rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 13:23:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: rouven.seifert:f0647c2356e254320089e8f59c5bcdff74c3020f
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy
..
compare: rouven.seifert:dacf54aa9c3a7d4425ad460e2e6060ef1a3f4060
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy

No commits in common. "f0647c2356e254320089e8f59c5bcdff74c3020f" and "dacf54aa9c3a7d4425ad460e2e6060ef1a3f4060" have entirely different histories.
f0647c2356 ... dacf54aa9c

12 changed files with 17 additions and 297 deletions
Show stats Expand all files Collapse all files

261
flake.lock
View file

@ -25,50 +25,6 @@
"type": "github"
}
},
"authentik": {
"inputs": {
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": [
"nixpkgs"
],
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1715166702,
"narHash": "sha256-PJxwZoT1JWxMaKRdTLMHN55mdYlhZn2L5VpvyevKkug=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "84c3ce6fe7c174ed1a53cbc5e36cf6a70f4dcc1b",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "node-22",
"repo": "authentik-nix",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1715092773,
"narHash": "sha256-B+ZLD1D/UQty1urQ0qDFo67vjsk/jtssjqIQOY0Oxq4=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "1f5953b5b7e72c085246e8f19b94482dac946d83",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2024.4.2",
"repo": "authentik",
"type": "github"
}
},
"base16-schemes": {
"flake": false,
"locked": {
@ -142,7 +98,7 @@
},
"dns": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
@ -162,22 +118,6 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -194,24 +134,6 @@
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
@ -233,24 +155,6 @@
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1614513358,
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
@ -265,9 +169,9 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
"systems": "systems_2"
},
"locked": {
"lastModified": 1681202837,
@ -312,11 +216,11 @@
]
},
"locked": {
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"lastModified": 1715486357,
"narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
"type": "github"
},
"original": {
@ -363,9 +267,9 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_3",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
@ -387,35 +291,10 @@
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
"authentik",
"flake-utils"
],
"nixpkgs": [
"authentik",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703102458,
"narHash": "sha256-3pOV731qi34Q2G8e2SqjUXqnftuFrbcq+NdagEZXISo=",
"owner": "nix-community",
"repo": "napalm",
"rev": "edcb26c266ca37c9521f6a97f33234633cbec186",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "napalm",
"type": "github"
}
},
"nix-colors": {
"inputs": {
"base16-schemes": "base16-schemes",
"nixpkgs-lib": "nixpkgs-lib_2"
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1707825078,
@ -431,28 +310,6 @@
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"authentik",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703863825,
"narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
@ -489,24 +346,6 @@
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1711703276,
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1697935651,
"narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=",
@ -573,34 +412,6 @@
"type": "sourcehut"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": [
"authentik",
"flake-utils"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"authentik",
"nixpkgs"
],
"systems": "systems_3",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1715017507,
"narHash": "sha256-RN2Vsba56PfX02DunWcZYkMLsipp928h+LVAWMYmbZg=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "e6b36523407ae6a7a4dfe29770c30b3a3563b43a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
@ -655,7 +466,6 @@
"root": {
"inputs": {
"agenix": "agenix",
"authentik": "authentik",
"dns": "dns",
"home-manager": "home-manager",
"impermanence": "impermanence",
@ -724,57 +534,6 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"authentik",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1714058656,
"narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"trucksimulatorbot": {
"inputs": {
"images": "images",

7
flake.nix
View file

@ -28,11 +28,6 @@
};
nix-colors.url = "github:Misterio77/nix-colors";
authentik = {
# branch to fix https://github.com/nix-community/authentik-nix/issues/24
url = "github:nix-community/authentik-nix/node-22";
inputs.nixpkgs.follows = "nixpkgs";
};
purge = {
url = "sourcehut:~rouven/purge";
@ -61,7 +56,6 @@
, dns
, nix-index-database
, agenix
, authentik
, impermanence
, nix-colors
, lanzaboote
@ -118,7 +112,6 @@
nix-index-database.nixosModules.nix-index
impermanence.nixosModules.impermanence
agenix.nixosModules.default
authentik.nixosModules.default
./hosts/nuc
./shared
{

2
hosts/falkenstein/modules/backup/default.nix
View file

@ -10,8 +10,6 @@
source_directories = [
"/var/lib"
"/var/log"
"/var/mail"
"/var/sieve"
"/root"
];

5
hosts/falkenstein/modules/mail/dovecot2.nix
View file

@ -13,7 +13,7 @@ in
enableImap = true;
enableQuota = false;
enableLmtp = true;
mailLocation = "maildir:/var/mail/%n";
mailLocation = "maildir:~/Maildir";
sslServerCert = "/var/lib/acme/${hostname}/fullchain.pem";
sslServerKey = "/var/lib/acme/${hostname}/key.pem";
protocols = [ "imap" "sieve" ];
@ -114,9 +114,6 @@ in
}
client_limit = 1
}
plugin {
sieve = file:/var/sieve/%u;active=/var/sieve/%u.sieve
}
'';
};
};

2
hosts/falkenstein/modules/mail/postfix.nix
View file

@ -36,7 +36,7 @@ in
sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
sslKey = "/var/lib/acme/${hostname}/key.pem";
config = {
# home_mailbox = "Maildir/";
home_mailbox = "Maildir/";
smtp_helo_name = config.networking.fqdn;
smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
smtp_use_tls = true;

3
hosts/nuc/default.nix
View file

@ -4,11 +4,10 @@
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./modules/authentik
./modules/networks
./modules/adguard
./modules/backup
# ./modules/keycloak
./modules/keycloak
./modules/jellyfin
./modules/cache
./modules/matrix

18
hosts/nuc/modules/authentik/default.nix
View file

@ -1,18 +0,0 @@
{ config, ... }:
let
domain = "auth.${config.networking.domain}";
in
{
age.secrets.authentik = {
file = ../../../../secrets/nuc/authentik.age;
};
services.authentik = {
enable = true;
environmentFile = config.age.secrets.authentik.path;
nginx = {
enable = true;
enableACME = true;
host = domain;
};
};
}

6
hosts/nuc/modules/seafile/default.nix
View file

@ -20,9 +20,9 @@ in
OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = 'seafile.rfive.de'
OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/application/o/authorize/'
OAUTH_TOKEN_URL = 'https://auth.rfive.de/application/o/token/'
OAUTH_USER_INFO_URL = 'https://auth.rfive.de/application/o/userinfo/'
OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/auth'
OAUTH_TOKEN_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/token'
OAUTH_USER_INFO_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/userinfo'
OAUTH_SCOPE = [ "openid", "profile", "email"]
OAUTH_ATTRIBUTE_MAP = {
"id": (False, "not used"),

2
hosts/thinkpad/modules/networks/uni.nix
View file

@ -23,7 +23,7 @@
identity="rose159e@tu-dresden.de"
password="@EDUROAM_AUTH@"
phase2="auth=PAP"
bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef 82:5a:1c:02:3d:db
bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef
'';
extraConfig = ''
scan_ssid=1

1
secrets.nix
View file

@ -22,7 +22,6 @@ in
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
"secrets/nuc/mullvad.age".publicKeys = [ rouven nuc ];
"secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
"secrets/nuc/authentik.age".publicKeys = [ rouven nuc ];
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];

7
secrets/nuc/authentik.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 uWbAHQ P8lLfyQJTLD48yjbIo4r2f9nDxhyYEwdyKtI8YV6Pmo
tBUvWgD29fC/fTmNkhxmCEMUpNtToLprkjcO1r5ZKvo
-> ssh-ed25519 2TRdXg vF2wlEgZccEAiCsGo3Ui1WhvqBba9n+ahObUlJjip00
2jnqkxGTajSAYXzuRKXNEhEzCLqZFjbKNmzFlgwMZxk
--- Di6ktfCRqwE0fYflVF6xGQOnKbNZdaUr8fhWNE0qvBM
»ŸCÒ® „Å ÂAU+gÆšAÞ¡ð¨åb•«—Ê胉µÇcratC/êžÇþ<C387>ß±Õll"ªÙ7¬Š žŒ{\=<3D>ÍÍXoÜ{)ÞÑ­ØÖlÏù³ºÏ{‚ô›

BIN
secrets/thinkpad/wireless.age
View file

Binary file not shown.