progress on dex...

2022-01-25 23:59:59 +00:00 · 2022-01-25 23:59:59 +00:00 · e290a918a0
commit e290a918a0
parent 52d0f1433a
6 changed files with 37 additions and 21 deletions
--- a/krops.nix
+++ b/krops.nix
@ -8,7 +8,7 @@ let
      nixos-config.symlink = "config/${machine}/configuration.nix";
      nixpkgs.git = {
        clean.exclude = [ "/.version-suffix" ];
-        ref = "973910f5c31b9ba6c171c33a8bd7199990b14c72"; # nixos-21.05
+        ref = "e96c668072d7c98ddf2062f6d2b37f84909a572b"; # nixos-22.05
        url = "https://github.com/NixOS/nixpkgs";
      };
    }];
--- a/machines/core-services-01/configuration.nix
+++ b/machines/core-services-01/configuration.nix
@ -20,6 +20,7 @@
      ./acme-dns.nix
      ./backups.nix
      ./dex.nix
+      ./oauth2_proxy.nix
      ./secrets
      # TODO push to gitea
      # TODO ./gotify.nix
--- a/machines/core-services-01/dex.nix
+++ b/machines/core-services-01/dex.nix
@ -6,26 +6,16 @@ in
  services.dex = {
    enable = true;
    settings = {
-      issuer = "";
+      issuer = "http://127.0.0.1:5556/dex";
      storage = {
        type = "sqlite3";
        config.file = "gitea/dex.db";
      };
      enablePasswordDB = true;
-      /*
      web = {
-        http = "";
+        http = "127.0.0.1:5556";
      };
-      staticClients = [
-        {
-          id = "oidcclient";
-          name = "Client";
-          redirectURIs = [ "/callback" ];
-          secretFile = "/etc/dex/oidcclient";
-        }
-        ];
-      */
-      connectors = {
+      connectors = [ {
        type = "gitea";
        id = "gitea";
        name = "Gitea";
@ -35,7 +25,7 @@ in
          redirectURL = "http://127.0.0.1:5556/dex/callback";
          baseURL = "https://git.${my.subZone}";
        };
-      };
+      } ];
    };
  };
 }
--- a/machines/core-services-01/dokuwiki.nix
+++ b/machines/core-services-01/dokuwiki.nix
@ -4,17 +4,12 @@ let
  my = config.my;
 in
 {
-  services.dokuwiki."wiki.${my.subZone}" = {
+  services.dokuwiki.sites."wiki.${my.subZone}" = {
    enable = true;
-    hostName = "wiki.${my.subZone}";
    acl = ''
      *    @ALL      1
      *    @admin    16
    '';
-    nginx = {
-      enableACME = true;
-      forceSSL = true;
-    };
  };

  /*
--- a/machines/core-services-01/oauth2_proxy.nix
+++ b/machines/core-services-01/oauth2_proxy.nix
@ -0,0 +1,5 @@
+{ ... }:
+{
+  users.users.oauth2_proxy.group = "oauth2_proxy";
+  users.groups.oauth2_proxy = {};
+}
--- a/machines/core-services-01/secrets/dexGiteaClientSecret.age
+++ b/machines/core-services-01/secrets/dexGiteaClientSecret.age
@ -0,0 +1,25 @@
+age-encryption.org/v1
+-> ssh-rsa krWCLQ
+XmhJgoyNhXrHw08PTNMkLByPv7mmfqk2ZJ6yTihd2v4ZHdnHN9/nuWnBoK5KJod1
+9tUNwVUmlhfHO/ZDkvpRVgEUHX2SQ7YEcxMtIzocZJYY6JEh3T2+YtHqSvOOgqlV
+NkQ6wLPYOHQ1Le5SVM6oQ+s+bJojn/edS5F6qPMDjiBMT7ogwqpVYm80QyaJt2xf
+O8iFkzwmyxRSqTIyFX5iDb9irKpPK1fz1/YhdtYNQ+IEHLcxVUMvfMzenqxdGXir
+L1vYA7BFmlgkcz60ws+Ob71LYr/edVJxrjFUojKRrMEtWQgXhTS8T20359okx2+d
+MLGgVJoNeegF43+eaYIOHw
+-> ssh-ed25519 85WiGg VIibrQuanG7Nqot4bebG9DXK7ThMpOwx3oQ3QR/S1zU
+oQCrfWu70+Pm7pjRNTO5oiOSUCgrIvKYvuQe81US5gY
+-> ssh-ed25519 reTIKw JnIrwm9UoJXoRQ8K6rWnoDDWpZq+uMNyrLl8/gdJZzc
+R6ORZtogBqV8nMs86v+YVzHsrX9lXQTbNyIC0/aL+J0
+-> ssh-ed25519 /vwQcQ zWt+iAxLtWSdIbfA4+EWZBfFASkm9s3a9cRRwf3r3X0
+kYm8MXa/4DHp8ZnNblCqlPkEMqwHOfSZxoc0jewscHY
+-> ssh-ed25519 cvTB5g yEewNstEZFs0GRqcMP59/+Z2OJL/l0thaZ46mwVouAE
+aPmLSR/M6gO7Fvhq/MNwdTAif4bcsfiL9fmmKLnFmFU
+-> ssh-ed25519 Wu8JLQ 7FHJpXe5uTNKNAXUR+G1tLkAWnsY+g4qLTAlEWVhFn8
+A9LLbNMOQXyvKiDu1ddzSE0wB8ubHh9wWL8Zy+PmBM
+-> ssh-ed25519 lHr4YQ d8JyALlCuGojdIacifRK6gMJD6jPkulln5DzH00ipSw
+Ifk3ascdrChcv585jvNKb6W/EZixx0ly8YvSgDq9AxE
+-> l?~i--grease }Zt #O NzbR!q $*`$T<
+WMmJLFnsV7jsia2A2wdhlu0SZ3NKlEeCVbGGznlsv2FcfVmACdih0/J30OTkJ/EY
+VTZ6JB4nJnldlcxxBUZ6hmtporJeUFEMjSU
+--- 55FaRJUBUZoMZPmaRiVCuA+REOgpUv5Wryi2x1N2RxU
+Ãz+ÂP'ßÀNßê}êŠàMÏ	b¿›§9³”$JeºB™ŠÏ°+ó<>Êñ6Œp®3¡<33>|	‰·Â´^ã3=cƒ