From f3837236e7689d28d56a06fa9a6dad9dec0b9f2e Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Fri, 26 Apr 2024 10:36:09 +0200 Subject: [PATCH 1/5] zsh: fix networkctl completion --- shared/zsh.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/shared/zsh.nix b/shared/zsh.nix index 61b2d18..08e66c3 100644 --- a/shared/zsh.nix +++ b/shared/zsh.nix @@ -45,6 +45,8 @@ export MCFLY_RESULTS=30 export MCFLY_INTERFACE_VIEW=BOTTOM export MCFLY_PROMPT="❯" + # fix for networkctl + zstyle ':completion:*:complete:networkctl:*' list-grouped true source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh unsetopt extendedglob From 63d9cabcfb216a7cd2483473e05d26cbd8db8a69 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Fri, 26 Apr 2024 10:36:49 +0200 Subject: [PATCH 2/5] updates --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 65d7a41..37b6da6 100644 --- a/flake.lock +++ b/flake.lock @@ -216,11 +216,11 @@ ] }, "locked": { - "lastModified": 1713789879, - "narHash": "sha256-4Wt3Bg6uOnvwZcECBZaFEdzlWRlGLgd8DqLL4ugLdxg=", + "lastModified": 1714042918, + "narHash": "sha256-4AItZA3EQIiSNAxliuYEJumw/LaVfrMv84gYyrs0r3U=", "owner": "nix-community", "repo": "home-manager", - "rev": "46833c3115e8858370880d892748f0927d8193c3", + "rev": "0c5704eceefcb7bb238a958f532a86e3b59d76db", "type": "github" }, "original": { @@ -317,11 +317,11 @@ ] }, "locked": { - "lastModified": 1713668931, - "narHash": "sha256-rVlwWQlgFGGK3aPVcKmtYqWgjYnPah5FOIsYAqrMN2w=", + "lastModified": 1713869268, + "narHash": "sha256-o3CMQeu/S8/4zU0pMtYg51rd1FWdJsI2Xohzng1Ysdg=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "07ece11b22217b8459df589f858e92212b74f1a1", + "rev": "dcb6ac44922858ce3a5b46f77a36d6030181460c", "type": "github" }, "original": { @@ -332,11 +332,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713714899, - "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", + "lastModified": 1713895582, + "narHash": "sha256-cfh1hi+6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", + "rev": "572af610f6151fd41c212f897c71f7056e3fb518", "type": "github" }, "original": { From 71c7cf31d23657d0a12a55fe9daf38a2f9de8724 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Fri, 26 Apr 2024 10:36:59 +0200 Subject: [PATCH 3/5] printing: enable --- hosts/thinkpad/modules/printing/default.nix | 24 ++++++++++++--------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/hosts/thinkpad/modules/printing/default.nix b/hosts/thinkpad/modules/printing/default.nix index 5285585..de2c4ad 100644 --- a/hosts/thinkpad/modules/printing/default.nix +++ b/hosts/thinkpad/modules/printing/default.nix @@ -1,13 +1,17 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ cups ]; - # services.printing = { - # enable = true; - # stateless = true; - # browsedConf = '' - # BrowsePoll cups.agdsn.network - # LocalQueueNamingRemoteCUPS RemoteName - # ''; - # drivers = with pkgs; [ cups-kyocera ]; - # }; + # environment.systemPackages = with pkgs; [ cups ]; + services.avahi = { + enable = true; + nssmdns4 = true; + }; + services.printing = { + enable = true; + stateless = true; + browsedConf = '' + BrowsePoll cups.agdsn.network + LocalQueueNamingRemoteCUPS RemoteName + ''; + drivers = with pkgs; [ cups-kyocera ]; + }; } From 7bc9e0678868ed48742652f03a1da04654a0df55 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Fri, 26 Apr 2024 10:37:13 +0200 Subject: [PATCH 4/5] networking: beautify --- hosts/falkenstein/modules/networks/default.nix | 9 ++++++++- hosts/thinkpad/modules/networks/default.nix | 9 ++++++++- hosts/thinkpad/modules/networks/uni.nix | 2 +- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/hosts/falkenstein/modules/networks/default.nix b/hosts/falkenstein/modules/networks/default.nix index 33dc1d7..7cacf9b 100644 --- a/hosts/falkenstein/modules/networks/default.nix +++ b/hosts/falkenstein/modules/networks/default.nix @@ -87,8 +87,15 @@ }; networks."30-dorm" = { matchConfig.Name = "wg0"; + addresses = [ + { + addressConfig = { + Address = "192.168.43.4/24"; + AddPrefixRoute = false; + }; + } + ]; networkConfig = { - Address = "192.168.43.4/32"; DNS = "192.168.43.1"; Domains = [ "~vpn.rfive.de" diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index adfaf20..61290b4 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -163,8 +163,15 @@ networks."30-wg0" = { matchConfig.Name = "wg0"; linkConfig.RequiredForOnline = false; + addresses = [ + { + addressConfig = { + Address = "192.168.43.3/24"; + AddPrefixRoute = false; + }; + } + ]; networkConfig = { - Address = "192.168.43.3/32"; DNS = "192.168.43.1"; Domains = [ "~vpn.rfive.de" diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index 7c86553..0b4855e 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -95,7 +95,7 @@ systemd.services = { openfortivpn-agdsn = { description = "AG DSN Fortinet VPN"; - script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert bbbe0df79764c5f1bd4b332e449e43a40e43eec57c983a1e75a1896e6eae4da5"; + script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password)"; requires = [ "network-online.target" ]; after = [ "network.target" "network-online.target" ]; serviceConfig = { From afc0ea55bef99df28010da91c4fb6731ddcff7ca Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Fri, 26 Apr 2024 10:39:49 +0200 Subject: [PATCH 5/5] keycloak: re-init --- hosts/nuc/default.nix | 1 + hosts/nuc/modules/keycloak/default.nix | 43 +++++++++++++++++++++++++ secrets.nix | 1 + secrets/nuc/keycloak/db.age | Bin 0 -> 339 bytes 4 files changed, 45 insertions(+) create mode 100644 hosts/nuc/modules/keycloak/default.nix create mode 100644 secrets/nuc/keycloak/db.age diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 624fd75..3de6f87 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -7,6 +7,7 @@ ./modules/networks ./modules/adguard ./modules/backup + ./modules/keycloak ./modules/cache ./modules/matrix ./modules/mautrix-telegram diff --git a/hosts/nuc/modules/keycloak/default.nix b/hosts/nuc/modules/keycloak/default.nix new file mode 100644 index 0000000..0ace24b --- /dev/null +++ b/hosts/nuc/modules/keycloak/default.nix @@ -0,0 +1,43 @@ +{ config, ... }: +let + domain = "auth.${config.networking.domain}"; +in +{ + age.secrets.keycloak = { + file = ../../../../secrets/nuc/keycloak/db.age; + }; + services.keycloak = { + enable = true; + settings = { + http-port = 8084; + https-port = 19000; + hostname = domain; + # proxy-headers = "forwarded"; + proxy = "edge"; + }; + database = { + # host = "/var/run/postgresql/.s.PGSQL.5432"; + # useSSL = false; + # createLocally = false; + passwordFile = config.age.secrets.keycloak.path; + }; + initialAdminPassword = "plschangeme"; + }; + # services.postgresql = { + # enable = true; + # ensureUsers = [ + # { + # name = "keycloak"; + # ensureDBOwnership = true; + # } + # ]; + # ensureDatabases = [ "keycloak" ]; + # }; + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}"; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index afcde6c..f73f67b 100644 --- a/secrets.nix +++ b/secrets.nix @@ -20,6 +20,7 @@ in "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ]; "secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ]; "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; + "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ]; "secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; diff --git a/secrets/nuc/keycloak/db.age b/secrets/nuc/keycloak/db.age new file mode 100644 index 0000000000000000000000000000000000000000..1093a5bf5f6ea03cbdbdb1d3b8ec99964fadf213 GIT binary patch literal 339 zcmZ9_yH0~p002-o6E+j$%;Z9_P@tvJnB4YKD1BIGnZw2pHeg-229H%gYEPsuF1ppn}Y1hzvKrVSL0%nd(L zq7gf!hBL#PH>lhw2OAinVO>Ef)7e6|Rj?G4K2O+zAvIk%PoNE&rU67V?Si#5)7nPl2P>HMmTXUwnOP_>tVNtNg5Ssn%6!6hyhSj((Cv}Inr${u5+FFEYBW@W& z;JIl_b9)`stz@b#bkKy+xAD?*@_3Vtk;ZWPyt|@2=WnBF(qvL+5EwOfCE&HoHAh7< zr&WnQuGh9DVUIski@D;&u|&|p2jUM-ZlAtbyw5*_*SDR$>lVIy|GED@53}RXhuy=V O#5cXi7mzT@)$A7^VsX3x literal 0 HcmV?d00001