diff --git a/flake.lock b/flake.lock index ee50be8..b06ee97 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,47 @@ { "nodes": { + "authentik-nix": { + "inputs": { + "authentik-src": "authentik-src", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "napalm": "napalm", + "nixpkgs": "nixpkgs", + "poetry2nix": "poetry2nix", + "systems": "systems" + }, + "locked": { + "lastModified": 1732215451, + "narHash": "sha256-P2VVlzRGKBNsiHsN1yMZcSMXpwtIx9ysMFZAqKFJ14o=", + "owner": "nix-community", + "repo": "authentik-nix", + "rev": "9d9c0a3a94a91cfed654a18239e27cf56970daa4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "authentik-nix", + "type": "github" + } + }, + "authentik-src": { + "flake": false, + "locked": { + "lastModified": 1732213300, + "narHash": "sha256-4Pv35cnZGiTxe6j2O0F9L9sHzxVIC1SazeAUD5kWeBs=", + "owner": "goauthentik", + "repo": "authentik", + "rev": "527e584699abc93712114b05f70f59c5187caa66", + "type": "github" + }, + "original": { + "owner": "goauthentik", + "ref": "version/2024.10.4", + "repo": "authentik", + "type": "github" + } + }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -88,6 +130,29 @@ "type": "github" } }, + "firefox-addons": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "dir": "pkgs/firefox-addons", + "lastModified": 1733574830, + "narHash": "sha256-2ZYNh7CLQvIyE3nk3C36pnvDiD+xZOscBSTI7Kf5KOU=", + "owner": "rycee", + "repo": "nur-expressions", + "rev": "f2721e6b09c55e4a272624dab404b99ea7d62ce9", + "type": "gitlab" + }, + "original": { + "dir": "pkgs/firefox-addons", + "owner": "rycee", + "repo": "nur-expressions", + "type": "gitlab" + } + }, "flake-compat": { "flake": false, "locked": { @@ -137,6 +202,22 @@ } }, "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -150,7 +231,7 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_5": { + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1696426674, @@ -168,16 +249,14 @@ }, "flake-parts": { "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "type": "github" }, "original": { @@ -187,6 +266,26 @@ } }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nvim-nix", @@ -195,11 +294,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -210,7 +309,10 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": [ + "authentik-nix", + "systems" + ] }, "locked": { "lastModified": 1726560853, @@ -227,15 +329,12 @@ } }, "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1629284811, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", "type": "github" }, "original": { @@ -246,25 +345,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { - "inputs": { - "systems": "systems_4" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -280,7 +361,43 @@ "type": "github" } }, + "flake-utils_4": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flake-utils_5": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { "inputs": { "systems": "systems_5" }, @@ -298,7 +415,25 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_7": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_8": { "inputs": { "systems": [ "stylix", @@ -355,11 +490,11 @@ ] }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1733318908, + "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", "type": "github" }, "original": { @@ -394,27 +529,27 @@ "gnome-shell": { "flake": false, "locked": { - "lastModified": 1713702291, - "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=", + "lastModified": 1732369855, + "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934", + "rev": "dadd58f630eeea41d645ee225a63f719390829dc", "type": "github" }, "original": { "owner": "GNOME", - "ref": "46.1", + "ref": "47.2", "repo": "gnome-shell", "type": "github" } }, "hardware": { "locked": { - "lastModified": 1732483221, - "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", + "lastModified": 1733481457, + "narHash": "sha256-IS3bxa4N1VMSh3/P6vhEAHQZecQ3oAlKCDvzCQSO5Is=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", + "rev": "e563803af3526852b6b1d77107a81908c66a9fcf", "type": "github" }, "original": { @@ -450,11 +585,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1733484277, + "narHash": "sha256-i5ay20XsvpW91N4URET/nOc0VQWOAd4c4vbqYtcH8Rc=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "d00c6f6d0ad16d598bf7e2956f52c1d9d5de3c3a", "type": "github" }, "original": { @@ -472,11 +607,11 @@ ] }, "locked": { - "lastModified": 1732025103, - "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=", + "lastModified": 1733389730, + "narHash": "sha256-KZMu4ddMll5khS0rYkJsVD0hVqjMNHlhTM3PCQar0Ag=", "owner": "nix-community", "repo": "home-manager", - "rev": "a46e702093a5c46e192243edbd977d5749e7f294", + "rev": "65912bc6841cf420eb8c0a20e03df7cbbff5963f", "type": "github" }, "original": { @@ -493,11 +628,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1733085484, + "narHash": "sha256-dVmNuUajnU18oHzBQWZm1BQtANCHaqNuxTHZQ+GN0r8=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "c1fee8d4a60b89cae12b288ba9dbc608ff298163", "type": "github" }, "original": { @@ -538,18 +673,18 @@ }, "microvm": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ], "spectrum": "spectrum" }, "locked": { - "lastModified": 1732633513, - "narHash": "sha256-6LmtOmeDpv9iHS8l0GNcppP11dKIJFMZLdFyxQ+qQBM=", + "lastModified": 1733583112, + "narHash": "sha256-A270nuR+P3lEY0p10Bt70tq5DCB39+DnaeFkZBec4+s=", "owner": "astro", "repo": "microvm.nix", - "rev": "093ef734d3c37669860043a87dbf1c09fc6f5b38", + "rev": "0308cc2d134d5e62cdef55ecb4c5e5c3824636f0", "type": "github" }, "original": { @@ -558,6 +693,32 @@ "type": "github" } }, + "napalm": { + "inputs": { + "flake-utils": [ + "authentik-nix", + "flake-utils" + ], + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725806412, + "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=", + "owner": "willibutz", + "repo": "napalm", + "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5", + "type": "github" + }, + "original": { + "owner": "willibutz", + "ref": "avoid-foldl-stack-overflow", + "repo": "napalm", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -567,11 +728,11 @@ ] }, "locked": { - "lastModified": 1732016537, - "narHash": "sha256-XwXUK+meYnlhdQz2TVE4Wv+tsx1CkdGbDPt1tRzCNH4=", + "lastModified": 1733351379, + "narHash": "sha256-MTMsAhXxMMVHVN99jT8E0afOAOtt3JQWjYpTja94PAU=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "61cee20168a3ebb71a9efd70a55adebaadfbe4d4", + "rev": "55d07816a0944f06a9df5ef174999a72fa4060c7", "type": "github" }, "original": { @@ -580,6 +741,28 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "authentik-nix", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -587,11 +770,11 @@ ] }, "locked": { - "lastModified": 1732519917, - "narHash": "sha256-AGXhwHdJV0q/WNgqwrR2zriubLr785b02FphaBtyt1Q=", + "lastModified": 1733024876, + "narHash": "sha256-vy9Q41hBE7Zg0yakF79neVgb3i3PQMSMR7uHPpPywFE=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "f4a5ca5771ba9ca31ad24a62c8d511a405303436", + "rev": "6e0b7f81367069589a480b91603a10bcf71f3103", "type": "github" }, "original": { @@ -602,18 +785,18 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1732653228, - "narHash": "sha256-FtJ0ByjxgRdF39wZ7ezEkDFLurTUjSa8MsBHVMB/xqQ=", + "lastModified": 1733536536, + "narHash": "sha256-gTlpRSELDSHMRa1/BwZR7eX5mka5y3YQbb1efLuyovs=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "82943da4abd1d29dc98ce1630e717eb863f33b72", + "rev": "7aa26ebccf778efe880fda1290db9c1da56ffa4f", "type": "github" }, "original": { @@ -624,18 +807,18 @@ }, "nixos-wsl": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1731682434, - "narHash": "sha256-HnZFPB7akVIy0KuPq/tEkiB+Brt1qi0DUIDzR8z25qI=", + "lastModified": 1733516684, + "narHash": "sha256-yz3mZyTnPlxZW2f51kJyfofDsBeX7WxAPvTXZtr2lW4=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "a6b9cf0b7805e2c50829020a73e7bde683fd36dd", + "rev": "dd20ebde771edbdececade73dbb8791ff987d0db", "type": "github" }, "original": { @@ -647,11 +830,39 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1727825735, + "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1733392399, + "narHash": "sha256-kEsTJTUQfQFIJOcLYFt/RvNxIK653ZkTBIs4DG+cBns=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "d0797a04b81caeae77bcff10a9dde78bc17f5661", "type": "github" }, "original": { @@ -661,7 +872,7 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_3": { "locked": { "lastModified": 1728538411, "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=", @@ -677,7 +888,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1732238832, "narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=", @@ -696,8 +907,8 @@ "nixvim": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts_2", + "flake-compat": "flake-compat_5", + "flake-parts": "flake-parts_3", "git-hooks": "git-hooks", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", @@ -706,14 +917,14 @@ "nixpkgs" ], "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": "treefmt-nix" + "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1732315025, - "narHash": "sha256-vPAMWd5/akE3U3B8uXzi05X/9fUd71sZaOnfBrX4AR0=", + "lastModified": 1733498727, + "narHash": "sha256-R+n4JfXjGrJG2gbhJPsZPTwdDsHoJvwxxpWcRY4KjyQ=", "owner": "nix-community", "repo": "nixvim", - "rev": "c1271fa10a54a3b35db6040dd6e779f349af52bf", + "rev": "ae78face8d6a09abe2504d41c035b6460c15a17b", "type": "github" }, "original": { @@ -722,24 +933,9 @@ "type": "github" } }, - "nur": { - "locked": { - "lastModified": 1732664804, - "narHash": "sha256-59kFHhZXuXZJnY008XuGgtNhMrQlV21X/tWJn8KzqgI=", - "owner": "nix-community", - "repo": "NUR", - "rev": "d4d637492fd5aa3c0bc15b034423a947d5a41c69", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_7", "ixx": "ixx", "nixpkgs": [ "nvim-nix", @@ -748,11 +944,11 @@ ] }, "locked": { - "lastModified": 1731936508, - "narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=", + "lastModified": 1733411491, + "narHash": "sha256-315rJ7O9cOllPDaFscnJhcMleORHbxon0Kq9LAKJ5p4=", "owner": "NuschtOS", "repo": "search", - "rev": "fe07070f811b717a4626d01fab714a87d422a9e1", + "rev": "68e9fad70d95d08156cf10a030bd39487bed8ffe", "type": "github" }, "original": { @@ -763,8 +959,8 @@ }, "nvfetcher": { "inputs": { - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_4", + "flake-compat": "flake-compat_4", + "flake-utils": "flake-utils_6", "nixpkgs": [ "nixpkgs" ] @@ -791,11 +987,11 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1732667402, - "narHash": "sha256-z1l9zxL0gYV/KR40vchyMzI/40vff4+NaEDMBVsKbgI=", + "lastModified": 1733583273, + "narHash": "sha256-RaRZYTK+hU8X8BZq16Xek1EZBgIB6B6RUVrN+mBlT7E=", "owner": "xunuwu", "repo": "nvim-nix", - "rev": "b1ee88bfeb8c07579af33dab78eb60abe173cab4", + "rev": "82e25c9a056bea6a5edc5df35d443df9b0167c92", "type": "github" }, "original": { @@ -804,9 +1000,42 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "authentik-nix", + "flake-utils" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ], + "systems": [ + "authentik-nix", + "systems" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1730284601, + "narHash": "sha256-eHYcKVLIRRv3J1vjmxurS6HVdGphB53qxUeAkylYrZY=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "43a898b4d76f7f3f70df77a2cc2d40096bc9d75e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, "root": { "inputs": { - "flake-parts": "flake-parts", + "authentik-nix": "authentik-nix", + "firefox-addons": "firefox-addons", + "flake-parts": "flake-parts_2", "hardware": "hardware", "haumea": "haumea", "home-manager": "home-manager", @@ -814,8 +1043,7 @@ "nix-index-database": "nix-index-database", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs", - "nur": "nur", + "nixpkgs": "nixpkgs_2", "nvfetcher": "nvfetcher", "nvim-nix": "nvim-nix", "sobercookie": "sobercookie", @@ -827,7 +1055,7 @@ }, "sobercookie": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1731438009, @@ -850,11 +1078,11 @@ ] }, "locked": { - "lastModified": 1732575825, - "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", + "lastModified": 1733128155, + "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", + "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", "type": "github" }, "original": { @@ -866,11 +1094,11 @@ "spectrum": { "flake": false, "locked": { - "lastModified": 1729945407, - "narHash": "sha256-iGNMamNOAnVTETnIVqDWd6fl74J8fLEi1ejdZiNjEtY=", + "lastModified": 1733308308, + "narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=", "ref": "refs/heads/main", - "rev": "f1d94ee7029af18637dbd5fdf4749621533693fa", - "revCount": 764, + "rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2", + "revCount": 792, "type": "git", "url": "https://spectrum-os.org/git/spectrum" }, @@ -885,22 +1113,22 @@ "base16-fish": "base16-fish", "base16-helix": "base16-helix", "base16-vim": "base16-vim", - "flake-compat": "flake-compat_5", - "flake-utils": "flake-utils_6", + "flake-compat": "flake-compat_6", + "flake-utils": "flake-utils_8", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_3", - "systems": "systems_6", + "nixpkgs": "nixpkgs_4", + "systems": "systems_7", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1732608183, - "narHash": "sha256-T5k5ill+PNIEW6KuS4CpUacMtZNJe2J2q5eBOF4xWuU=", + "lastModified": 1733510476, + "narHash": "sha256-RH/8yIuo+fNLCjQ6e1mnXwmmxymjvfWC9JcbDuIA8TM=", "owner": "danth", "repo": "stylix", - "rev": "7689e621f87bce7b6ab1925dfd70ad1f4c80f334", + "rev": "e309d64fe7f203274a7913e1d2b74307d15ba122", "type": "github" }, "original": { @@ -911,16 +1139,16 @@ }, "systems": { "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default", + "repo": "default-linux", "type": "github" } }, @@ -999,6 +1227,21 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { @@ -1050,6 +1293,28 @@ } }, "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "authentik-nix", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730120726, + "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nvim-nix", @@ -1058,11 +1323,11 @@ ] }, "locked": { - "lastModified": 1732111664, - "narHash": "sha256-XWHuPWcP59QnHEewdZJXBX1TA2lAP78Vz4daG6tfIr4=", + "lastModified": 1733440889, + "narHash": "sha256-qKL3vjO+IXFQ0nTinFDqNq/sbbnnS5bMI1y0xX215fU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "62003fdad7a5ab7b6af3ea9bd7290e4c220277d0", + "rev": "50862ba6a8a0255b87377b9d2d4565e96f29b410", "type": "github" }, "original": { @@ -1079,11 +1344,11 @@ }, "locked": { "dir": "packaging/nix", - "lastModified": 1732657738, - "narHash": "sha256-TmlbcHW2YreNnKrsB4HmyUBHE88foHGHayn9yD5yIP4=", + "lastModified": 1733509971, + "narHash": "sha256-KVpe03nlfvYnZo5EphvOjS4T3CcpQIUcFHGrY6J8Frs=", "owner": "Open-Wine-Components", "repo": "umu-launcher", - "rev": "2c85618613f34412fac928ec5320f5074b76dd24", + "rev": "562e3900eebde0fb276dd2f425c097c8b44ccb92", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index afaafd7..2984952 100644 --- a/flake.nix +++ b/flake.nix @@ -50,7 +50,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; stylix.url = "github:danth/stylix"; - nur.url = "github:nix-community/NUR"; + firefox-addons = { + url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; + inputs.nixpkgs.follows = "nixpkgs"; + }; sops-nix.url = "github:Mic92/sops-nix"; nix-index-database.url = "github:Mic92/nix-index-database"; nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"; @@ -67,6 +70,7 @@ url = "github:nix-community/haumea"; inputs.nixpkgs.follows = "nixpkgs"; }; + authentik-nix.url = "github:nix-community/authentik-nix"; ## deduplication flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home-modules/xun/develop/default.nix b/home-modules/xun/develop/default.nix index feac245..d3f8ccb 100644 --- a/home-modules/xun/develop/default.nix +++ b/home-modules/xun/develop/default.nix @@ -21,7 +21,6 @@ in { devenv.enable = enableOption true; lang = { c.enable = enableOption false; - csharp.enable = enableOption false; shell.enable = enableOption false; zig.enable = enableOption false; lua.enable = enableOption false; @@ -70,13 +69,6 @@ in { (lib.mkIf cfg.lang.c.enable { home.packages = with pkgs; [clang-tools buckle gdb lldb]; }) - (lib.mkIf cfg.lang.csharp.enable { - home.packages = with pkgs; [ - csharpier - omnisharp-roslyn - roslyn-ls - ]; - }) (lib.mkIf cfg.lang.lua.enable { home.packages = with pkgs; [ stylua diff --git a/home/develop/haskell.nix b/home/develop/langs/haskell.nix similarity index 100% rename from home/develop/haskell.nix rename to home/develop/langs/haskell.nix diff --git a/home/develop/langs/rust.nix b/home/develop/langs/rust.nix new file mode 100644 index 0000000..b117b7a --- /dev/null +++ b/home/develop/langs/rust.nix @@ -0,0 +1,8 @@ +{pkgs, ...}: { + home.packages = with pkgs; [ + cargo + rust-analyzer + rustc + rustfmt + ]; +} diff --git a/home/develop/langs/uiua.nix b/home/develop/langs/uiua.nix new file mode 100644 index 0000000..baa7d6b --- /dev/null +++ b/home/develop/langs/uiua.nix @@ -0,0 +1,6 @@ +{pkgs, ...}: { + home.packages = with pkgs; [ + (uiua.overrideAttrs {buildFeatures = "full";}) + uiua386 + ]; +} diff --git a/home/profiles/default.nix b/home/profiles/default.nix index 534cc0d..957215f 100644 --- a/home/profiles/default.nix +++ b/home/profiles/default.nix @@ -17,13 +17,11 @@ ../. ./nixdesk inputs.sops-nix.homeManagerModules.sops - inputs.nur.hmModules.nur {home.stateVersion = "23.11";} ]; "xun@hopper" = [ ../. ./hopper - inputs.sops-nix.homeManagerModules.sops {home.stateVersion = "23.11";} ]; }; diff --git a/home/profiles/kidney/default.nix b/home/profiles/kidney/default.nix index c49bacc..af28546 100644 --- a/home/profiles/kidney/default.nix +++ b/home/profiles/kidney/default.nix @@ -17,9 +17,6 @@ xun = { develop = { enable = true; - lang = { - csharp.enable = true; - }; }; desktop = { xdg.enable = true; diff --git a/home/profiles/nixdesk/default.nix b/home/profiles/nixdesk/default.nix index 13f146e..1e9d405 100644 --- a/home/profiles/nixdesk/default.nix +++ b/home/profiles/nixdesk/default.nix @@ -36,7 +36,9 @@ # development ../../develop/common.nix - ../../develop/haskell.nix + ../../develop/langs/haskell.nix + ../../develop/langs/rust.nix + ../../develop/langs/uiua.nix #../../develop #../../develop/small-misc.nix @@ -47,7 +49,7 @@ ../../programs/misc/krita.nix #../../programs/misc/ardour.nix ../../programs/misc/foliate.nix - # ../../programs/misc/obsidian.nix + ../../programs/misc/obsidian.nix ../../programs/misc/pwvucontrol.nix ../../programs/misc/qpwgraph.nix ../../programs/misc/libreoffice.nix @@ -92,7 +94,6 @@ docs = enabled; lang = { c = enabled; - csharp = enabled; zig = enabled; lua = enabled; }; diff --git a/home/programs/browsers/firefox/default.nix b/home/programs/browsers/firefox/default.nix index 5ad0420..0243f08 100644 --- a/home/programs/browsers/firefox/default.nix +++ b/home/programs/browsers/firefox/default.nix @@ -2,6 +2,7 @@ pkgs, lib, config, + inputs, ... }: { imports = [ @@ -29,7 +30,7 @@ ]; }; profiles.xun = { - extensions = with config.nur.repos.rycee.firefox-addons; [ + extensions = with inputs.firefox-addons.packages.${pkgs.system}; [ ublock-origin # (lib.mkIf (config.xun.desktop.colorscheme == "dark") darkreader) darkreader @@ -39,6 +40,7 @@ cookie-quick-manager istilldontcareaboutcookies sidebery + mal-sync (lib.mkIf (builtins.elem pkgs.keepassxc config.home.packages) keepassxc-browser) #(buildFirefoxXpiAddon rec { # pname = "roseal"; diff --git a/home/programs/desktop/sway/default.nix b/home/programs/desktop/sway/default.nix index f887ef5..092a4d7 100644 --- a/home/programs/desktop/sway/default.nix +++ b/home/programs/desktop/sway/default.nix @@ -56,9 +56,7 @@ # output = { # "*".bg = "${config.xdg.userDirs.pictures}/wallpaper fill"; # }; - input = { - "*".xkb_layout = osConfig.services.xserver.xkb.layout; - }; + input."type:keyboard".xkb_layout = osConfig.services.xserver.xkb.layout; bars = []; # i use waybar instead window = { titlebar = false; diff --git a/nix/machines/default.nix b/nix/machines/default.nix index 3ad7c0d..677f245 100644 --- a/nix/machines/default.nix +++ b/nix/machines/default.nix @@ -105,6 +105,7 @@ in { programs.home-manager # programs.qt programs.adb + programs.kanidm programs.tools programs.thunar diff --git a/nix/machines/hopper/default.nix b/nix/machines/hopper/default.nix index 623c278..804f70c 100644 --- a/nix/machines/hopper/default.nix +++ b/nix/machines/hopper/default.nix @@ -3,6 +3,7 @@ common-cpu-intel inputs.vpn-confinement.nixosModules.default + inputs.authentik-nix.nixosModules.default ./hardware.nix ./newlab.nix diff --git a/nix/machines/hopper/newlab.nix b/nix/machines/hopper/newlab.nix index 900ae31..1ba2e30 100644 --- a/nix/machines/hopper/newlab.nix +++ b/nix/machines/hopper/newlab.nix @@ -13,8 +13,9 @@ slskdUiPort = 23488; caddyLocal = 8562; ncPort = 46523; - # kanidmPort = 8300; + kanidmPort = 8300; in { + ## TODO use kanidm ## TODO use impermanence ## TODO setup fail2ban mayb @@ -35,9 +36,48 @@ in { credentialFiles.CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path; extraDomainNames = [domain]; }; + "kanidm.${domain}" = { + domain = "kanidm.${domain}"; + group = "kanidm"; + dnsProvider = "cloudflare"; + reloadServices = ["caddy.service" "kanidm.service"]; + credentialFiles.CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path; + }; }; }; + ## make sure vpn connection is reasonably fast + ## god, there has to be a proper, not horrible way of doing this + ## TODO fix this and uhh make sure it works and stuff + # systemd.services."wg-speedcheck" = { + # requires = ["wg.service"]; + # enable = false; + # serviceConfig = { + # Type = "oneshot"; + # ExecStart = pkgs.writers.writeBash "wg-speedcheck.sh" '' + # echo "running test in netns" + # vpn_result=$( ${pkgs.iproute2}/bin/ip netns exec wg ${pkgs.speedtest-cli}/bin/speedtest --json ) + # vpn_download=$( echo "$vpn_result" | ${l.getExe pkgs.jq} '.download' ) + # vpn_upload=$( echo "$vpn_result" | ${l.getExe pkgs.jq} '.upload' ) + # + # echo "running test outside of netns" + # normal_result=$( ${pkgs.speedtest-cli}/bin/speedtest --json ) + # normal_download=$( echo "$normal_result" | ${l.getExe pkgs.jq} '.download' ) + # normal_upload=$( echo "$normal_result" | ${l.getExe pkgs.jq} '.upload' ) + # + # download_ratio_is_more_than_half=$( echo "$vpn_download / $normal_download > 0.5" | ${l.getExe pkgs.bc} -l | tr -d '\n' ) + # upload_ratio_is_more_than_half=$( echo "$vpn_upload / $normal_upload > 0.5" | ${l.getExe pkgs.bc} -l | tr -d '\n' ) + # + # if [[ "$upload_ratio_is_more_than_half" == "0" || "$download_ratio_is_more_than_half" == "0" ]]; then + # echo "ratio is insufficient, restarting vpn" + # systemctl restart wg.service + # exit + # fi + # echo "ratio is sufficient" + # ''; + # }; + # }; + vpnNamespaces."wg" = { enable = true; wireguardConfigFile = config.sops.secrets.wireguard.path; @@ -105,7 +145,19 @@ in { } // v) { jellyfin.extraConfig = "reverse_proxy localhost:8096"; # TODO setup proper auth - # kanidm.extraConfig = "reverse_proxy localhost:${toString kanidmPort}"; + kanidm = { + useACMEHost = null; + # hostName = "kanidm.xunuwu.xyz:${toString caddyPort}"; + extraConfig = '' + reverse_proxy https://127.0.0.1:${toString kanidmPort} { + header_up Host {upstream_hostport} + header_down Access-Control-Allow-Origin "*" + transport http { + tls_server_name ${config.services.kanidm.serverSettings.domain} + } + } + ''; + }; slskd = { useACMEHost = null; hostName = ":${toString slskdUiPort}"; @@ -130,6 +182,32 @@ in { }; }; + # systemd.services.authentik.vpnConfinement = { + # enable = true; + # vpnNamespace = "wg"; + # }; + # services = { + # authentik = { + # enable = true; + # environmentFile = config.sops.secrets.authentik.path; + # settings = { + # disable_startup_analytics = true; + # avatars = "initials"; + # }; + # }; + # authentik-ldap = { + # enable = true; + # }; + # }; + + # services.keycloak = { + # enable = true; + # settings = { + # hostname = "keycloak.${domain}"; + # }; + # database.passwordFile = config.sops.secrets."keycloak/db".path; + # }; + # needed for deploying secrets users.users.lldap = { group = "lldap"; @@ -422,6 +500,43 @@ in { # group = config.services.caddy.group; # }; + systemd.services.kanidm = { + vpnConfinement = { + enable = true; + vpnNamespace = "wg"; + }; + serviceConfig = { + InaccessiblePaths = lib.mkForce []; + }; + }; + boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288; + services.kanidm = { + package = pkgs.kanidm_1_4.override {enableSecretProvisioning = true;}; + enableServer = true; + serverSettings = { + domain = "kanidm.${domain}"; + origin = "https://kanidm.${domain}"; + bindaddress = "127.0.0.1:${toString kanidmPort}"; + ldapbindaddress = "[::1]:3636"; + trust_x_forward_for = true; + tls_chain = "${config.security.acme.certs."kanidm.${domain}".directory}/fullchain.pem"; + tls_key = "${config.security.acme.certs."kanidm.${domain}".directory}/key.pem"; + }; + provision = { + enable = true; + adminPasswordFile = config.sops.secrets."kanidm/admin_pass".path; + idmAdminPasswordFile = config.sops.secrets."kanidm/idm_admin_pass".path; + persons = { + "xun" = { + displayName = "xun"; + legalName = "xun"; + mailAddresses = ["xunuwu@gmail.com"]; + groups = []; + }; + }; + }; + }; + # systemd.services.kanidm = { # vpnConfinement = { # enable = true; diff --git a/nix/machines/nixdesk/default.nix b/nix/machines/nixdesk/default.nix index 002b570..98d51a6 100644 --- a/nix/machines/nixdesk/default.nix +++ b/nix/machines/nixdesk/default.nix @@ -24,6 +24,7 @@ builtins.elem (lib.getName pkg) [ "discord" "steam" + "obsidian" "steam-unwrapped" "rider" ]; diff --git a/nix/systemProfiles/programs/fonts.nix b/nix/systemProfiles/programs/fonts.nix index 008bf42..ca3d212 100644 --- a/nix/systemProfiles/programs/fonts.nix +++ b/nix/systemProfiles/programs/fonts.nix @@ -13,8 +13,17 @@ _: { source-code-pro iosevka - nerdfonts - #(nerdfonts.override {fonts = ["NerdFontsSymbolsOnly"];}) + nerd-fonts.symbols-only + nerd-fonts.sauce-code-pro + nerd-fonts.jetbrains-mono + nerd-fonts.iosevka-term + nerd-fonts.iosevka + nerd-fonts.inconsolata + nerd-fonts.fira-code + nerd-fonts.dejavu-sans-mono + nerd-fonts.blex-mono + nerd-fonts._0xproto + self.packages.${pkgs.system}.cartograph-cf ]; diff --git a/nix/systemProfiles/programs/kanidm.nix b/nix/systemProfiles/programs/kanidm.nix new file mode 100644 index 0000000..e33371c --- /dev/null +++ b/nix/systemProfiles/programs/kanidm.nix @@ -0,0 +1,7 @@ +_: {pkgs, ...}: { + services.kanidm = { + enableClient = true; + package = pkgs.kanidm_1_4; + clientSettings.uri = "https://kanidm.xunuwu.xyz"; + }; +} diff --git a/nix/systemProfiles/programs/tools.nix b/nix/systemProfiles/programs/tools.nix index c0d1531..d966def 100644 --- a/nix/systemProfiles/programs/tools.nix +++ b/nix/systemProfiles/programs/tools.nix @@ -22,5 +22,6 @@ jq openssl # for generating passwords yt-dlp + inotify-tools ]; } diff --git a/nix/systemProfiles/secrets/hopper/authentik b/nix/systemProfiles/secrets/hopper/authentik new file mode 100644 index 0000000..eebbf70 --- /dev/null +++ b/nix/systemProfiles/secrets/hopper/authentik @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:fxTl3v/kAs4ZP8TR8UKzI+GcgUH1v+ieoKFF2FCGxSNT37l9zAr7MCnFgarxxfw9quMofg//PdFYPbboHmwRl1B2,iv:jj7hRM+OOqOoM2wvskCBtYawq5+0RojJcUe9d8bCr/8=,tag:QrI/Y/TTPzvhMi6n7UeIbQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5N1pRYTdVUmUrZzF1Rmd2\nTnArVWRrYU45NWlmRlBrYitycXpXQVBSWHpjCjc5Yy80UzhmZkIxUEJkTms1TkFn\nUm9WVG5lQVp4YXk1aWVxSmhSOWtXdzgKLS0tIDQyYmxPV0x3cTBRMGJxdlc3L1pi\nd1N5b0xjRVloOStPN2VEbFpUL3RmZEUK77mnYZQ0dsVrqPFU/SPVMjj0ck5Qgd7u\na/Sw+dUQnVOokvbtYGMLt9K3wbRq/HWLBumZc9Y5sjALF5uBFw6XOA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhd2FRL29rOUExa3RLVkE5\nNUxmeVVqRDlPSjNyS0d2MG9jYTlnSms1TFV3CjdIYWc1WExmaEJla1NsTGY0NW5E\nWnBxZ0pnaU9yS2lLTENieVBFeUlQbnMKLS0tIFprYVZoNjNwclYrdVQzZVgzSjFn\nMGV5bCtVSDRqYnlJL3BGOWpVaFRCSmsKh7D5NrErKlZPVseq0keoineIdaKAQeaw\nEu0DW3httU5wS1fHFwYChBaGsZie9GykW5Fvpq73o5TZRz2u8dmf6A==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-11-27T08:04:50Z", + "mac": "ENC[AES256_GCM,data:Weq2W0PFoCVMzP6CssTXoPQLA1sd1kTp51Wm5Yu0YkcFHrYfGaoiPE7n5tbsKWm3GpCqwVmU6W4lKrOlIkPe3flgO7qA3w+NtnCBkIhJstXgrDlCoHzwiP7FT0szXUDDFn8ALiA7dvd1zG3NCaymjt2zARrdFzBwA/kJBm/Vrcc=,iv:3ufxRlUlGT7O6/q0pn5ifSPCPvTZJIRNweSJKtHb+eY=,tag:jid9ltE//PrenBSjouz4Fw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file diff --git a/nix/systemProfiles/secrets/hopper/default.nix b/nix/systemProfiles/secrets/hopper/default.nix index 928ecb1..ceade3a 100644 --- a/nix/systemProfiles/secrets/hopper/default.nix +++ b/nix/systemProfiles/secrets/hopper/default.nix @@ -41,6 +41,25 @@ in { sopsFile = ./transmission; }; + authentik = { + format = "binary"; + sopsFile = ./authentik; + }; + + "kanidm/admin_pass" = { + sopsFile = ./kanidm.yaml; + owner = "kanidm"; + }; + "kanidm/idm_admin_pass" = { + sopsFile = ./kanidm.yaml; + owner = "kanidm"; + }; + + # "keycloak/db" = { + # sopsFile = ./keycloak.yaml; + # owner = "keycloak"; + # }; + # "lldap/jwt" = { sopsFile = ./lldap.yaml; owner = "lldap"; diff --git a/nix/systemProfiles/secrets/hopper/kanidm.yaml b/nix/systemProfiles/secrets/hopper/kanidm.yaml new file mode 100644 index 0000000..a4da6a3 --- /dev/null +++ b/nix/systemProfiles/secrets/hopper/kanidm.yaml @@ -0,0 +1,32 @@ +kanidm: + admin_pass: ENC[AES256_GCM,data:FjF48e3KmP/I0Mb4/tfdI9jNRIrqlqVQ3JvDC2c+i+hE+omIQeKYxuU2cjaIBRO9B5CfGBhoip14fhe7Ubtga4IXiJLdnRczk6fQOIKrgDMjDSJvs06i04jeqg7lx9BChK5AzE+aRzSyuu95dyTmlPKUyf4D/G5x99B1KtRf/hY=,iv:no8/rZz30EdVwfc5r6lm/SuAA02JJaIPyHEWQEjOFus=,tag:6ValsFgRNmi9O01qZyUk8Q==,type:str] + idm_admin_pass: ENC[AES256_GCM,data:sCtefK4kxzMw7s+3f48PAnGNYQYum4DyjgeyYLUCPhq1vOHGBzgDcFaYrGvf5ID2/0kEUlT7lYKgtSU37DGY5zCGEbG5diD2lMBZ6BW64f1qpgx+0opOQjcAkKPrVtmHYm9iCvU8pZXvha0nDzS0Z2ZJM3ejUCW7omLTSLHzKFs=,iv:X88hU0Sd22Iky3cZTh/m1AjZybGe4MAIBJ1isnYQEPk=,tag:UTw98CWvj8+xRrYuifU/Tw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTWxhUzF0QXZmME1jcUR0 + TUZ3WFFDT0VmdE1mUTZsTXlwZGlncHNuS1cwCjRpR1ZsMlFEQWNVd2VLMVlaMlVB + ZUp0Y2FEQTU3Yk1TR3ZzeE0rdmVJM1kKLS0tIDZZbjl0VHhiNzRta0MvUUtla3Y0 + OW96QUl3dTM4Ynhab1ZlclZ5S0wvL0kKw+VSMQNTYB+7dJxhGttf7/Ol/rWhM56r + ga6NOMewGceUwiX9WEH89dsbRpnRq72SXmkt70w4dUVTdrwLm5oXqg== + -----END AGE ENCRYPTED FILE----- + - recipient: age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQi9rV0Ivdk52eEh4OTVG + bmtmdHhtYVRvYzc5WDRmSy9qNFNLQzZpZ25FCjNzVWJ5U2pDU1hYTThzK1BQWms5 + TUxhdDhrblN3YVYrZDVERGRqSzNBZUUKLS0tIFg2Rkc1bFBTVEhXa0FVbzZhZyts + eERtNXRlV0RTb2xyc1cvNm9oN2RGeWcK6f6acq1P3Ds/SS7vrye2gE1/bUvEqe2D + gXkYQGsNWxyT3MAXTK09m59D4TqHEfYUykO5pCmAH8tiHN3pxJXEZw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-27T09:47:11Z" + mac: ENC[AES256_GCM,data:EDCfpkGnl06wOXwbcg8cQBlj+OV7/KsiVhGzx0Qm8/kOB8CVvjumK/LQZC6FG+oJDs5TBDRGlM8uJIJL54wpDn7F3YgO6KR9d2hmorL2mza8rsxHH1T9BpQCXp0ENPiQKN2EZ5vLnjTOvYRJK1w/pMDKr6tdwILlcEYlWfSUuEo=,iv:OxANZ49WSfh31H9FxLkJSg22oTfZctWazEEv941orlw=,tag:xouSzvJATMzua7q0Eq07uQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/nix/systemProfiles/secrets/hopper/keycloak.yaml b/nix/systemProfiles/secrets/hopper/keycloak.yaml new file mode 100644 index 0000000..dd46c4c --- /dev/null +++ b/nix/systemProfiles/secrets/hopper/keycloak.yaml @@ -0,0 +1,30 @@ +db: ENC[AES256_GCM,data:aO/UVjVSJTk0XhDf2M+B9WzO1PkRv2Y0oFtj/kZBFv+hmhsCy4l7tg/FtpduZWK9SueWAX+k7a52UwV5YXDbLt7ldW9gS8bN6XZZbiDj/rBNgiJBF/ILrA==,iv:5KzLZ456gdD7L87NAMXWdZ/LyQW0SzKqdvMZ7BbaMic=,tag:0mD1tXDO4Hc2Y0LmrFWWwg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQelJoTzZ6YzJsQS9UVkxG + QzVIVTBtdmZpWTlwcFNwMm0yYzFvOHVIRjNvCjc5bmJxVkVmR2hSUDAybVZzOEQr + OEZ6bU4xNnhpcnFjM1I3MXh6elloMGMKLS0tIHZXODNIc2dIeWlxYmJNbTdDZHJP + SG5BVXc1UFQrdWxaa0xRZUdDdVVJS3cK3XATi+vFRe+0p977oCkprA+c+GkDIWNb + 9+sAS789Bgjf/z9s2TOKyBWFawZWHDbhwz+4MG0d5ELQIhdoma9RAg== + -----END AGE ENCRYPTED FILE----- + - recipient: age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQlVscjh0SEx0V3dWV1Fw + aUxLNndnYkNGMHJUczJ2djgxczdMNW5DZWhRCkZYdTBJbTF5MWVTRzcyb0tGL3Nu + UlFpSzlzVVNoTVprRTd0Rjc1ZUhraGsKLS0tIFJ5S3cvaDJoSHNmamtrdFdxYklo + Rlhtd21GUUl6WkRaV0NtNWlqMy9sSzgKBF3Gj10sIuLdWrSphZfoVnjdQbIiy9IO + 3rQAuIw1osKIf6TA2qJ0P8RGX4OgfhM8Ofst0S7+SqgglOl0LkXS+w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-27T08:56:28Z" + mac: ENC[AES256_GCM,data:gf+TwvZXThH9B5sQGhb49dDfQwpZy3kIwlVfLn6qCbe46evwsXPucp657KBWju+i0p8ByR7IhALEK/U/GX9FBK4Qspw9y0NRMRvyk3zVRszUxUz3z32IEnYvTCapP7lIdeAVppUow6tL3XdgZGyni2H3liUilqiZ6NGw0VlvtpU=,iv:wTMAaiB0Wd5szU9g7Pd0OV04ddlnn/p50lbO1rmmAZU=,tag:huRsSwiBThgxm3SX5k0U/A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1