rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-01-18 17:11:39 +01:00
Code Issues Projects Releases Packages Wiki Activity

nuc: configure authentik

Browse source
This commit is contained in:
Rouven Seifert 2024-05-20 12:19:05 +02:00
parent dacf54aa9c
commit 21da78256c
7 changed files with 287 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

261
flake.lock
View file

@ -25,6 +25,50 @@
"type": "github"
}
},
"authentik": {
"inputs": {
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": [
"nixpkgs"
],
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1715166702,
"narHash": "sha256-PJxwZoT1JWxMaKRdTLMHN55mdYlhZn2L5VpvyevKkug=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "84c3ce6fe7c174ed1a53cbc5e36cf6a70f4dcc1b",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "node-22",
"repo": "authentik-nix",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1715092773,
"narHash": "sha256-B+ZLD1D/UQty1urQ0qDFo67vjsk/jtssjqIQOY0Oxq4=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "1f5953b5b7e72c085246e8f19b94482dac946d83",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2024.4.2",
"repo": "authentik",
"type": "github"
}
},
"base16-schemes": {
"flake": false,
"locked": {
@ -98,7 +142,7 @@
},
"dns": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
@ -118,6 +162,22 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -134,6 +194,24 @@
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
@ -155,6 +233,24 @@
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1614513358,
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
@ -169,9 +265,9 @@
"type": "github"
}
},
"flake-utils_2": {
"flake-utils_3": {
"inputs": {
"systems": "systems_2"
"systems": "systems_4"
},
"locked": {
"lastModified": 1681202837,
@ -216,11 +312,11 @@
]
},
"locked": {
"lastModified": 1715486357,
"narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"type": "github"
},
"original": {
@ -267,9 +363,9 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils_2",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
],
@ -291,10 +387,35 @@
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
"authentik",
"flake-utils"
],
"nixpkgs": [
"authentik",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703102458,
"narHash": "sha256-3pOV731qi34Q2G8e2SqjUXqnftuFrbcq+NdagEZXISo=",
"owner": "nix-community",
"repo": "napalm",
"rev": "edcb26c266ca37c9521f6a97f33234633cbec186",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "napalm",
"type": "github"
}
},
"nix-colors": {
"inputs": {
"base16-schemes": "base16-schemes",
"nixpkgs-lib": "nixpkgs-lib"
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1707825078,
@ -310,6 +431,28 @@
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"authentik",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703863825,
"narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
@ -346,6 +489,24 @@
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1711703276,
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1697935651,
"narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=",
@ -412,6 +573,34 @@
"type": "sourcehut"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": [
"authentik",
"flake-utils"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"authentik",
"nixpkgs"
],
"systems": "systems_3",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1715017507,
"narHash": "sha256-RN2Vsba56PfX02DunWcZYkMLsipp928h+LVAWMYmbZg=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "e6b36523407ae6a7a4dfe29770c30b3a3563b43a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
@ -466,6 +655,7 @@
"root": {
"inputs": {
"agenix": "agenix",
"authentik": "authentik",
"dns": "dns",
"home-manager": "home-manager",
"impermanence": "impermanence",
@ -534,6 +724,57 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"authentik",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1714058656,
"narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"trucksimulatorbot": {
"inputs": {
"images": "images",

7
flake.nix
View file

@ -28,6 +28,11 @@
};
nix-colors.url = "github:Misterio77/nix-colors";
authentik = {
# branch to fix https://github.com/nix-community/authentik-nix/issues/24
url = "github:nix-community/authentik-nix/node-22";
inputs.nixpkgs.follows = "nixpkgs";
};
purge = {
url = "sourcehut:~rouven/purge";
@ -56,6 +61,7 @@
, dns
, nix-index-database
, agenix
, authentik
, impermanence
, nix-colors
, lanzaboote
@ -112,6 +118,7 @@
nix-index-database.nixosModules.nix-index
impermanence.nixosModules.impermanence
agenix.nixosModules.default
authentik.nixosModules.default
./hosts/nuc
./shared
{

3
hosts/nuc/default.nix
View file

@ -4,10 +4,11 @@
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./modules/authentik
./modules/networks
./modules/adguard
./modules/backup
./modules/keycloak
# ./modules/keycloak
./modules/jellyfin
./modules/cache
./modules/matrix

18
hosts/nuc/modules/authentik/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, ... }:
let
domain = "auth.${config.networking.domain}";
in
{
age.secrets.authentik = {
file = ../../../../secrets/nuc/authentik.age;
};
services.authentik = {
enable = true;
environmentFile = config.age.secrets.authentik.path;
nginx = {
enable = true;
enableACME = true;
host = domain;
};
};
}

2
hosts/thinkpad/modules/networks/uni.nix
View file

@ -23,7 +23,7 @@
identity="rose159e@tu-dresden.de"
password="@EDUROAM_AUTH@"
phase2="auth=PAP"
bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef
bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef 82:5a:1c:02:3d:db
'';
extraConfig = ''
scan_ssid=1

1
secrets.nix
View file

@ -22,6 +22,7 @@ in
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
"secrets/nuc/mullvad.age".publicKeys = [ rouven nuc ];
"secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
"secrets/nuc/authentik.age".publicKeys = [ rouven nuc ];
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];

7
secrets/nuc/authentik.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 uWbAHQ Ugn0lJVRoXJXjny2pI00ucIUmUpAySNhOr2hELEjDDE
1yYbV4zXfF/+XxumG/Nolrjzt8Mha8z2hjqhDpeTYR8
-> ssh-ed25519 2TRdXg Ojx2JribTuqz8xz/ji6JQ++IFHUfkMnCOggv9/iaYFQ
RDrII1dvf3xpHMxbQupUMoQF23bS19oEeG1IGtC8VqE
--- wt+26KqMhqizDdV2YxvJ81GbFd8eM+92RgUA6V4nQXU
¹¸º„+(ïÒEÝÈ@=Çv5z&ÑR—™ÍŠ%ŠÒ• +Óø(„îT:7ŒµË­rB DÚÚž÷BãžbÙz—1®Ë_µÝŠ+\aIE@ïˆ!<21>Ä-£!