wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

dex: deconfigure

Browse source
This commit is contained in:
Rouven Seifert 2024-05-08 15:37:19 +02:00
parent cb828a2188
commit 077138401e
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
3 changed files with 3 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
modules/ldap/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, nixpkgs-unstable, system, ... }:
{ config, pkgs, nixpkgs-unstable, system, ... }:
let
domain = "auth.${config.networking.domain}";
seedSettings = {
@ -55,7 +55,6 @@ in
sops.secrets = {
"portunus/admin-password".owner = config.services.portunus.user;
"portunus/search-password".owner = config.services.portunus.user;
"dex/environment".owner = config.systemd.services.dex.serviceConfig.User;
};
services.portunus = {
@ -72,8 +71,6 @@ in
inherit domain seedSettings;
port = 8681;
dex.enable = true;
ldap = {
suffix = "dc=ifsr,dc=de";
searchUserName = "search";
@ -84,30 +81,6 @@ in
};
};
services.dex.settings = {
oauth2.skipApprovalScreen = true;
frontend = {
issuer = "iFSR Schliboleth";
logoURL = "https://wiki.ifsr.de/images/3/3b/LogoiFSR.png";
theme = "dark";
};
};
systemd.services.dex.serviceConfig = {
DynamicUser = lib.mkForce false;
EnvironmentFile = config.sops.secrets."dex/environment".path;
StateDirectory = "dex";
User = "dex";
};
users = {
users.dex = {
group = "dex";
isSystemUser = true;
};
groups.dex = { };
};
security.pam.services.sshd.makeHomeDir = true;
services.nginx = {
@ -115,7 +88,6 @@ in
virtualHosts."${config.services.portunus.domain}" = {
locations = {
"/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
"/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}";
};
};
};

5
modules/web/ifsrde.nix
View file

@ -73,9 +73,4 @@ in
};
};
};
services.portunus.dex.oidcClients = [{
id = "grav";
callbackURL = "https://ifsr.de/admin/task:callback.oauth2";
}];
}

6
secrets/quitte.yaml
View file

@ -4,8 +4,6 @@ nix-serve:
key: ENC[AES256_GCM,data:GptsUgeXOOrwJctoMZ+mWXcw9DwJ0f0LOlLyMlH/877N4uA5/NtNKIaFHl3z2GWPRBnDLBzDEO1Q6EDuWbakr+Uq4zTJm2MOV6Qf4kM0BlNpXGIdjvh7tD2La7GV4ID+CT8U6p0E,iv:3A/Yy4PHsq9VdhW4SKIYdpd1enQ5cDiKLk5S9VrH0b4=,tag:WZzbct7LZmOhEvx9KVQ8WA==,type:str]
keycloak:
db: ENC[AES256_GCM,data:DVf/pVCHHUed2cQleECk0paBTZ/6Q3NE,iv:j3sWWNL0dqPJBLUx10+jJ7QvdAHvGM55KKDwG2aQEs0=,tag:6VTeE+Prsm+LPemzbEtVYg==,type:str]
dex:
environment: ENC[AES256_GCM,data:6UgcIV8PBUHj+AKk300IcY4QaR1AcMdkojx9EvXWlCeI6vuR6qh19FZ4OP2FrYr7165S8iXXV4vKbxgQSzXa7ulhXUgUVVs6RQFGIdl8zrbgOpLo0iO959DEmt60CQAWUOLKdnbjF0SxZNFo8+kgl63j01jQasBL11IkxEfD76K+j5OvrTG/2sJWgWPpD2+E0kKGDn2Go/BMFpBBI68xuZiN0KgJqP90WC3O4mE1Ez79onuuAq3DbGICEHGr5N8TPKmV6jPLmsVuYZs/neV8nJMDiJy+0B+KZ/KqwN+PoJTja2Qh1HFZJFrSFVFW5hGarHL7xZYQ59kOW66zLn3KvcOxqm8+tBxreC55TgOQq4qY/z+fOs+FSA==,iv:Oc7jzKz6ki6oBd2Ce/pmJH8GcGz+8IM9bHv7SLN38xI=,tag:m/kuri7s4RCkudjWBIfo5g==,type:str]
portunus:
admin-password: ENC[AES256_GCM,data:fESE6vrKhtslQO6ZJGv0T9t+leOSrgkY291orkwY+HPnOh26g2PSMX3j,iv:qmbCmjg0WsbOzfv6LsKcY3S1ssVXmaRB3lE6ZWzKSww=,tag:t8cP8XRTtto3EnNLEdz0yw==,type:str]
search-password: ENC[AES256_GCM,data:xtbWS98IkQbnBu67sN413VNHZLg6eedbStE2uZ2pljS30uoM3coO2d32,iv:lKMTNnQJJfjAG7aX+G0eNnL36Cxmn+cWMRAlTovMJ4Y=,tag:FQGRBqsmY2c9VVIdBvGwCw==,type:str]
@ -50,8 +48,8 @@ sops:
c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I
vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-08T12:10:42Z"
mac: ENC[AES256_GCM,data:lrTOJPidvYSfnk5HqI7J/LTA08FZIEpam5GCA7JV/TnvEf+L+sZOnEPJtfl9V3oZnUV1GzA1BRZCSxpvq8qWLC+R8F05KnDcUpwfxYFWoSFJginDRckh5YWFFK1nzwslbMKJ1u80tc8d9OU0Yqi5fuWECTVAz8Mq06u2dcqDSv4=,iv:/I5EqCcUhehDYle8DrWcROabSgIQj5RtqB4UvGT1/z8=,tag:eRmYUPqpallvWIZcqgMRnw==,type:str]
lastmodified: "2024-05-08T13:35:15Z"
mac: ENC[AES256_GCM,data:zlhjtcRQgGkF8c9dME27YR1ueYnV3z7ITu0znyx3/IqP8ibm+G/UgJQhWoijCyeYqzzOktYK0KX8a258GYb44iFXN4JCmX8A1VSXDBGbqUZk0N23PiN69MVDJDZYalkKG4Vt/WflVJ+Xn+ZvGe4pf9m3uFRs89jfQH/cpTH71aM=,iv:FTQYissXSdHYMnqOcTUFfmB1hL7tPmYvbq+gRap5iBY=,tag:DjKxTF4rB9DpKD9W4C16tw==,type:str]
pgp:
- created_at: "2024-02-29T15:23:23Z"
enc: |-