fix misc

fake_flake.nix

@@ -31,7 +31,7 @@ let
     {
       # xonsh update
       url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/305316.patch";
-      hash = "sha256-oUjCyA18RvIChTUwPqkO4+v2skTqLBYf2DMd+ADiGE8=";
+      hash = "sha256-/OSbAur16Q1XZ/Nhf8VAzaQ3gqbaxWkQlf5G4UWKnh8=";
     }
   ];
 
@@ -43,7 +43,6 @@ in
     "${nivSources.agenix}/modules/age.nix"
     "${nivSources.nixos-mailserver}/default.nix"
     "${nivSources.nixos-matrix-modules}/module.nix"
-    (import nivSources.authentik-nix).nixosModules.default
 
     # fixme: ideally we'd not rely on the flake syntax to load the module
     (builtins.getFlake (asGithubRef nivSources.chaotic)).nixosModules.default

modules/auth.nix

@@ -1,38 +1,10 @@
-<<<<<<< HEAD
+{ config, pkgs, ... }:
-{ config, pkgs ... }:
 let
   inherit (config.serverConfig) vhosts;
   inherit (config.networking) domain;
-in
 in {
-  age.secrets.authentik_env = {
+  services.openldap = {
-      file = ../secrets/authentik_env.age;
+    enable = true;
-#      owner = "authentik";
-#      group = "authentik";
-      mode = "0600";
-    };
 
-  services.authentik = {
-#    enable = true;
-    # The environmentFile needs to be on the target host!
-    # Best use something like sops-nix or agenix to manage it
-    environmentFile = config.age.secrets.authentik_env.path;
-
-#    authentikComponents = {
-#      staticWorkdirDeps = pkgs.authentikComponents.staticWorkdirDeps;
- #   };
-
-    settings = {
-      email = rec {
-        host = vhosts.mail_host.host;
-        port = 465;
-        username = "admin@${domain}";
-        use_tls = true;
-        use_ssl = true;
-        from = username;
-      };
-      disable_startup_analytics = true;
-      avatars = "initials";
-    };
   };
 }

modules/default.nix

@@ -135,6 +135,10 @@ in
           port = 6379;
           open = false;
         };
+        open_ldap_port = {
+          port = 389;
+          open = false;
+        };
       };
 
       vhosts = {

modules/prometheus.nix

@@ -15,13 +15,12 @@ in
             targets =
               let
                 inherit (lib)
-                  toString
                   filter
                   isAttrs
                   attrValues
                   ;
               in
-              map (v: "127.0.0.1:${toString v.port}") (
+              map (v: "127.0.0.1:${builtins.toString v.port}") (
                 filter (v: (isAttrs v) && v.enable) (attrValues config.services.prometheus.exporters)
               );
           }

secrets/authentik_env.age

@@ -1,15 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa jWbwAg
-wOku8nfaZn+SYKhPgDbnU2OFXP7bBnrhE8H87YRgkg2eReMD1t4fzg6GiGCW9Urj
-ia3xivhGNq6GavB7RS1LKx3cRqjjIXHdtG0XERe72vY6bjfbA4afamJI6pKLzmti
-M5dhZpqOA1WPrkZTGy+f6P+klpl3WEUg+vyslcfIO3pRPwazebER8EwtlxEzZkCH
-HM015bFmJJQ26WD9wNj4IhpuOi6BO1ZtcyiEJigs8ylCnoBH9D8okaMzqlEb8G1E
-MhCb4umcrXsNHux4qG33NQbo/ZaN8+1tPnOpkSE2wslYy8gvFaMSCWcHVzpf1tlL
-GpDheRXrbN+cgczpmSD2CECv8EWLcI5fvqsKRRbH2WHvKa9tcwc9RKPWeeL9flNX
-wpqQMbUBGGbXPJNd/D63xNKCOEcZuskRwiSgGYqrr864YY1kFvBxRM2BP/xcpKRh
-2YKHrL4Bp/It5NHnkVSWqxF6CnajuXEL+R2Yh8aIl932gOpCwZSGkZnqVbLsdX3i
-x3tFmB+Cfi9yrIWSPtxy2yswj09OT1sVkaDPRzYW3GD8JMQIl7INn9QdW9O9AzoE
-Nhr44vbc1pnSjWucxaCD3+htt0PZLELV4001xlBFkpyuErjZcgJ3/x1rhKeXPwpo
-q70dkDXEetnkfXiZ8uDKzeAzXBMEFjui5v/PcB4tHQA
---- bv5wWftXB8PIPk8118XQEhVViIO6FTX2ywc8R27770I
-=zø4š¶<C5A1>}
!IÇ-w©Èƒ×Á8"Ô¶Ö=Ö³@#1
í†öXRôÀÔwl˜IÚ
’=¥!N¼{#<23>NLÞ9qØo<C398>Õu¾D¦*ÈôŽñ‚8ªa©ô<C2A9>œNë°ô‹UUºá–æ(¬aMœA
™§åy+ü×AKx™C<E284A2>Û5–qÅ[qÞPæË	dÉìÌt?}ò}½{›n´X

secrets/secrets.nix

@@ -13,7 +13,6 @@ in
 
   # "duckdns_token.age".publicKeys = [ contabo_nix_pub ];
   "synapse_db_pass.age".publicKeys = [ contabo_nix_pub ];
-  "authentik_env.age".publicKeys = [ contabo_nix_pub ];
 
   "synapse_db_pass_prepared.age".publicKeys = [ contabo_nix_pub ];
   "grafana_admin_pass.age".publicKeys = [ contabo_nix_pub ];