diff --git a/flake.lock b/flake.lock index 04db858..64b47f4 100644 --- a/flake.lock +++ b/flake.lock @@ -86,18 +86,17 @@ }, "firefox-addons": { "inputs": { - "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs-unstable" ] }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742097805, - "narHash": "sha256-N3/7llBZ93Itf7ndnNtEm7lPoMqSC57B/PNaMB6cL1Q=", + "lastModified": 1744010161, + "narHash": "sha256-6PNBLb/YXVlx2YaDqtljQYpk2MlE0VRjGXcEg1RN/qw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5a0ac85616aa6b166ea715a41bc1255bb802b189", + "rev": "60f50437003e17137a871686dfa3fc4291edd5e5", "type": "gitlab" }, "original": { @@ -113,11 +112,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -142,21 +141,6 @@ } }, "flake-utils_2": { - "locked": { - "lastModified": 1629284811, - "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -196,11 +180,11 @@ ] }, "locked": { - "lastModified": 1739757849, - "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", + "lastModified": 1743808813, + "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", "owner": "nix-community", "repo": "home-manager", - "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", + "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", "type": "github" }, "original": { @@ -217,11 +201,11 @@ ] }, "locked": { - "lastModified": 1741955947, - "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", + "lastModified": 1744008831, + "narHash": "sha256-g3mHJLB8ShKuMaBBZxiGuoftJ22f7Boegiw5xBUnS8E=", "owner": "nix-community", "repo": "home-manager", - "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", + "rev": "f463902a3f03e15af658e48bcc60b39188ddf734", "type": "github" }, "original": { @@ -246,7 +230,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -254,27 +238,24 @@ ] }, "locked": { - "lastModified": 1741892773, - "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", - "ref": "stable", - "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", - "revCount": 130, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" + "lastModified": 1742943028, + "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", + "rev": "868d97695bab9d21f6070b03957bcace249fbe3c", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/868d97695bab9d21f6070b03957bcace249fbe3c.tar.gz?rev=868d97695bab9d21f6070b03957bcace249fbe3c" }, "original": { - "ref": "stable", - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz" } }, "nixpkgs": { "locked": { - "lastModified": 1741862977, - "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=", + "lastModified": 1743813633, + "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0", + "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", "type": "github" }, "original": { @@ -286,11 +267,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1740877520, - "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", "type": "github" }, "original": { @@ -301,11 +282,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1742072093, - "narHash": "sha256-2aEgxL5RSzNHWFLWEUFXZhkVEYDOuVSXQBiOonzT/Kg=", + "lastModified": 1743891346, + "narHash": "sha256-QNxnxIi6PJEnwJp7ZXUpxX4/z/cmRJGeIOkIYfYh/8E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f182029bf7f08a57762b4c762d0917b6803ceff4", + "rev": "f27c6099cec4fe9b67c7fbc51d8324dcb4b52694", "type": "github" }, "original": { @@ -317,11 +298,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1742069588, - "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", + "lastModified": 1743827369, + "narHash": "sha256-rpqepOZ8Eo1zg+KJeWoq1HAOgoMCDloqv5r2EAa9TSA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", + "rev": "42a1c966be226125b48c384171c44c651c236c22", "type": "github" }, "original": { @@ -333,11 +314,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1742095305, - "narHash": "sha256-L8qjRx4MbX/juwbo8+4qYbqQy0MFUzUJLV5o8oujvaA=", + "lastModified": 1743948488, + "narHash": "sha256-uKcMmNPvGPb58MhAFru/CMDYl69nZRK3A3SLch9ejgA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f985965fff9d4e5df55df0489ef113d09a6ee08d", + "rev": "da98c5d529f118c82e80a3f9b4fb01fdeba3cf7a", "type": "github" }, "original": { @@ -357,11 +338,11 @@ ] }, "locked": { - "lastModified": 1740569341, - "narHash": "sha256-WV8nY2IOfWdzBF5syVgCcgOchg/qQtpYh6LECYS9XkY=", + "lastModified": 1742765550, + "narHash": "sha256-2vVIh2JrL6GAGfgCeY9e6iNKrBjs0Hw3bGQEAbwVs68=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "5eeb0172fb74392053b66a8149e61b5e191b2845", + "rev": "b70be387276e632fe51232887f9e04e2b6ef8c16", "type": "github" }, "original": { @@ -373,11 +354,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1742090267, - "narHash": "sha256-A+pimpalPZr9Un1yJaVsc+3J71IHuAPN+NSo5MqHtzM=", + "lastModified": 1744004743, + "narHash": "sha256-MIWwT/A4IfXmmSMCU3lVVnFJNmkXpYxcK+Fishja6XY=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "a448b9a9ce66f8e1d1a1de1205f384da25574c7b", + "rev": "335ef83e439cfcb4781d5a8f54f606afb63e9f48", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 4b3c089..5962bf5 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,8 @@ nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; + # lix haven't figured out automatic updates yet: https://git.lix.systems/lix-project/nixos-module/issues/39 + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index a34cbd3..65a0ced 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -28,7 +28,6 @@ in randomcat.services.zfs.datasets = { "rpool_kalessin/state" = { mountpoint = "none"; }; - "rpool_kalessin/state/kanidm" = { mountpoint = "/var/lib/kanidm"; }; }; services.sanoid.datasets."rpool_kalessin/state" = { @@ -37,10 +36,5 @@ in process_children_only = true; }; - fountain.services.kanidm = { - enable = true; - domain = "auth.unspecified.systems"; - }; - system.stateVersion = "23.11"; } diff --git a/services/default.nix b/services/default.nix index f60119c..9a3f8cb 100644 --- a/services/default.nix +++ b/services/default.nix @@ -5,7 +5,6 @@ ./distributed-builds.nix ./forgejo.nix ./jellyfin.nix - ./kanidm.nix ./navidrome.nix ./remote-builder.nix ./web-redirect.nix diff --git a/services/kanidm.nix b/services/kanidm.nix deleted file mode 100644 index 6bb891c..0000000 --- a/services/kanidm.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) mkIf mkOption mkEnableOption types; - cfg = config.fountain.services.kanidm; -in -{ - options.fountain.services.kanidm = { - enable = mkEnableOption "Kanidm"; - domain = mkOption { - type = types.str; - }; - }; - - config = mkIf cfg.enable { - services = { - nginx = { - enable = true; - virtualHosts = { - ${cfg.domain} = { - forceSSL = true; - useACMEHost = cfg.domain; - locations."/".proxyPass = "https://[::1]:8443/"; - }; - }; - }; - - kanidm = { - enableClient = true; # needed for admin configuration - enableServer = true; - package = pkgs.kanidm_1_5; - serverSettings = { - bindaddress = "[::1]:8443"; - ldapbindaddress = "[::1]:636"; - origin = "https://${cfg.domain}"; - domain = cfg.domain; - tls_chain = "${config.security.acme.certs.${cfg.domain}.directory}/fullchain.pem"; - tls_key = "${config.security.acme.certs.${cfg.domain}.directory}/key.pem"; - online_backup.versions = 7; - trust_x_forward_for = true; - }; - clientSettings.uri = config.services.kanidm.serverSettings.origin; # doesn't like connecting through localhost - wants hostname to match - }; - }; - - security.acme.certs.${cfg.domain} = { - webroot = "/var/lib/acme/acme-challenge"; - group = "acme_${cfg.domain}"; - reloadServices = [ "kanidm.service" ]; - }; - - users.groups."acme_${cfg.domain}".members = [ - "kanidm" - config.services.nginx.user - ]; - - networking.firewall.allowedTCPPorts = [ 80 443 636 ]; - }; -}