prefect: Update

hosts/prefect/configuration.nix

@@ -32,7 +32,7 @@
   fileSystems = {
     "/" = {
       fsType = "ext4";
-      device = "scsi-0QEMU_QEMU_HARDDISK_21170924-part1";
+      device = "/dev/sda1";
     };
   };
 }

hosts/prefect/secrets/headscale-oidc-secret.age

@@ -1,21 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 45y3aQ p0Usa815a3d7RuGRRZMFxs5HUTpg/DU23x1VeuBZay0
-EFrqhAkoLTCknnTxMtbkjNuM17Con2flUOE9i/119No
--> ssh-ed25519 ihSg8g IbY+C8M3wDLDGf7r8BKuBTLJR8D17j+CNrLgxc2w+Ts
-LVcaq3XerJvPsjzZcQ2TlXxgsqaiNK9oOhHi1Mw4+Vg
--> ssh-rsa fFaiTA
-TyybYObSw1sv/QIAo/mTZQpwhGic9vrSkuJUByEmGt5jioB0oOhlRVyG4Vr1bfLP
-rC6ZQTyDYL7k/m2qcaCpmqjYbQaN9CCkSwt0IatSruw0LtVmp8SFeVu7qnlZM/il
-+V0fQvCTZhpprwJ0hbLkP+lVuVeBvBnzfjevdEzI8hkG5/5g1d/cBIZmQdwf/bs8
-lcudlU+rWIUPbm3ATFbODxUJuCGjHP/5G+2qJgxSs+upX6mZZydQz+2QzEdhIzZe
-GTS0Cs2QhoQY9zZPojQM/j3f9Co2EgsbjN70wXyCsiEVBZA/5atTjTByBXBGXYMN
-icrgOSlN1dXHeVTtRqNKxPXb9NEgnwQDnuJJDxLFOGolYuABuc2mXeS313Uo0rET
-nQ64Frcoc3kFeTJc2TqmYwr/gWXyE5lShzEB5MeQVXqbJvL/76S9EqRSBZarsSu9
-7WVXX87XDWWniHB7Lb9auIDuFwdpoJCHG/SgqSMCwLw9FmzaKa30VMINJZWBHDGS
-1f9tJnwktes0j3+5rrZ1ci0p2/J6L+a+0bKMT+7iVt1ERrOBbEnGlGXFfQQgH4NC
-w2cnWgOwX0nSxBWGC/jbxjwvttCINQQ9VQw0lXWtGwyLtGpaM6fiVVPfgXOVX+Fr
-lAbtYwyqzJJfCvdcwt8TrA5HGfWCYgWv+IG782UE1Qo
--> s`wc*6R-grease ~U2A K=u(>1iU
-sVFDRSg5MJbq9wvdzOJLxoQLVlOpwRQF+WOvHaMXK73lfpemVPxn
---- nP/fEbtZZLAOfJt6cu6e5U7viH8aEnYy6JReSX2qlQA
-å	e}=<15>0ANd…PÁQçLÜa<C39C>òŸ<n­
z·›h^Àõ>Eèùdâ~1I™{Ƙ„28¾‘·”‰™O~¿’·•v<E280A2>ýÂøÏÄB–B“к×&¶?&<0E>#<
·¾ZN° Ù5Ó[ËÝß6<C39F>ã<EFBFBD>xÈo(åA	'ØÞJ9-/&d;1­ÕôÛ¥ç<»ÍØæ—
ÐL¢ÍQà:ä׬p

hosts/prefect/secrets/secrets.nix

@@ -2,7 +2,7 @@ let
   yubi-back = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";
   yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";
   backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";
-  prefect = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINB12NMo/O8kCQEUx/9GG7cyx8HJEvtA/SHaJutstqB6";
+  prefect = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP532AB5mkNvE29MkDDY8HEf8ZdktGWiI0PzLrvbmLQe";
 in {
   "headscale-oidc-secret.age".publicKeys = [ prefect yubi-main yubi-back ];
 }

hosts/prefect/services/caddy.nix

@@ -6,7 +6,7 @@
 }: {
   services.caddy = {
     enable = true;
-    package = pkgs.callPackage ../../../pkgs/caddyBin.nix {};
+    package = pkgs.callPackage ../../../pkgs/caddyBin2.nix {};
     email = "me@thehedgehog.me";
     globalConfig = ''
       order filter after encode

hosts/prefect/services/headscale.nix

@@ -30,18 +30,18 @@
     };
   };
   # OIDC configuration, so I can have my beloved SSO.
-  openIdConnect = {
-    # Issuer is HedgeCloud auth, my private auth server
-    issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
-    # All people get assigned to the "main" namespace
-    domainMap = {
-      ".*" = "main";
-    };
-    # Set client ID for OIDC
-    clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
-    # Client Secret is in this file
-    clientSecretFile = "/run/agenix/headscale-oidc-secret";
-  };
+  # openIdConnect = {
+  #   # Issuer is HedgeCloud auth, my private auth server
+  #   issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
+  #   # All people get assigned to the "main" namespace
+  #   domainMap = {
+  #     ".*" = "main";
+  #   };
+  #   # Set client ID for OIDC
+  #   clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
+  #   # Client Secret is in this file
+  #   clientSecretFile = "/run/agenix/headscale-oidc-secret";
+  # };
   # Misc settings that aren't set in the above sections
   settings = {
     tls_letsencrypt_challenge_type = "HTTP-01";

hosts/prefect/services/secrets.nix

@@ -1,9 +1,9 @@
 { config.age.secrets = {
-  headscale-oidc-secret = {
-    file = ../secrets/headscale-oidc-secret.age;
-    path = "/run/agenix/headscale-oidc-secret";
-    owner = "headscale";
-    group = "headscale";
-  };
+  # headscale-oidc-secret = {
+  #   file = ../secrets/headscale-oidc-secret.age;
+  #   path = "/run/agenix/headscale-oidc-secret";
+  #   owner = "headscale";
+  #   group = "headscale";
+  # };
 };}
 

pkgs/caddyBin2.nix

@@ -0,0 +1,24 @@
+{
+  fetchFromGitea,
+  lib,
+  stdenv,
+  pkgs,
+}:
+stdenv.mkDerivation {
+  pname = "caddy-bin";
+  version = "2.5.2";
+  phases = [ "unpackPhase" "installPhase" ];
+
+  src = fetchFromGitea rec {
+    domain = "git.exozy.me";
+    owner = "thehedgehog";
+    repo = "nix";
+    rev = "c1db2bc786df5f843b243e7516338c0a487c0571";
+    sha256 = "sha256-/hC/H3OvKGRMqylqwK70Y/LjPFKgSsjWOx5tvKYyOvk=";
+  };
+
+  installPhase = ''
+    install -d $out/bin
+    install -m 755 binaries/caddy $out/bin/caddy
+  '';
+}