PcB4tHQA ---- bv5wWftXB8PIPk8118XQEhVViIO6FTX2ywc8R27770I -=z4}!I-wȃ8"Զ=ֳ@#1 XRwlI =!N{#NL9qouD*8aNUU(aMA y+AKxC5q[qP dt?}}{nX \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e841314..ff54e82 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -13,7 +13,6 @@ in # "duckdns_token.age".publicKeys = [ contabo_nix_pub ]; "synapse_db_pass.age".publicKeys = [ contabo_nix_pub ]; - "authentik_env.age".publicKeys = [ contabo_nix_pub ]; "synapse_db_pass_prepared.age".publicKeys = [ contabo_nix_pub ]; "grafana_admin_pass.age".publicKeys = [ contabo_nix_pub ];