From 077138401e3bcf83163e245ba238c478bb75b07d Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Wed, 8 May 2024 15:37:19 +0200
Subject: [PATCH] dex: deconfigure
---
modules/ldap/default.nix | 30 +-----------------------------
modules/web/ifsrde.nix | 5 -----
secrets/quitte.yaml | 6 ++----
3 files changed, 3 insertions(+), 38 deletions(-)
diff --git a/modules/ldap/default.nix b/modules/ldap/default.nix
index bc400ad..1701831 100644
--- a/modules/ldap/default.nix
+++ b/modules/ldap/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, nixpkgs-unstable, system, ... }:
+{ config, pkgs, nixpkgs-unstable, system, ... }:
let
domain = "auth.${config.networking.domain}";
seedSettings = {
@@ -55,7 +55,6 @@ in
sops.secrets = {
"portunus/admin-password".owner = config.services.portunus.user;
"portunus/search-password".owner = config.services.portunus.user;
- "dex/environment".owner = config.systemd.services.dex.serviceConfig.User;
};
services.portunus = {
@@ -72,8 +71,6 @@ in
inherit domain seedSettings;
port = 8681;
- dex.enable = true;
-
ldap = {
suffix = "dc=ifsr,dc=de";
searchUserName = "search";
@@ -84,30 +81,6 @@ in
};
};
- services.dex.settings = {
- oauth2.skipApprovalScreen = true;
- frontend = {
- issuer = "iFSR Schliboleth";
- logoURL = "https://wiki.ifsr.de/images/3/3b/LogoiFSR.png";
- theme = "dark";
- };
- };
-
- systemd.services.dex.serviceConfig = {
- DynamicUser = lib.mkForce false;
- EnvironmentFile = config.sops.secrets."dex/environment".path;
- StateDirectory = "dex";
- User = "dex";
- };
-
- users = {
- users.dex = {
- group = "dex";
- isSystemUser = true;
- };
- groups.dex = { };
- };
-
security.pam.services.sshd.makeHomeDir = true;
services.nginx = {
@@ -115,7 +88,6 @@ in
virtualHosts."${config.services.portunus.domain}" = {
locations = {
"/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
- "/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}";
};
};
};
diff --git a/modules/web/ifsrde.nix b/modules/web/ifsrde.nix
index 0db4396..694abc7 100644
--- a/modules/web/ifsrde.nix
+++ b/modules/web/ifsrde.nix
@@ -73,9 +73,4 @@ in
};
};
};
-
- services.portunus.dex.oidcClients = [{
- id = "grav";
- callbackURL = "https://ifsr.de/admin/task:callback.oauth2";
- }];
}
diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml
index 0911f3e..6e39843 100644
--- a/secrets/quitte.yaml
+++ b/secrets/quitte.yaml
@@ -4,8 +4,6 @@ nix-serve:
key: ENC[AES256_GCM,data:GptsUgeXOOrwJctoMZ+mWXcw9DwJ0f0LOlLyMlH/877N4uA5/NtNKIaFHl3z2GWPRBnDLBzDEO1Q6EDuWbakr+Uq4zTJm2MOV6Qf4kM0BlNpXGIdjvh7tD2La7GV4ID+CT8U6p0E,iv:3A/Yy4PHsq9VdhW4SKIYdpd1enQ5cDiKLk5S9VrH0b4=,tag:WZzbct7LZmOhEvx9KVQ8WA==,type:str]
keycloak:
db: ENC[AES256_GCM,data:DVf/pVCHHUed2cQleECk0paBTZ/6Q3NE,iv:j3sWWNL0dqPJBLUx10+jJ7QvdAHvGM55KKDwG2aQEs0=,tag:6VTeE+Prsm+LPemzbEtVYg==,type:str]
-dex:
- environment: ENC[AES256_GCM,data:6UgcIV8PBUHj+AKk300IcY4QaR1AcMdkojx9EvXWlCeI6vuR6qh19FZ4OP2FrYr7165S8iXXV4vKbxgQSzXa7ulhXUgUVVs6RQFGIdl8zrbgOpLo0iO959DEmt60CQAWUOLKdnbjF0SxZNFo8+kgl63j01jQasBL11IkxEfD76K+j5OvrTG/2sJWgWPpD2+E0kKGDn2Go/BMFpBBI68xuZiN0KgJqP90WC3O4mE1Ez79onuuAq3DbGICEHGr5N8TPKmV6jPLmsVuYZs/neV8nJMDiJy+0B+KZ/KqwN+PoJTja2Qh1HFZJFrSFVFW5hGarHL7xZYQ59kOW66zLn3KvcOxqm8+tBxreC55TgOQq4qY/z+fOs+FSA==,iv:Oc7jzKz6ki6oBd2Ce/pmJH8GcGz+8IM9bHv7SLN38xI=,tag:m/kuri7s4RCkudjWBIfo5g==,type:str]
portunus:
admin-password: ENC[AES256_GCM,data:fESE6vrKhtslQO6ZJGv0T9t+leOSrgkY291orkwY+HPnOh26g2PSMX3j,iv:qmbCmjg0WsbOzfv6LsKcY3S1ssVXmaRB3lE6ZWzKSww=,tag:t8cP8XRTtto3EnNLEdz0yw==,type:str]
search-password: ENC[AES256_GCM,data:xtbWS98IkQbnBu67sN413VNHZLg6eedbStE2uZ2pljS30uoM3coO2d32,iv:lKMTNnQJJfjAG7aX+G0eNnL36Cxmn+cWMRAlTovMJ4Y=,tag:FQGRBqsmY2c9VVIdBvGwCw==,type:str]
@@ -50,8 +48,8 @@ sops:
c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I
vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-05-08T12:10:42Z"
- mac: ENC[AES256_GCM,data:lrTOJPidvYSfnk5HqI7J/LTA08FZIEpam5GCA7JV/TnvEf+L+sZOnEPJtfl9V3oZnUV1GzA1BRZCSxpvq8qWLC+R8F05KnDcUpwfxYFWoSFJginDRckh5YWFFK1nzwslbMKJ1u80tc8d9OU0Yqi5fuWECTVAz8Mq06u2dcqDSv4=,iv:/I5EqCcUhehDYle8DrWcROabSgIQj5RtqB4UvGT1/z8=,tag:eRmYUPqpallvWIZcqgMRnw==,type:str]
+ lastmodified: "2024-05-08T13:35:15Z"
+ mac: ENC[AES256_GCM,data:zlhjtcRQgGkF8c9dME27YR1ueYnV3z7ITu0znyx3/IqP8ibm+G/UgJQhWoijCyeYqzzOktYK0KX8a258GYb44iFXN4JCmX8A1VSXDBGbqUZk0N23PiN69MVDJDZYalkKG4Vt/WflVJ+Xn+ZvGe4pf9m3uFRs89jfQH/cpTH71aM=,iv:FTQYissXSdHYMnqOcTUFfmB1hL7tPmYvbq+gRap5iBY=,tag:DjKxTF4rB9DpKD9W4C16tw==,type:str]
pgp:
- created_at: "2024-02-29T15:23:23Z"
enc: |-