lots of things

2024-12-07 16:36:30 +01:00 · 2024-12-07 16:36:30 +01:00 · bdb7ec7d7e
commit bdb7ec7d7e
parent 9d5be37334
22 changed files with 676 additions and 165 deletions
--- a/nix/systemProfiles/programs/fonts.nix
+++ b/nix/systemProfiles/programs/fonts.nix
@ -13,8 +13,17 @@ _: {
      source-code-pro
      iosevka

-      nerdfonts
-      #(nerdfonts.override {fonts = ["NerdFontsSymbolsOnly"];})
+      nerd-fonts.symbols-only
+      nerd-fonts.sauce-code-pro
+      nerd-fonts.jetbrains-mono
+      nerd-fonts.iosevka-term
+      nerd-fonts.iosevka
+      nerd-fonts.inconsolata
+      nerd-fonts.fira-code
+      nerd-fonts.dejavu-sans-mono
+      nerd-fonts.blex-mono
+      nerd-fonts._0xproto
+
      self.packages.${pkgs.system}.cartograph-cf
    ];

--- a/nix/systemProfiles/programs/kanidm.nix
+++ b/nix/systemProfiles/programs/kanidm.nix
@ -0,0 +1,7 @@
+_: {pkgs, ...}: {
+  services.kanidm = {
+    enableClient = true;
+    package = pkgs.kanidm_1_4;
+    clientSettings.uri = "https://kanidm.xunuwu.xyz";
+  };
+}
--- a/nix/systemProfiles/programs/tools.nix
+++ b/nix/systemProfiles/programs/tools.nix
@ -22,5 +22,6 @@
    jq
    openssl # for generating passwords
    yt-dlp
+    inotify-tools
  ];
 }
--- a/nix/systemProfiles/secrets/hopper/authentik
+++ b/nix/systemProfiles/secrets/hopper/authentik
@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:fxTl3v/kAs4ZP8TR8UKzI+GcgUH1v+ieoKFF2FCGxSNT37l9zAr7MCnFgarxxfw9quMofg//PdFYPbboHmwRl1B2,iv:jj7hRM+OOqOoM2wvskCBtYawq5+0RojJcUe9d8bCr/8=,tag:QrI/Y/TTPzvhMi6n7UeIbQ==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5N1pRYTdVUmUrZzF1Rmd2\nTnArVWRrYU45NWlmRlBrYitycXpXQVBSWHpjCjc5Yy80UzhmZkIxUEJkTms1TkFn\nUm9WVG5lQVp4YXk1aWVxSmhSOWtXdzgKLS0tIDQyYmxPV0x3cTBRMGJxdlc3L1pi\nd1N5b0xjRVloOStPN2VEbFpUL3RmZEUK77mnYZQ0dsVrqPFU/SPVMjj0ck5Qgd7u\na/Sw+dUQnVOokvbtYGMLt9K3wbRq/HWLBumZc9Y5sjALF5uBFw6XOA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhd2FRL29rOUExa3RLVkE5\nNUxmeVVqRDlPSjNyS0d2MG9jYTlnSms1TFV3CjdIYWc1WExmaEJla1NsTGY0NW5E\nWnBxZ0pnaU9yS2lLTENieVBFeUlQbnMKLS0tIFprYVZoNjNwclYrdVQzZVgzSjFn\nMGV5bCtVSDRqYnlJL3BGOWpVaFRCSmsKh7D5NrErKlZPVseq0keoineIdaKAQeaw\nEu0DW3httU5wS1fHFwYChBaGsZie9GykW5Fvpq73o5TZRz2u8dmf6A==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-11-27T08:04:50Z",
+		"mac": "ENC[AES256_GCM,data:Weq2W0PFoCVMzP6CssTXoPQLA1sd1kTp51Wm5Yu0YkcFHrYfGaoiPE7n5tbsKWm3GpCqwVmU6W4lKrOlIkPe3flgO7qA3w+NtnCBkIhJstXgrDlCoHzwiP7FT0szXUDDFn8ALiA7dvd1zG3NCaymjt2zARrdFzBwA/kJBm/Vrcc=,iv:3ufxRlUlGT7O6/q0pn5ifSPCPvTZJIRNweSJKtHb+eY=,tag:jid9ltE//PrenBSjouz4Fw==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.9.1"
+	}
+}
--- a/nix/systemProfiles/secrets/hopper/default.nix
+++ b/nix/systemProfiles/secrets/hopper/default.nix
@ -41,6 +41,25 @@ in {
      sopsFile = ./transmission;
    };

+    authentik = {
+      format = "binary";
+      sopsFile = ./authentik;
+    };
+
+    "kanidm/admin_pass" = {
+      sopsFile = ./kanidm.yaml;
+      owner = "kanidm";
+    };
+    "kanidm/idm_admin_pass" = {
+      sopsFile = ./kanidm.yaml;
+      owner = "kanidm";
+    };
+
+    # "keycloak/db" = {
+    #   sopsFile = ./keycloak.yaml;
+    #   owner = "keycloak";
+    # };
+    #
    "lldap/jwt" = {
      sopsFile = ./lldap.yaml;
      owner = "lldap";
--- a/nix/systemProfiles/secrets/hopper/kanidm.yaml
+++ b/nix/systemProfiles/secrets/hopper/kanidm.yaml
@ -0,0 +1,32 @@
+kanidm:
+    admin_pass: ENC[AES256_GCM,data:FjF48e3KmP/I0Mb4/tfdI9jNRIrqlqVQ3JvDC2c+i+hE+omIQeKYxuU2cjaIBRO9B5CfGBhoip14fhe7Ubtga4IXiJLdnRczk6fQOIKrgDMjDSJvs06i04jeqg7lx9BChK5AzE+aRzSyuu95dyTmlPKUyf4D/G5x99B1KtRf/hY=,iv:no8/rZz30EdVwfc5r6lm/SuAA02JJaIPyHEWQEjOFus=,tag:6ValsFgRNmi9O01qZyUk8Q==,type:str]
+    idm_admin_pass: ENC[AES256_GCM,data:sCtefK4kxzMw7s+3f48PAnGNYQYum4DyjgeyYLUCPhq1vOHGBzgDcFaYrGvf5ID2/0kEUlT7lYKgtSU37DGY5zCGEbG5diD2lMBZ6BW64f1qpgx+0opOQjcAkKPrVtmHYm9iCvU8pZXvha0nDzS0Z2ZJM3ejUCW7omLTSLHzKFs=,iv:X88hU0Sd22Iky3cZTh/m1AjZybGe4MAIBJ1isnYQEPk=,tag:UTw98CWvj8+xRrYuifU/Tw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTWxhUzF0QXZmME1jcUR0
+            TUZ3WFFDT0VmdE1mUTZsTXlwZGlncHNuS1cwCjRpR1ZsMlFEQWNVd2VLMVlaMlVB
+            ZUp0Y2FEQTU3Yk1TR3ZzeE0rdmVJM1kKLS0tIDZZbjl0VHhiNzRta0MvUUtla3Y0
+            OW96QUl3dTM4Ynhab1ZlclZ5S0wvL0kKw+VSMQNTYB+7dJxhGttf7/Ol/rWhM56r
+            ga6NOMewGceUwiX9WEH89dsbRpnRq72SXmkt70w4dUVTdrwLm5oXqg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQi9rV0Ivdk52eEh4OTVG
+            bmtmdHhtYVRvYzc5WDRmSy9qNFNLQzZpZ25FCjNzVWJ5U2pDU1hYTThzK1BQWms5
+            TUxhdDhrblN3YVYrZDVERGRqSzNBZUUKLS0tIFg2Rkc1bFBTVEhXa0FVbzZhZyts
+            eERtNXRlV0RTb2xyc1cvNm9oN2RGeWcK6f6acq1P3Ds/SS7vrye2gE1/bUvEqe2D
+            gXkYQGsNWxyT3MAXTK09m59D4TqHEfYUykO5pCmAH8tiHN3pxJXEZw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-27T09:47:11Z"
+    mac: ENC[AES256_GCM,data:EDCfpkGnl06wOXwbcg8cQBlj+OV7/KsiVhGzx0Qm8/kOB8CVvjumK/LQZC6FG+oJDs5TBDRGlM8uJIJL54wpDn7F3YgO6KR9d2hmorL2mza8rsxHH1T9BpQCXp0ENPiQKN2EZ5vLnjTOvYRJK1w/pMDKr6tdwILlcEYlWfSUuEo=,iv:OxANZ49WSfh31H9FxLkJSg22oTfZctWazEEv941orlw=,tag:xouSzvJATMzua7q0Eq07uQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
--- a/nix/systemProfiles/secrets/hopper/keycloak.yaml
+++ b/nix/systemProfiles/secrets/hopper/keycloak.yaml
@ -0,0 +1,30 @@
+db: ENC[AES256_GCM,data:aO/UVjVSJTk0XhDf2M+B9WzO1PkRv2Y0oFtj/kZBFv+hmhsCy4l7tg/FtpduZWK9SueWAX+k7a52UwV5YXDbLt7ldW9gS8bN6XZZbiDj/rBNgiJBF/ILrA==,iv:5KzLZ456gdD7L87NAMXWdZ/LyQW0SzKqdvMZ7BbaMic=,tag:0mD1tXDO4Hc2Y0LmrFWWwg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQelJoTzZ6YzJsQS9UVkxG
+            QzVIVTBtdmZpWTlwcFNwMm0yYzFvOHVIRjNvCjc5bmJxVkVmR2hSUDAybVZzOEQr
+            OEZ6bU4xNnhpcnFjM1I3MXh6elloMGMKLS0tIHZXODNIc2dIeWlxYmJNbTdDZHJP
+            SG5BVXc1UFQrdWxaa0xRZUdDdVVJS3cK3XATi+vFRe+0p977oCkprA+c+GkDIWNb
+            9+sAS789Bgjf/z9s2TOKyBWFawZWHDbhwz+4MG0d5ELQIhdoma9RAg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQlVscjh0SEx0V3dWV1Fw
+            aUxLNndnYkNGMHJUczJ2djgxczdMNW5DZWhRCkZYdTBJbTF5MWVTRzcyb0tGL3Nu
+            UlFpSzlzVVNoTVprRTd0Rjc1ZUhraGsKLS0tIFJ5S3cvaDJoSHNmamtrdFdxYklo
+            Rlhtd21GUUl6WkRaV0NtNWlqMy9sSzgKBF3Gj10sIuLdWrSphZfoVnjdQbIiy9IO
+            3rQAuIw1osKIf6TA2qJ0P8RGX4OgfhM8Ofst0S7+SqgglOl0LkXS+w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-27T08:56:28Z"
+    mac: ENC[AES256_GCM,data:gf+TwvZXThH9B5sQGhb49dDfQwpZy3kIwlVfLn6qCbe46evwsXPucp657KBWju+i0p8ByR7IhALEK/U/GX9FBK4Qspw9y0NRMRvyk3zVRszUxUz3z32IEnYvTCapP7lIdeAVppUow6tL3XdgZGyni2H3liUilqiZ6NGw0VlvtpU=,iv:wTMAaiB0Wd5szU9g7Pd0OV04ddlnn/p50lbO1rmmAZU=,tag:huRsSwiBThgxm3SX5k0U/A==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1