diff --git a/krops.nix b/krops.nix index fac4e15..351034b 100644 --- a/krops.nix +++ b/krops.nix @@ -8,7 +8,7 @@ let nixos-config.symlink = "config/${machine}/configuration.nix"; nixpkgs.git = { clean.exclude = [ "/.version-suffix" ]; - ref = "973910f5c31b9ba6c171c33a8bd7199990b14c72"; # nixos-21.05 + ref = "e96c668072d7c98ddf2062f6d2b37f84909a572b"; # nixos-22.05 url = "https://github.com/NixOS/nixpkgs"; }; }]; diff --git a/machines/core-services-01/configuration.nix b/machines/core-services-01/configuration.nix index 8a53310..ebc4718 100644 --- a/machines/core-services-01/configuration.nix +++ b/machines/core-services-01/configuration.nix @@ -20,6 +20,7 @@ ./acme-dns.nix ./backups.nix ./dex.nix + ./oauth2_proxy.nix ./secrets # TODO push to gitea # TODO ./gotify.nix diff --git a/machines/core-services-01/dex.nix b/machines/core-services-01/dex.nix index 12c9476..1b62578 100644 --- a/machines/core-services-01/dex.nix +++ b/machines/core-services-01/dex.nix @@ -6,26 +6,16 @@ in services.dex = { enable = true; settings = { - issuer = ""; + issuer = "http://127.0.0.1:5556/dex"; storage = { type = "sqlite3"; config.file = "gitea/dex.db"; }; enablePasswordDB = true; - /* web = { - http = ""; + http = "127.0.0.1:5556"; }; - staticClients = [ - { - id = "oidcclient"; - name = "Client"; - redirectURIs = [ "/callback" ]; - secretFile = "/etc/dex/oidcclient"; - } - ]; - */ - connectors = { + connectors = [ { type = "gitea"; id = "gitea"; name = "Gitea"; @@ -35,7 +25,7 @@ in redirectURL = "http://127.0.0.1:5556/dex/callback"; baseURL = "https://git.${my.subZone}"; }; - }; + } ]; }; }; } diff --git a/machines/core-services-01/dokuwiki.nix b/machines/core-services-01/dokuwiki.nix index a0be037..1ad68e0 100644 --- a/machines/core-services-01/dokuwiki.nix +++ b/machines/core-services-01/dokuwiki.nix @@ -4,17 +4,12 @@ let my = config.my; in { - services.dokuwiki."wiki.${my.subZone}" = { + services.dokuwiki.sites."wiki.${my.subZone}" = { enable = true; - hostName = "wiki.${my.subZone}"; acl = '' * @ALL 1 * @admin 16 ''; - nginx = { - enableACME = true; - forceSSL = true; - }; }; /* diff --git a/machines/core-services-01/oauth2_proxy.nix b/machines/core-services-01/oauth2_proxy.nix new file mode 100644 index 0000000..4eca6d3 --- /dev/null +++ b/machines/core-services-01/oauth2_proxy.nix @@ -0,0 +1,5 @@ +{ ... }: +{ + users.users.oauth2_proxy.group = "oauth2_proxy"; + users.groups.oauth2_proxy = {}; +} diff --git a/machines/core-services-01/secrets/dexGiteaClientSecret.age b/machines/core-services-01/secrets/dexGiteaClientSecret.age new file mode 100644 index 0000000..41ffd35 --- /dev/null +++ b/machines/core-services-01/secrets/dexGiteaClientSecret.age @@ -0,0 +1,25 @@ +age-encryption.org/v1 +-> ssh-rsa krWCLQ +XmhJgoyNhXrHw08PTNMkLByPv7mmfqk2ZJ6yTihd2v4ZHdnHN9/nuWnBoK5KJod1 +9tUNwVUmlhfHO/ZDkvpRVgEUHX2SQ7YEcxMtIzocZJYY6JEh3T2+YtHqSvOOgqlV +NkQ6wLPYOHQ1Le5SVM6oQ+s+bJojn/edS5F6qPMDjiBMT7ogwqpVYm80QyaJt2xf +O8iFkzwmyxRSqTIyFX5iDb9irKpPK1fz1/YhdtYNQ+IEHLcxVUMvfMzenqxdGXir +L1vYA7BFmlgkcz60ws+Ob71LYr/edVJxrjFUojKRrMEtWQgXhTS8T20359okx2+d +MLGgVJoNeegF43+eaYIOHw +-> ssh-ed25519 85WiGg VIibrQuanG7Nqot4bebG9DXK7ThMpOwx3oQ3QR/S1zU +oQCrfWu70+Pm7pjRNTO5oiOSUCgrIvKYvuQe81US5gY +-> ssh-ed25519 reTIKw JnIrwm9UoJXoRQ8K6rWnoDDWpZq+uMNyrLl8/gdJZzc +R6ORZtogBqV8nMs86v+YVzHsrX9lXQTbNyIC0/aL+J0 +-> ssh-ed25519 /vwQcQ zWt+iAxLtWSdIbfA4+EWZBfFASkm9s3a9cRRwf3r3X0 +kYm8MXa/4DHp8ZnNblCqlPkEMqwHOfSZxoc0jewscHY +-> ssh-ed25519 cvTB5g yEewNstEZFs0GRqcMP59/+Z2OJL/l0thaZ46mwVouAE +aPmLSR/M6gO7Fvhq/MNwdTAif4bcsfiL9fmmKLnFmFU +-> ssh-ed25519 Wu8JLQ 7FHJpXe5uTNKNAXUR+G1tLkAWnsY+g4qLTAlEWVhFn8 ++A9LLbNMOQXyvKiDu1ddzSE0wB8ubHh9wWL8Zy+PmBM +-> ssh-ed25519 lHr4YQ d8JyALlCuGojdIacifRK6gMJD6jPkulln5DzH00ipSw +Ifk3ascdrChcv585jvNKb6W/EZixx0ly8YvSgDq9AxE +-> l?~i--grease }Zt #O NzbR!q $*`$T< +WMmJLFnsV7jsia2A2wdhlu0SZ3NKlEeCVbGGznlsv2FcfVmACdih0/J30OTkJ/EY +VTZ6JB4nJnldlcxxBUZ6hmtporJeUFEMjSU +--- 55FaRJUBUZoMZPmaRiVCuA+REOgpUv5Wryi2x1N2RxU +Ãz+ÂP'ßÀNßê}êŠàMÏ b¿›§9³”$JeºB™ŠÏ°+óÊñ6Œp®3¡| ‰·Â´^ã3=cƒ \ No newline at end of file