diff --git a/flake.lock b/flake.lock index ae40519..d05f9a4 100755 --- a/flake.lock +++ b/flake.lock @@ -1,104 +1,5 @@ { "nodes": { - "authentik-nix": { - "inputs": { - "authentik-src": "authentik-src", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils", - "napalm": "napalm", - "nixpkgs": "nixpkgs", - "pyproject-build-systems": "pyproject-build-systems", - "pyproject-nix": "pyproject-nix", - "systems": "systems", - "uv2nix": "uv2nix" - }, - "locked": { - "lastModified": 1761573151, - "narHash": "sha256-Xhr8KqAmieWEjxcmICzUZvOI7EzXL6vGjulpWsQ3HM0=", - "owner": "nix-community", - "repo": "authentik-nix", - "rev": "3082a94074dfefa03b0d04549758425727e91685", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "authentik-nix", - "type": "github" - } - }, - "authentik-src": { - "flake": false, - "locked": { - "lastModified": 1759190535, - "narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=", - "owner": "goauthentik", - "repo": "authentik", - "rev": "8d3a289d12c7de2f244c76493af7880f70d08af2", - "type": "github" - }, - "original": { - "owner": "goauthentik", - "ref": "version/2025.8.4", - "repo": "authentik", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": [ - "authentik-nix", - "systems" - ] - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -120,32 +21,6 @@ "type": "github" } }, - "napalm": { - "inputs": { - "flake-utils": [ - "authentik-nix", - "flake-utils" - ], - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1725806412, - "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=", - "owner": "willibutz", - "repo": "napalm", - "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5", - "type": "github" - }, - "original": { - "owner": "willibutz", - "ref": "avoid-foldl-stack-overflow", - "repo": "napalm", - "type": "github" - } - }, "niri": { "inputs": { "niri-stable": "niri-stable", @@ -242,35 +117,20 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761114652, - "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", + "lastModified": 1761468971, + "narHash": "sha256-vY2OLVg5ZTobdroQKQQSipSIkHlxOTrIF1fsMzPh8w8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", + "rev": "78e34d1667d32d8a0ffc3eba4591ff256e80576e", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs-pin": { "locked": { "lastModified": 1708814358, @@ -319,80 +179,13 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1761468971, - "narHash": "sha256-vY2OLVg5ZTobdroQKQQSipSIkHlxOTrIF1fsMzPh8w8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "78e34d1667d32d8a0ffc3eba4591ff256e80576e", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "pyproject-build-systems": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ], - "pyproject-nix": [ - "authentik-nix", - "pyproject-nix" - ], - "uv2nix": [ - "authentik-nix", - "uv2nix" - ] - }, - "locked": { - "lastModified": 1759113590, - "narHash": "sha256-fgxP2RCN4cg0jYiMYoETYc7TZ2JjgyvJa2y9l8oSUFE=", - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "rev": "dbfc0483b5952c6b86e36f8b3afeb9dde30ea4b5", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "type": "github" - } - }, - "pyproject-nix": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760402624, - "narHash": "sha256-jF6UKLs2uGc2rtved8Vrt58oTWjTQoAssuYs/0578Z4=", - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "rev": "84c4ea102127c77058ea1ed7be7300261fafc7d2", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "type": "github" - } - }, "root": { "inputs": { - "authentik-nix": "authentik-nix", "home-manager": "home-manager", "niri": "niri", "nixos-avf": "nixos-avf", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-pin": "nixpkgs-pin", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix", @@ -424,7 +217,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1761452941, @@ -441,21 +234,6 @@ } }, "systems": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_2": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -470,31 +248,6 @@ "type": "github" } }, - "uv2nix": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ], - "pyproject-nix": [ - "authentik-nix", - "pyproject-nix" - ] - }, - "locked": { - "lastModified": 1761101082, - "narHash": "sha256-4Kt3RsfJgg6HzmDCc44ZN//xB8n7KGEGxxt9dNjqPQc=", - "owner": "pyproject-nix", - "repo": "uv2nix", - "rev": "e6e728d9719e989c93e65145fe3f9e0c65a021a2", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "uv2nix", - "type": "github" - } - }, "xwayland-satellite-stable": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 52c5d7f..3d9e5d9 100755 --- a/flake.nix +++ b/flake.nix @@ -6,8 +6,6 @@ nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-pin.url = "github:NixOS/nixpkgs/336eda0d07dc5e2be1f923990ad9fdb6bc8e28e3"; - authentik-nix.url = "github:nix-community/authentik-nix"; - nixos-avf = { url = "github:nix-community/nixos-avf"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/nixos/services/homeserver/authentik.nix b/modules/nixos/services/homeserver/authentik.nix deleted file mode 100755 index 762c192..0000000 --- a/modules/nixos/services/homeserver/authentik.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ inputs, config, ... }: - -{ - imports = [ inputs.authentik-nix.nixosModules.default ]; - nix.settings = { - substituters = [ "https://nix-community.cachix.org" ]; - trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; - }; - - sops.secrets."authentik/secrets.env".restartUnits = [ "authentik.service" ]; - - services.caddy.virtualHosts."authentik.wo2wz.fyi".extraConfig = - assert config.services.caddy.enable; - '' - import default-settings - import cloudflare-tls - - reverse_proxy localhost:9000 - ''; - - services.authentik = { - enable = true; - environmentFile = config.sops.secrets."authentik/secrets.env".path; - - settings = { - disable_startup_analytics = true; - disable_update_check = true; - avatars = "initials"; - }; - }; -} diff --git a/modules/nixos/services/homeserver/default.nix b/modules/nixos/services/homeserver/default.nix index 06ab122..a75002b 100755 --- a/modules/nixos/services/homeserver/default.nix +++ b/modules/nixos/services/homeserver/default.nix @@ -2,7 +2,6 @@ { imports = [ - ./authentik.nix ./caddy.nix ./cloudflared.nix ./kanidm.nix diff --git a/modules/nixos/services/homeserver/restic.nix b/modules/nixos/services/homeserver/restic.nix index 0b0729b..cfbb005 100644 --- a/modules/nixos/services/homeserver/restic.nix +++ b/modules/nixos/services/homeserver/restic.nix @@ -18,7 +18,6 @@ ${pkgs.sqlite}/bin/sqlite3 /var/lib/nextcloud/data/nextcloud.db ".backup /var/backups/db-backup/nextcloud.db" ${pkgs.sqlite}/bin/sqlite3 /var/lib/ntfy-sh/user.db ".backup /var/backups/db-backup/ntfy-user.db" - ${pkgs.sudo}/bin/sudo -u authentik -- ${pkgs.postgresql}/bin/pg_dump > /var/backups/db-backup/dump-authentik ${pkgs.sudo}/bin/sudo -u onlyoffice -- ${pkgs.postgresql}/bin/pg_dump > /var/backups/db-backup/dump-onlyoffice ${pkgs.sudo}/bin/sudo -u zipline -- ${pkgs.postgresql}/bin/pg_dump > /var/backups/db-backup/dump-zipline ${pkgs.sudo}/bin/sudo -u postgres -- ${pkgs.postgresql}/bin/pg_dumpall -g > /var/backups/db-backup/dump-globals @@ -40,7 +39,6 @@ }; paths = [ - "/var/lib/private/authentik" "/var/lib/private/uptime-kuma" "/var/lib/nextcloud" "/var/lib/vaultwarden" diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 5c5fcaa..f9ea6c6 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,7 +1,5 @@ acme: secrets.env: ENC[AES256_GCM,data:RcSc1yJM/dx0TzH6R/TUf+K5Q7U1AnM1/Up1hmmqbauohoKTjYIQEnCbFKN1K7ZgAhAnkarKXfZb,iv:tmXSCLtvjoEmt984e6sjgi5lhv0UZ2T3g8Xog22Mgnw=,tag:z3UnnRCn7utQRAcuYpDOsA==,type:str] -authentik: - secrets.env: ENC[AES256_GCM,data:tNlefZK5emnwTOLNwMBsXj6yB8wDI584TPnrrbu5p7ohO/PnziLMTQREvah6q8pKWfSGTjMiEAdf3Dy5M3VhJH34phE3eLxT6G9/4ayxOiLLc2QmZ4nryst3mvpx6KVfOqo5dJAUS82SPZllIUFk3n1LV6SGaF+mvQFTHYlYu34B3FgOwl3zw0Ks7UsZTyDjk5qbJsGaDg==,iv:FpJ9/kJxkBfZ7Tr9ZX8GRNDyDN2uzcvCBdExE9UykMY=,tag:UrKZ7YF1Zr0JbvuJM3dt+w==,type:str] caddy: secrets.env: ENC[AES256_GCM,data:clQNTRuttuWFHuD4ZkC0iERNTpi/n25NkwdyxfQOmj7+a2G/84SqRYkaD8AkFmE7rsCRSV5YAqRgSqdhRJxLS7iRwrxIoDLf+w97AnL4g/uK+lcLMLQ=,iv:IyoDG3CZFN0GFL+rwXQFoXwlxedakiWWEoPgolAX93I=,tag:9dso8fpWqx8rD6mM9KxWoQ==,type:str] wo2wz.fyi.crt: ENC[AES256_GCM,data:iYQ7LWUDdrzoo3esSUAVBuv90DRwiOS1nJSbs/MkKHBoEeZBj9QoZB4Dlu6PtbIdxVr3osHHhvPWjJj2KfD0CFfKBV72yxPEF1ci/LqtzQfqcSie7LXAMkZgrHduWHuXU+rSQ1hd8wL3VCwjUda8hLQ+YmMw/P3t41NfkzuXuM3Ds0TKMO3yt5lulIng8xqsiLuF0g/WNmJLdfWDkfiQt1bzX78bzMAkyGmqtphrwpOFwBH7fTTh41uPds2qUi2oXRE358UfpiECvCFntVDxsa9fZQX6FTfTSar8SuR9wD7LtdlP4LZpuOJqlIexPPX7wqGo5hiJrwK217fPWkx4W01yslK9S7YHX3fi69fWtBJvvnfgEOi8H93TtYRRuAcJVbz+XNPIPIkRaif9u219yieuMP+egICeUjiX8KeLktSvPQWR0S3XTsuBHZ+MdRyK2+zPc8iJGVe2NlYsWD7VBylf7ZafVUQ7jokITNKWpuxZyLwodk3tCuZRxosMBxq8RuJtlmt8TIMJal/v6UBLQ2ul5pjspfAkDuUn0+oEHwE08AqwIUeBtgtGvymUjiddr1XS0eXqccdAm1hjU+Yn3MpW2BFRKcLKo4bCrWYr9/HwFqWVVX/ZRf+V7Dy8p1FheZoERurj+377UZk6J14jP+K4rItcNlFJ67WZqUWQXCqN0G5I81Ha5W4sLBT7U9bncG3OxAtH4HsnvpntuJhUWAfaKh6EWQde4XXnkgvNWIyXnDnKWFVE+I2XrGwIycy/iuELbNbKTdPpIcpEVwkFzZYkDR60q4ypUHL8FVy3+k85uPy9qf+cVgNU9tQZ/YELqqtjxg2ocupFnvs2T12/CyrkD/mXHd7dfv9N6n25fg3A8M45FdqG7orrlxiUcy15z1kKwyQe4OR9CmJT3+ZIqd2D44w47kjybemXmx/OeZ5HSmIWIlL6y7y6Sh6Iezufc2Ix3ZXTylHIfnxSDskcgzyPDyidYFuFjcp+C3Zn7jn4df30sETuqsxrFaybIIfzfRxnUcIFhrZgepeTHBbXxPguh78wcSoXhJCPliqMS8PvlPkh6Lh7HJfYzZsWI3bdoMMrg9at39T5qq0l9Vkw8+aHwsDIf+8x3Wnrf0gz+LCy8REH01BmZ5WIYPEFW0MwJJ96wKnwFiTLeck9qxNZo4/33bCkJxmvoiE67VusDA7Ba7tupzAKf7XqSmHUx5mG++DScX1suIuDil3OCcIsW0hDhgzR8llQc2Qul5yLftdDF7nn+RbiGSKabR9nsPR890bUvpZPYdah5eZ/ADTo3tDpODQ4roi/uRpIFhAA0Y/B/i52tCi98jPhjuYWJsIBLznTRCGZ+SS/8B1brq3mkSC8oMLN21jmpLDYh+JpLvGzbgQsHd54gIjwzUNkY2QCIBcvR7aCP5WEW1w8QLHwh4C4pq4h2hBV1vxPuqTGfxe5peTeEeL10GxLluTf6x2maTwEv8n6rQbDvIGqWBdIYw9B08cga4Zsm0ZKDBB9KduP5DHMgD/oBz1dW2njj315jppUGTma8QHSCiETXd2RN6ipOcICYHxAkyS9UXAhqene4jJXClXVxaVAjdTUAK/aK00/VqGXmbuolSHpzOiWoI3+NS/70HAgipJsfKHO4uBLNjF8IG0MZgOXEheziKo1dWNm7aP+6Fysvo2IqGtgJYj/+n9EN9ujdwbYSu9exwAR2LbDSX+S10x15fT0/X9zgQycdLhYKOlJImWEd6s4/DYpziHyKEzyFJIFs6akmSmEmsT2UXIHseatW1jQEySCO14C6clPToztiY8gL/HvDa5BU340E1kdC2akS7/4NgQUTaRuPGQ5LI4lWY+L+BI5tJuTEHevDbZubs87I1So2uGniIhslXDWCL7YsXah0q9tFLi8nhivN+TZTvc8ukr3gw0M2+hpQgX2JKqDIcZSssArr4KVXrv3qWqqQnfdRePX5P830Zc7Q7H2IMSx0VTqoC0Wv5MVM1eyoOSnr2vyBjJWZrqIjByPH2V1i6oRceLYRmXz2QFvgN9aPo0zFmZNFbIfcTRgVEn1UeL1ddGXCmsP8jTAIVbAJF+LMFlxMrLDuTs5aQrGlia2NmF2LvBH45ciKH7kEsatGdNrlLbZzMn/89RjwDPgWfdNVnVs6E9sxpuNW4lMU8IlhqN5VYf+svmYADsVSzU4LjSPUp8FnPMb6z5KkOws7iYARrXMrg==,iv:tbsLIRpuOWHiNhhe1D4gHMeT05G6LVwJB5sWMXZHJD0=,tag:J1tj2/mqG38u4lfgMuqFgw==,type:str] @@ -32,7 +30,7 @@ sops: N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-31T14:53:31Z" - mac: ENC[AES256_GCM,data:HtjXMIO95tdnFg+2k51QJoF/IcG2OYudxuUTeOSdkb2m/SpTLHPjrXf6gylsYmME6BukTTkZxl7aFMqgbPl2L9ppD96MuEj49PiK9bk9XvGvSQc4K8tQZPwA38xV0rcjgErgw5HDkXwi/vbTCDLKcysTkDAb5FPcPNqbsU8EjKY=,iv:6XggO3OLnCwccntUhmCaCpTuJI8N76e3T1S16/gBw1o=,tag:51wvZgRwKSbvqHPv7B3AkQ==,type:str] + lastmodified: "2025-10-31T16:41:02Z" + mac: ENC[AES256_GCM,data:IWJqR/RT4zh/rYOyTP+CxRzCpP6YadUd7F6ZiutxMx44QlCVjx6pEyG0MkFXqSl7A4PMFIx52Oh7uhoBcIYL1/g9maa2wQly2SfnZxA3trLzUwAYNbmDa1oBEDsZ/Ho3Hig49mZrV+ZY93wKRoKyPfhus7ewAyvXsbcjzX1ld9k=,iv:v8JpNjIu2avzkw58A2r74Zb31cWmgaQMJCl7vgYjBcI=,tag:oIO/+SzK3V1uN5VIMN9iTA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0