qenya/nixfiles
1
0
Fork 0
Code Issues 5 Pull requests Actions Activity

Compare commits

base: qenya:996871782480e10c120b2be8533df53430dd198b
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost
...
compare: qenya:8f8f2556a01ba0de9b9389b4c9afe6761c23bdba
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost

3 commits
9968717824 ... 8f8f2556a0

Author SHA1 Message Date
Katherina Walshe-Grey 8f8f2556a0 Revert "kanidm: init" 
This reverts commit 9968717824.
 2025-04-07 15:21:14 +01:00
Katherina Walshe-Grey 61d86b7f57 flake: pin lix version 2025-04-07 15:20:17 +01:00
Katherina Walshe-Grey 4265d5bae9 flake.lock: Update 
Flake lock file updates:

• Updated input 'firefox-addons':
    'gitlab:rycee/nur-expressions/5a0ac85616aa6b166ea715a41bc1255bb802b189?dir=pkgs/firefox-addons' (2025-03-16)
  → 'gitlab:rycee/nur-expressions/60f50437003e17137a871686dfa3fc4291edd5e5?dir=pkgs/firefox-addons' (2025-04-07)
• Removed input 'firefox-addons/flake-utils'
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07)
  → 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/147dee35aab2193b174e4c0868bd80ead5ce755c' (2025-03-02)
  → 'github:nix-community/nixpkgs.lib/e4822aea2a6d1cdd36653c134cacfd64c97ff4fa' (2025-03-30)
• Updated input 'home-manager':
    'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe' (2025-02-17)
  → 'github:nix-community/home-manager/a9f8b3db211b4609ddd83683f9db89796c7f6ac6' (2025-04-04)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/4e12151c9e014e2449e0beca2c0e9534b96a26b4' (2025-03-14)
  → 'github:nix-community/home-manager/f463902a3f03e15af658e48bcc60b39188ddf734' (2025-04-07)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/cdd2ef009676ac92b715ff26630164bb88fec4e0' (2025-03-13)
  → 'github:NixOS/nixpkgs/7819a0d29d1dd2bc331bec4b327f0776359b1fa6' (2025-04-05)
• Updated input 'nixpkgs-small':
    'github:NixOS/nixpkgs/f182029bf7f08a57762b4c762d0917b6803ceff4' (2025-03-15)
  → 'github:NixOS/nixpkgs/f27c6099cec4fe9b67c7fbc51d8324dcb4b52694' (2025-04-05)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5' (2025-03-15)
  → 'github:NixOS/nixpkgs/42a1c966be226125b48c384171c44c651c236c22' (2025-04-05)
• Updated input 'nixpkgs-unstable-small':
    'github:NixOS/nixpkgs/f985965fff9d4e5df55df0489ef113d09a6ee08d' (2025-03-16)
  → 'github:NixOS/nixpkgs/da98c5d529f118c82e80a3f9b4fb01fdeba3cf7a' (2025-04-06)
• Updated input 'plasma-manager':
    'github:nix-community/plasma-manager/5eeb0172fb74392053b66a8149e61b5e191b2845' (2025-02-26)
  → 'github:nix-community/plasma-manager/b70be387276e632fe51232887f9e04e2b6ef8c16' (2025-03-23)
• Updated input 'randomcat':
    'github:randomnetcat/nix-configs/a448b9a9ce66f8e1d1a1de1205f384da25574c7b' (2025-03-16)
  → 'github:randomnetcat/nix-configs/335ef83e439cfcb4781d5a8f54f606afb63e9f48' (2025-04-07)
 2025-04-07 12:28:08 +01:00
5 changed files with 43 additions and 127 deletions
Show stats Expand all files Collapse all files

101
flake.lock
View file

@ -86,18 +86,17 @@
}, },
"firefox-addons": { "firefox-addons": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
] ]
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1742097805, "lastModified": 1744010161,
"narHash": "sha256-N3/7llBZ93Itf7ndnNtEm7lPoMqSC57B/PNaMB6cL1Q=", "narHash": "sha256-6PNBLb/YXVlx2YaDqtljQYpk2MlE0VRjGXcEg1RN/qw=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "5a0ac85616aa6b166ea715a41bc1255bb802b189", "rev": "60f50437003e17137a871686dfa3fc4291edd5e5",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -113,11 +112,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1741352980, "lastModified": 1743550720,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -142,21 +141,6 @@
} }
}, },
"flake-utils_2": { "flake-utils_2": {
"locked": {
"lastModified": 1629284811,
"narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
}, },
@ -196,11 +180,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1739757849, "lastModified": 1743808813,
"narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -217,11 +201,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741955947, "lastModified": 1744008831,
"narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", "narHash": "sha256-g3mHJLB8ShKuMaBBZxiGuoftJ22f7Boegiw5xBUnS8E=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", "rev": "f463902a3f03e15af658e48bcc60b39188ddf734",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -246,7 +230,7 @@
}, },
"lix-module": { "lix-module": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
"lix": "lix", "lix": "lix",
"nixpkgs": [ "nixpkgs": [
@ -254,27 +238,24 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741892773, "lastModified": 1742943028,
"narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=",
"ref": "stable", "rev": "868d97695bab9d21f6070b03957bcace249fbe3c",
"rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", "type": "tarball",
"revCount": 130, "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/868d97695bab9d21f6070b03957bcace249fbe3c.tar.gz?rev=868d97695bab9d21f6070b03957bcace249fbe3c"
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
}, },
"original": { "original": {
"ref": "stable", "type": "tarball",
"type": "git", "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz"
"url": "https://git.lix.systems/lix-project/nixos-module"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1741862977, "lastModified": 1743813633,
"narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=", "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0", "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -286,11 +267,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1740877520, "lastModified": 1743296961,
"narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -301,11 +282,11 @@
}, },
"nixpkgs-small": { "nixpkgs-small": {
"locked": { "locked": {
"lastModified": 1742072093, "lastModified": 1743891346,
"narHash": "sha256-2aEgxL5RSzNHWFLWEUFXZhkVEYDOuVSXQBiOonzT/Kg=", "narHash": "sha256-QNxnxIi6PJEnwJp7ZXUpxX4/z/cmRJGeIOkIYfYh/8E=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f182029bf7f08a57762b4c762d0917b6803ceff4", "rev": "f27c6099cec4fe9b67c7fbc51d8324dcb4b52694",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -317,11 +298,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1742069588, "lastModified": 1743827369,
"narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", "narHash": "sha256-rpqepOZ8Eo1zg+KJeWoq1HAOgoMCDloqv5r2EAa9TSA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", "rev": "42a1c966be226125b48c384171c44c651c236c22",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -333,11 +314,11 @@
}, },
"nixpkgs-unstable-small": { "nixpkgs-unstable-small": {
"locked": { "locked": {
"lastModified": 1742095305, "lastModified": 1743948488,
"narHash": "sha256-L8qjRx4MbX/juwbo8+4qYbqQy0MFUzUJLV5o8oujvaA=", "narHash": "sha256-uKcMmNPvGPb58MhAFru/CMDYl69nZRK3A3SLch9ejgA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f985965fff9d4e5df55df0489ef113d09a6ee08d", "rev": "da98c5d529f118c82e80a3f9b4fb01fdeba3cf7a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -357,11 +338,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1740569341, "lastModified": 1742765550,
"narHash": "sha256-WV8nY2IOfWdzBF5syVgCcgOchg/qQtpYh6LECYS9XkY=", "narHash": "sha256-2vVIh2JrL6GAGfgCeY9e6iNKrBjs0Hw3bGQEAbwVs68=",
"owner": "nix-community", "owner": "nix-community",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "5eeb0172fb74392053b66a8149e61b5e191b2845", "rev": "b70be387276e632fe51232887f9e04e2b6ef8c16",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -373,11 +354,11 @@
"randomcat": { "randomcat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1742090267, "lastModified": 1744004743,
"narHash": "sha256-A+pimpalPZr9Un1yJaVsc+3J71IHuAPN+NSo5MqHtzM=", "narHash": "sha256-MIWwT/A4IfXmmSMCU3lVVnFJNmkXpYxcK+Fishja6XY=",
"owner": "randomnetcat", "owner": "randomnetcat",
"repo": "nix-configs", "repo": "nix-configs",
"rev": "a448b9a9ce66f8e1d1a1de1205f384da25574c7b", "rev": "335ef83e439cfcb4781d5a8f54f606afb63e9f48",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
flake.nix
View file

@ -6,7 +6,8 @@
nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
lix-module = { lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; # lix haven't figured out automatic updates yet: https://git.lix.systems/lix-project/nixos-module/issues/39
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };

6
hosts/kalessin/default.nix
View file

@ -28,7 +28,6 @@ in
randomcat.services.zfs.datasets = { randomcat.services.zfs.datasets = {
"rpool_kalessin/state" = { mountpoint = "none"; }; "rpool_kalessin/state" = { mountpoint = "none"; };
"rpool_kalessin/state/kanidm" = { mountpoint = "/var/lib/kanidm"; };
}; };
services.sanoid.datasets."rpool_kalessin/state" = { services.sanoid.datasets."rpool_kalessin/state" = {
@ -37,10 +36,5 @@ in
process_children_only = true; process_children_only = true;
}; };
fountain.services.kanidm = {
enable = true;
domain = "auth.unspecified.systems";
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

1
services/default.nix
View file

@ -5,7 +5,6 @@
./distributed-builds.nix ./distributed-builds.nix
./forgejo.nix ./forgejo.nix
./jellyfin.nix ./jellyfin.nix
./kanidm.nix
./navidrome.nix ./navidrome.nix
./remote-builder.nix ./remote-builder.nix
./web-redirect.nix ./web-redirect.nix

59
services/kanidm.nix
View file

@ -1,59 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkOption mkEnableOption types;
cfg = config.fountain.services.kanidm;
in
{
options.fountain.services.kanidm = {
enable = mkEnableOption "Kanidm";
domain = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable {
services = {
nginx = {
enable = true;
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
useACMEHost = cfg.domain;
locations."/".proxyPass = "https://[::1]:8443/";
};
};
};
kanidm = {
enableClient = true; # needed for admin configuration
enableServer = true;
package = pkgs.kanidm_1_5;
serverSettings = {
bindaddress = "[::1]:8443";
ldapbindaddress = "[::1]:636";
origin = "https://${cfg.domain}";
domain = cfg.domain;
tls_chain = "${config.security.acme.certs.${cfg.domain}.directory}/fullchain.pem";
tls_key = "${config.security.acme.certs.${cfg.domain}.directory}/key.pem";
online_backup.versions = 7;
trust_x_forward_for = true;
};
clientSettings.uri = config.services.kanidm.serverSettings.origin; # doesn't like connecting through localhost - wants hostname to match
};
};
security.acme.certs.${cfg.domain} = {
webroot = "/var/lib/acme/acme-challenge";
group = "acme_${cfg.domain}";
reloadServices = [ "kanidm.service" ];
};
users.groups."acme_${cfg.domain}".members = [
"kanidm"
config.services.nginx.user
];
networking.firewall.allowedTCPPorts = [ 80 443 636 ];
};
}