diff --git a/flake.lock b/flake.lock index e4b8d04..1ab41db 100644 --- a/flake.lock +++ b/flake.lock @@ -25,50 +25,6 @@ "type": "github" } }, - "authentik": { - "inputs": { - "authentik-src": "authentik-src", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils", - "napalm": "napalm", - "nixpkgs": [ - "nixpkgs" - ], - "poetry2nix": "poetry2nix" - }, - "locked": { - "lastModified": 1715166702, - "narHash": "sha256-PJxwZoT1JWxMaKRdTLMHN55mdYlhZn2L5VpvyevKkug=", - "owner": "nix-community", - "repo": "authentik-nix", - "rev": "84c3ce6fe7c174ed1a53cbc5e36cf6a70f4dcc1b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "node-22", - "repo": "authentik-nix", - "type": "github" - } - }, - "authentik-src": { - "flake": false, - "locked": { - "lastModified": 1715092773, - "narHash": "sha256-B+ZLD1D/UQty1urQ0qDFo67vjsk/jtssjqIQOY0Oxq4=", - "owner": "goauthentik", - "repo": "authentik", - "rev": "1f5953b5b7e72c085246e8f19b94482dac946d83", - "type": "github" - }, - "original": { - "owner": "goauthentik", - "ref": "version/2024.4.2", - "repo": "authentik", - "type": "github" - } - }, "base16-schemes": { "flake": false, "locked": { @@ -142,7 +98,7 @@ }, "dns": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] @@ -162,22 +118,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1673956053, @@ -194,24 +134,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -233,24 +155,6 @@ } }, "flake-utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "locked": { "lastModified": 1614513358, "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", @@ -265,9 +169,9 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_2": { "inputs": { - "systems": "systems_4" + "systems": "systems_2" }, "locked": { "lastModified": 1681202837, @@ -312,11 +216,11 @@ ] }, "locked": { - "lastModified": 1715930644, - "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", + "lastModified": 1715486357, + "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", "owner": "nix-community", "repo": "home-manager", - "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", + "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", "type": "github" }, "original": { @@ -363,9 +267,9 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", - "flake-utils": "flake-utils_3", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], @@ -387,35 +291,10 @@ "type": "github" } }, - "napalm": { - "inputs": { - "flake-utils": [ - "authentik", - "flake-utils" - ], - "nixpkgs": [ - "authentik", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703102458, - "narHash": "sha256-3pOV731qi34Q2G8e2SqjUXqnftuFrbcq+NdagEZXISo=", - "owner": "nix-community", - "repo": "napalm", - "rev": "edcb26c266ca37c9521f6a97f33234633cbec186", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "napalm", - "type": "github" - } - }, "nix-colors": { "inputs": { "base16-schemes": "base16-schemes", - "nixpkgs-lib": "nixpkgs-lib_2" + "nixpkgs-lib": "nixpkgs-lib" }, "locked": { "lastModified": 1707825078, @@ -431,28 +310,6 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "authentik", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703863825, - "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -489,24 +346,6 @@ } }, "nixpkgs-lib": { - "locked": { - "dir": "lib", - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib_2": { "locked": { "lastModified": 1697935651, "narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=", @@ -573,34 +412,6 @@ "type": "sourcehut" } }, - "poetry2nix": { - "inputs": { - "flake-utils": [ - "authentik", - "flake-utils" - ], - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "authentik", - "nixpkgs" - ], - "systems": "systems_3", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1715017507, - "narHash": "sha256-RN2Vsba56PfX02DunWcZYkMLsipp928h+LVAWMYmbZg=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "e6b36523407ae6a7a4dfe29770c30b3a3563b43a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "poetry2nix", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -655,7 +466,6 @@ "root": { "inputs": { "agenix": "agenix", - "authentik": "authentik", "dns": "dns", "home-manager": "home-manager", "impermanence": "impermanence", @@ -724,57 +534,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "id": "systems", - "type": "indirect" - } - }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "authentik", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1714058656, - "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "trucksimulatorbot": { "inputs": { "images": "images", diff --git a/flake.nix b/flake.nix index 833a3e0..22d4107 100644 --- a/flake.nix +++ b/flake.nix @@ -28,11 +28,6 @@ }; nix-colors.url = "github:Misterio77/nix-colors"; - authentik = { - # branch to fix https://github.com/nix-community/authentik-nix/issues/24 - url = "github:nix-community/authentik-nix/node-22"; - inputs.nixpkgs.follows = "nixpkgs"; - }; purge = { url = "sourcehut:~rouven/purge"; @@ -61,7 +56,6 @@ , dns , nix-index-database , agenix - , authentik , impermanence , nix-colors , lanzaboote @@ -118,7 +112,6 @@ nix-index-database.nixosModules.nix-index impermanence.nixosModules.impermanence agenix.nixosModules.default - authentik.nixosModules.default ./hosts/nuc ./shared { diff --git a/hosts/falkenstein/modules/backup/default.nix b/hosts/falkenstein/modules/backup/default.nix index 3ef84b6..db55135 100644 --- a/hosts/falkenstein/modules/backup/default.nix +++ b/hosts/falkenstein/modules/backup/default.nix @@ -10,8 +10,6 @@ source_directories = [ "/var/lib" "/var/log" - "/var/mail" - "/var/sieve" "/root" ]; diff --git a/hosts/falkenstein/modules/mail/dovecot2.nix b/hosts/falkenstein/modules/mail/dovecot2.nix index 256cde2..4a4cd97 100644 --- a/hosts/falkenstein/modules/mail/dovecot2.nix +++ b/hosts/falkenstein/modules/mail/dovecot2.nix @@ -13,7 +13,7 @@ in enableImap = true; enableQuota = false; enableLmtp = true; - mailLocation = "maildir:/var/mail/%n"; + mailLocation = "maildir:~/Maildir"; sslServerCert = "/var/lib/acme/${hostname}/fullchain.pem"; sslServerKey = "/var/lib/acme/${hostname}/key.pem"; protocols = [ "imap" "sieve" ]; @@ -114,9 +114,6 @@ in } client_limit = 1 } - plugin { - sieve = file:/var/sieve/%u;active=/var/sieve/%u.sieve - } ''; }; }; diff --git a/hosts/falkenstein/modules/mail/postfix.nix b/hosts/falkenstein/modules/mail/postfix.nix index cbc6856..7246361 100644 --- a/hosts/falkenstein/modules/mail/postfix.nix +++ b/hosts/falkenstein/modules/mail/postfix.nix @@ -36,7 +36,7 @@ in sslCert = "/var/lib/acme/${hostname}/fullchain.pem"; sslKey = "/var/lib/acme/${hostname}/key.pem"; config = { - # home_mailbox = "Maildir/"; + home_mailbox = "Maildir/"; smtp_helo_name = config.networking.fqdn; smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name"; smtp_use_tls = true; diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index c6f8ffc..fca901e 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -4,11 +4,10 @@ [ # Include the results of the hardware scan. ./hardware-configuration.nix - ./modules/authentik ./modules/networks ./modules/adguard ./modules/backup - # ./modules/keycloak + ./modules/keycloak ./modules/jellyfin ./modules/cache ./modules/matrix diff --git a/hosts/nuc/modules/authentik/default.nix b/hosts/nuc/modules/authentik/default.nix deleted file mode 100644 index 6001fb9..0000000 --- a/hosts/nuc/modules/authentik/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, ... }: -let - domain = "auth.${config.networking.domain}"; -in -{ - age.secrets.authentik = { - file = ../../../../secrets/nuc/authentik.age; - }; - services.authentik = { - enable = true; - environmentFile = config.age.secrets.authentik.path; - nginx = { - enable = true; - enableACME = true; - host = domain; - }; - }; -} diff --git a/hosts/nuc/modules/seafile/default.nix b/hosts/nuc/modules/seafile/default.nix index 6653c0c..44833ba 100644 --- a/hosts/nuc/modules/seafile/default.nix +++ b/hosts/nuc/modules/seafile/default.nix @@ -20,9 +20,9 @@ in OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/' OAUTH_PROVIDER_DOMAIN = 'seafile.rfive.de' - OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/application/o/authorize/' - OAUTH_TOKEN_URL = 'https://auth.rfive.de/application/o/token/' - OAUTH_USER_INFO_URL = 'https://auth.rfive.de/application/o/userinfo/' + OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/auth' + OAUTH_TOKEN_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/token' + OAUTH_USER_INFO_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/userinfo' OAUTH_SCOPE = [ "openid", "profile", "email"] OAUTH_ATTRIBUTE_MAP = { "id": (False, "not used"), diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index a832e5d..8fe1cbd 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -23,7 +23,7 @@ identity="rose159e@tu-dresden.de" password="@EDUROAM_AUTH@" phase2="auth=PAP" - bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef 82:5a:1c:02:3d:db + bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef ''; extraConfig = '' scan_ssid=1 diff --git a/secrets.nix b/secrets.nix index e255c53..3c5a63c 100644 --- a/secrets.nix +++ b/secrets.nix @@ -22,7 +22,6 @@ in "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; "secrets/nuc/mullvad.age".publicKeys = [ rouven nuc ]; "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ]; - "secrets/nuc/authentik.age".publicKeys = [ rouven nuc ]; "secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; diff --git a/secrets/nuc/authentik.age b/secrets/nuc/authentik.age deleted file mode 100644 index 4eb5460..0000000 --- a/secrets/nuc/authentik.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 uWbAHQ P8lLfyQJTLD48yjbIo4r2f9nDxhyYEwdyKtI8YV6Pmo -tBUvWgD29fC/fTmNkhxmCEMUpNtToLprkjcO1r5ZKvo --> ssh-ed25519 2TRdXg vF2wlEgZccEAiCsGo3Ui1WhvqBba9n+ahObUlJjip00 -2jnqkxGTajSAYXzuRKXNEhEzCLqZFjbKNmzFlgwMZxk ---- Di6ktfCRqwE0fYflVF6xGQOnKbNZdaUr8fhWNE0qvBM -C AU+gƚAޡb胉cratC/ll"7 {\=X#o{)ѭWl{ \ No newline at end of file diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age index 555fe84..be8b4dc 100644 Binary files a/secrets/thinkpad/wireless.age and b/secrets/thinkpad/wireless.age differ