fix photon ldap config (#74)

* fix photon ldap config * secrets update
2024-02-05 18:22:52 +01:00 · 2024-02-05 18:22:52 +01:00 · 47a65a151c
commit 47a65a151c
parent 59a4293b28
9 changed files with 67 additions and 225 deletions
--- a/flake.lock
+++ b/flake.lock
@ -119,11 +119,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706985585,
-        "narHash": "sha256-ptshv4qXiC6V0GCfpABz88UGGPNwqs5tAxaRUKbk1Qo=",
+        "lastModified": 1707114923,
+        "narHash": "sha256-LDYPWa+BgxHSNEye93SyIPgz5u3RAfh78P9KyO+rQzI=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "1ca210648a6ca9b957efde5da957f3de6b1f0c45",
+        "rev": "afcedcf2c8e424d0465e823cf833eb3adebe1db7",
        "type": "github"
      },
      "original": {
@ -152,10 +152,18 @@
      "inputs": {
        "blobs": "blobs",
        "flake-compat": "flake-compat",
-        "nixpkgs": "nixpkgs",
-        "nixpkgs-23_05": "nixpkgs-23_05",
-        "nixpkgs-23_11": "nixpkgs-23_11",
-        "utils": "utils"
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-23_05": [
+          "nixpkgs"
+        ],
+        "nixpkgs-23_11": [
+          "nixpkgs"
+        ],
+        "utils": [
+          "flake-utils"
+        ]
      },
      "locked": {
        "lastModified": 1706742486,
@ -202,11 +210,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706411424,
-        "narHash": "sha256-BzziJYucEZvdCE985vjPoo3ztWcmUiSQ1wJ2CoT6jCc=",
+        "lastModified": 1707016097,
+        "narHash": "sha256-V4lHr6hFQ3rK650dh64Xffxsf4kse9vUYWsM+ldjkco=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "c782f2a4f6fc94311ab5ef31df2f1149a1856181",
+        "rev": "3e3dad2808379c522138e2e8b0eb73500721a237",
        "type": "github"
      },
      "original": {
@ -248,11 +256,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706740920,
-        "narHash": "sha256-uFwu44BZf17WYMAEmYIcdtVyNLDRVselv3rNsm7PYeE=",
+        "lastModified": 1707090318,
+        "narHash": "sha256-/0Xq6+wh6ea4+4lnO/yUFTaBYzmQtA52/mOKfw08/J8=",
        "owner": "SuperSandro2000",
        "repo": "nixos-modules",
-        "rev": "453f941ff2cde75a5aac5d99c695d368fa28b7e1",
+        "rev": "fdb31cd04b592d5fdfca96027b36e28e79e977c2",
        "type": "github"
      },
      "original": {
@ -263,47 +271,18 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1706732774,
-        "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
-        "owner": "NixOS",
+        "lastModified": 1706913249,
+        "narHash": "sha256-x3M7iV++CsvRXI1fpyFPduGELUckZEhSv0XWnUopAG8=",
+        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
+        "rev": "e92b6015881907e698782c77641aa49298330223",
        "type": "github"
      },
      "original": {
-        "id": "nixpkgs",
+        "owner": "nixos",
        "ref": "nixos-unstable",
-        "type": "indirect"
-      }
-    },
-    "nixpkgs-23_05": {
-      "locked": {
-        "lastModified": 1704290814,
-        "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
-        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-23.05",
-        "type": "indirect"
-      }
-    },
-    "nixpkgs-23_11": {
-      "locked": {
-        "lastModified": 1706826059,
-        "narHash": "sha256-N69Oab+cbt3flLvYv8fYnEHlBsWwdKciNZHUbynVEOA=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-23.11",
-        "type": "indirect"
      }
    },
    "nixpkgs-fmt": {
@ -348,22 +327,6 @@
        "type": "github"
      }
    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1706732774,
-        "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "root": {
      "inputs": {
        "c3d2-user-module": "c3d2-user-module",
@ -375,10 +338,10 @@
        "nix-index-database": "nix-index-database",
        "nix-pre-commit": "nix-pre-commit",
        "nixos-modules": "nixos-modules",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "nixpkgs-fmt": "nixpkgs-fmt",
        "sops-nix": "sops-nix",
-        "systems": "systems_2"
+        "systems": "systems"
      }
    },
    "rust-analyzer-src": {
@ -408,11 +371,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706410821,
-        "narHash": "sha256-iCfXspqUOPLwRobqQNAQeKzprEyVowLMn17QaRPQc+M=",
+        "lastModified": 1707015547,
+        "narHash": "sha256-YZr0OrqWPdbwBhxpBu69D32ngJZw8AMgZtJeaJn0e94=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "73bf36912e31a6b21af6e0f39218e067283c67ef",
+        "rev": "23f61b897c00b66855074db471ba016e0cda20dd",
        "type": "github"
      },
      "original": {
@ -435,39 +398,6 @@
        "repo": "default",
        "type": "github"
      }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1705309234,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -11,7 +11,6 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    systems.url = "github:nix-systems/default";
-    mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";

    nix-index-database = {
      url = "github:Mic92/nix-index-database";
@ -50,6 +49,16 @@
      };
    };

+    mailserver = {
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        nixpkgs-23_05.follows = "nixpkgs";
+        nixpkgs-23_11.follows = "nixpkgs";
+        utils.follows = "flake-utils";
+      };
+    };
+
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
@ -188,17 +197,16 @@
            value = constructSystem ({ hostname = system; } // builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [ "hostname" "server" "home" ]);
          })
          (lsdir "systems"))) // (builtins.listToAttrs (builtins.concatMap
-          (user:
-            map
-              (system: {
-                name = "${user}.${system}";
-                value = constructSystem ({
-                  hostname = system;
-                  server = false;
-                  users = [ user ];
-                } // builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [ "hostname" "server" "users" ]);
-              })
-              (lsdir "users/${user}/systems"))
+          (user: map
+            (system: {
+              name = "${user}.${system}";
+              value = constructSystem ({
+                hostname = system;
+                server = false;
+                users = [ user ];
+              } // builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [ "hostname" "server" "users" ]);
+            })
+            (lsdir "users/${user}/systems"))
          (lsdir "users")));

      devShell = lib.mapAttrs
@ -235,7 +243,7 @@
          let
            mkBuild = type:
              let
-                getBuildEntryPoint = name: nixosSystem:
+                getBuildEntryPoint = (name: nixosSystem:
                  if builtins.hasAttr type nixosSystem.config.system.build then
                    let
                      cfg = nixosSystem.config.system.build.${type};
@ -244,9 +252,9 @@
                      lib.recursiveUpdate cfg { meta.timeout = 24 * 60 * 60; }
                    else
                      cfg
-                  else { };
+                  else { });
              in
-              lib.filterAttrs (n: v: v != { }) (lib.mapAttrs getBuildEntryPoint self.nixosConfigurations);
+              lib.filterAttrs (n: v: v != { }) (builtins.mapAttrs getBuildEntryPoint self.nixosConfigurations);
          in
          builtins.listToAttrs (map
            (type: {
--- a/modules/backup.nix
+++ b/modules/backup.nix
@ -70,10 +70,21 @@ in {
              "/etc/subgid"
              "/etc/subuid"
              "/var/lib/nixos/"
-            ] ++ cfg.paths ++ lib.optional config.services.postgresql.enable "/var/backup/postgresql/" ++ lib.optional config.services.mysql.enable "/var/lib/mysql/"
-            ++ lib.optional (config.security.acme.certs != { }) "/var/lib/acme/" ++ lib.optional config.security.dhparams.enable "/var/lib/dhparams/"
+            ] ++ cfg.paths
+            ++ lib.optional config.services.postgresql.enable "/var/backup/postgresql/"
+            ++ lib.optional config.services.mysql.enable "/var/lib/mysql/"
+            ++ lib.optional config.services.gitea.enable "/var/lib/gitea/"
+            ++ lib.optional (config.security.acme.certs != { }) "/var/lib/acme/"
+            ++ lib.optional config.security.dhparams.enable "/var/lib/dhparams/"
            ++ lib.optional config.mailserver.enable config.mailserver.mailDirectory;

+            exclude = lib.mkIf config.services.gitea.enable [
+              "/var/lib/gitea/data/indexers/"
+              "/var/lib/gitea/data/repo-archive"
+              "/var/lib/gitea/data/queues"
+              "/var/lib/gitea/data/tmp/"
+            ];
+
            pruneOpts = [ "--group-by host" "--keep-daily 7" "--keep-weekly 4" "--keep-monthly 12" ];

            timerConfig = {
--- a/users/alice/systems/configuration.nix
+++ b/users/alice/systems/configuration.nix
@ -1 +0,0 @@
-{ ... }: { }
--- a/users/alice/systems/programs.nix
+++ b/users/alice/systems/programs.nix
@ -1,2 +0,0 @@
-{ ... }:
-{ }
--- a/users/alice/systems/testtop/configuration.nix
+++ b/users/alice/systems/testtop/configuration.nix
@ -1,25 +0,0 @@
-{ pkgs, ... }: {
-  imports = [ ../configuration.nix ../programs.nix ./programs.nix ];
-
-  time.timeZone = "America/New_York";
-  console.keyMap = "us";
-  networking.hostId = "1beb4026";
-
-  boot = {
-    zfs.extraPools = [ "Main" ];
-    filesystem = "zfs";
-    useSystemdBoot = true;
-  };
-
-  i18n = {
-    defaultLocale = "en_US.utf8";
-    supportedLocales = [ "en_US.UTF-8/UTF-8" ];
-  };
-
-  boot = {
-    default = true;
-    kernel.sysctl = { "net.ipv6.conf.ens3.accept_ra" = 1; };
-  };
-
-  system.stateVersion = "23.05";
-}
--- a/users/alice/systems/testtop/default.nix
+++ b/users/alice/systems/testtop/default.nix
@ -1,5 +0,0 @@
-{ ... }: {
-  system = "x86_64-linux";
-  home = true;
-  sops = false;
-}
--- a/users/alice/systems/testtop/hardware.nix
+++ b/users/alice/systems/testtop/hardware.nix
@ -1,35 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/7295-A442";
-    fsType = "vfat";
-  };
-
-  swapDevices = [{ device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
--- a/users/alice/systems/testtop/programs.nix
+++ b/users/alice/systems/testtop/programs.nix
@ -1,39 +0,0 @@
-{ pkgs, ... }: {
-  environment.systemPackages = with pkgs; [
-    bat
-    btop
-    croc
-    deadnix
-    direnv
-    fd
-    file
-    htop
-    hwloc
-    iperf3
-    jp2a
-    jq
-    lsof
-    lynis
-    ncdu
-    neofetch
-    nix-init
-    nix-output-monitor
-    nix-prefetch
-    nix-tree
-    nixpkgs-fmt
-    nmap
-    pciutils
-    python3
-    qrencode
-    ripgrep
-    smartmontools
-    tig
-    tokei
-    tree
-    unzip
-    ventoy
-    wget
-    zoxide
-    zsh-nix-shell
-  ];
-}