fix photon ldap config (#74)

* fix photon ldap config * secrets update
2024-02-05 18:22:52 +01:00 · 2024-02-05 18:22:52 +01:00 · 47a65a151c
commit 47a65a151c
parent 59a4293b28
9 changed files with 67 additions and 225 deletions
--- a/flake.lock
+++ b/flake.lock
@ -119,11 +119,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706985585,
+        "lastModified": 1707114923,
-        "narHash": "sha256-ptshv4qXiC6V0GCfpABz88UGGPNwqs5tAxaRUKbk1Qo=",
+        "narHash": "sha256-LDYPWa+BgxHSNEye93SyIPgz5u3RAfh78P9KyO+rQzI=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "1ca210648a6ca9b957efde5da957f3de6b1f0c45",
+        "rev": "afcedcf2c8e424d0465e823cf833eb3adebe1db7",
        "type": "github"
      },
      "original": {
@ -152,10 +152,18 @@
      "inputs": {
        "blobs": "blobs",
        "flake-compat": "flake-compat",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": [
-        "nixpkgs-23_05": "nixpkgs-23_05",
+          "nixpkgs"
-        "nixpkgs-23_11": "nixpkgs-23_11",
+        ],
-        "utils": "utils"
+        "nixpkgs-23_05": [
          "nixpkgs"
        ],
        "nixpkgs-23_11": [
          "nixpkgs"
        ],
        "utils": [
          "flake-utils"
        ]
      },
      "locked": {
        "lastModified": 1706742486,
@ -202,11 +210,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706411424,
+        "lastModified": 1707016097,
-        "narHash": "sha256-BzziJYucEZvdCE985vjPoo3ztWcmUiSQ1wJ2CoT6jCc=",
+        "narHash": "sha256-V4lHr6hFQ3rK650dh64Xffxsf4kse9vUYWsM+ldjkco=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "c782f2a4f6fc94311ab5ef31df2f1149a1856181",
+        "rev": "3e3dad2808379c522138e2e8b0eb73500721a237",
        "type": "github"
      },
      "original": {
@ -248,11 +256,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706740920,
+        "lastModified": 1707090318,
-        "narHash": "sha256-uFwu44BZf17WYMAEmYIcdtVyNLDRVselv3rNsm7PYeE=",
+        "narHash": "sha256-/0Xq6+wh6ea4+4lnO/yUFTaBYzmQtA52/mOKfw08/J8=",
        "owner": "SuperSandro2000",
        "repo": "nixos-modules",
-        "rev": "453f941ff2cde75a5aac5d99c695d368fa28b7e1",
+        "rev": "fdb31cd04b592d5fdfca96027b36e28e79e977c2",
        "type": "github"
      },
      "original": {
@ -263,47 +271,18 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1706732774,
+        "lastModified": 1706913249,
-        "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
+        "narHash": "sha256-x3M7iV++CsvRXI1fpyFPduGELUckZEhSv0XWnUopAG8=",
-        "owner": "NixOS",
+        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
+        "rev": "e92b6015881907e698782c77641aa49298330223",
        "type": "github"
      },
      "original": {
-        "id": "nixpkgs",
+        "owner": "nixos",
        "ref": "nixos-unstable",
        "type": "indirect"
      }
    },
    "nixpkgs-23_05": {
      "locked": {
        "lastModified": 1704290814,
        "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "ref": "nixos-23.05",
        "type": "indirect"
      }
    },
    "nixpkgs-23_11": {
      "locked": {
        "lastModified": 1706826059,
        "narHash": "sha256-N69Oab+cbt3flLvYv8fYnEHlBsWwdKciNZHUbynVEOA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "ref": "nixos-23.11",
        "type": "indirect"
      }
    },
    "nixpkgs-fmt": {
@ -348,22 +327,6 @@
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1706732774,
        "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "c3d2-user-module": "c3d2-user-module",
@ -375,10 +338,10 @@
        "nix-index-database": "nix-index-database",
        "nix-pre-commit": "nix-pre-commit",
        "nixos-modules": "nixos-modules",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "nixpkgs-fmt": "nixpkgs-fmt",
        "sops-nix": "sops-nix",
-        "systems": "systems_2"
+        "systems": "systems"
      }
    },
    "rust-analyzer-src": {
@ -408,11 +371,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706410821,
+        "lastModified": 1707015547,
-        "narHash": "sha256-iCfXspqUOPLwRobqQNAQeKzprEyVowLMn17QaRPQc+M=",
+        "narHash": "sha256-YZr0OrqWPdbwBhxpBu69D32ngJZw8AMgZtJeaJn0e94=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "73bf36912e31a6b21af6e0f39218e067283c67ef",
+        "rev": "23f61b897c00b66855074db471ba016e0cda20dd",
        "type": "github"
      },
      "original": {
@ -435,39 +398,6 @@
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1705309234,
        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -11,7 +11,6 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    systems.url = "github:nix-systems/default";
    mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
    nix-index-database = {
      url = "github:Mic92/nix-index-database";
@ -50,6 +49,16 @@
      };
    };
    mailserver = {
      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
      inputs = {
        nixpkgs.follows = "nixpkgs";
        nixpkgs-23_05.follows = "nixpkgs";
        nixpkgs-23_11.follows = "nixpkgs";
        utils.follows = "flake-utils";
      };
    };
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
@ -188,17 +197,16 @@
            value = constructSystem ({ hostname = system; } // builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [ "hostname" "server" "home" ]);
          })
          (lsdir "systems"))) // (builtins.listToAttrs (builtins.concatMap
-          (user:
+          (user: map
-            map
+            (system: {
-              (system: {
+              name = "${user}.${system}";
-                name = "${user}.${system}";
+              value = constructSystem ({
-                value = constructSystem ({
+                hostname = system;
-                  hostname = system;
+                server = false;
-                  server = false;
+                users = [ user ];
-                  users = [ user ];
+              } // builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [ "hostname" "server" "users" ]);
-                } // builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [ "hostname" "server" "users" ]);
+            })
-              })
+            (lsdir "users/${user}/systems"))
              (lsdir "users/${user}/systems"))
          (lsdir "users")));
      devShell = lib.mapAttrs
@ -235,7 +243,7 @@
          let
            mkBuild = type:
              let
-                getBuildEntryPoint = name: nixosSystem:
+                getBuildEntryPoint = (name: nixosSystem:
                  if builtins.hasAttr type nixosSystem.config.system.build then
                    let
                      cfg = nixosSystem.config.system.build.${type};
@ -244,9 +252,9 @@
                      lib.recursiveUpdate cfg { meta.timeout = 24 * 60 * 60; }
                    else
                      cfg
-                  else { };
+                  else { });
              in
-              lib.filterAttrs (n: v: v != { }) (lib.mapAttrs getBuildEntryPoint self.nixosConfigurations);
+              lib.filterAttrs (n: v: v != { }) (builtins.mapAttrs getBuildEntryPoint self.nixosConfigurations);
          in
          builtins.listToAttrs (map
            (type: {
--- a/modules/backup.nix
+++ b/modules/backup.nix
@ -70,10 +70,21 @@ in {
              "/etc/subgid"
              "/etc/subuid"
              "/var/lib/nixos/"
-            ] ++ cfg.paths ++ lib.optional config.services.postgresql.enable "/var/backup/postgresql/" ++ lib.optional config.services.mysql.enable "/var/lib/mysql/"
+            ] ++ cfg.paths
-            ++ lib.optional (config.security.acme.certs != { }) "/var/lib/acme/" ++ lib.optional config.security.dhparams.enable "/var/lib/dhparams/"
+            ++ lib.optional config.services.postgresql.enable "/var/backup/postgresql/"
            ++ lib.optional config.services.mysql.enable "/var/lib/mysql/"
            ++ lib.optional config.services.gitea.enable "/var/lib/gitea/"
            ++ lib.optional (config.security.acme.certs != { }) "/var/lib/acme/"
            ++ lib.optional config.security.dhparams.enable "/var/lib/dhparams/"
            ++ lib.optional config.mailserver.enable config.mailserver.mailDirectory;
            exclude = lib.mkIf config.services.gitea.enable [
              "/var/lib/gitea/data/indexers/"
              "/var/lib/gitea/data/repo-archive"
              "/var/lib/gitea/data/queues"
              "/var/lib/gitea/data/tmp/"
            ];
            pruneOpts = [ "--group-by host" "--keep-daily 7" "--keep-weekly 4" "--keep-monthly 12" ];
            timerConfig = {
--- a/users/alice/systems/configuration.nix
+++ b/users/alice/systems/configuration.nix
@ -1 +0,0 @@
 { ... }: { }
--- a/users/alice/systems/programs.nix
+++ b/users/alice/systems/programs.nix
@ -1,2 +0,0 @@
 { ... }:
 { }
--- a/users/alice/systems/testtop/configuration.nix
+++ b/users/alice/systems/testtop/configuration.nix
@ -1,25 +0,0 @@
 { pkgs, ... }: {
  imports = [ ../configuration.nix ../programs.nix ./programs.nix ];
  time.timeZone = "America/New_York";
  console.keyMap = "us";
  networking.hostId = "1beb4026";
  boot = {
    zfs.extraPools = [ "Main" ];
    filesystem = "zfs";
    useSystemdBoot = true;
  };
  i18n = {
    defaultLocale = "en_US.utf8";
    supportedLocales = [ "en_US.UTF-8/UTF-8" ];
  };
  boot = {
    default = true;
    kernel.sysctl = { "net.ipv6.conf.ens3.accept_ra" = 1; };
  };
  system.stateVersion = "23.05";
 }
--- a/users/alice/systems/testtop/default.nix
+++ b/users/alice/systems/testtop/default.nix
@ -1,5 +0,0 @@
 { ... }: {
  system = "x86_64-linux";
  home = true;
  sops = false;
 }
--- a/users/alice/systems/testtop/hardware.nix
+++ b/users/alice/systems/testtop/hardware.nix
@ -1,35 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/7295-A442";
    fsType = "vfat";
  };
  swapDevices = [{ device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/users/alice/systems/testtop/programs.nix
+++ b/users/alice/systems/testtop/programs.nix
@ -1,39 +0,0 @@
 { pkgs, ... }: {
  environment.systemPackages = with pkgs; [
    bat
    btop
    croc
    deadnix
    direnv
    fd
    file
    htop
    hwloc
    iperf3
    jp2a
    jq
    lsof
    lynis
    ncdu
    neofetch
    nix-init
    nix-output-monitor
    nix-prefetch
    nix-tree
    nixpkgs-fmt
    nmap
    pciutils
    python3
    qrencode
    ripgrep
    smartmontools
    tig
    tokei
    tree
    unzip
    ventoy
    wget
    zoxide
    zsh-nix-shell
  ];
 }