prefect: Update
This commit is contained in:
parent
7cf1097771
commit
5e9bbd4630
7 changed files with 45 additions and 42 deletions
|
@ -32,7 +32,7 @@
|
|||
fileSystems = {
|
||||
"/" = {
|
||||
fsType = "ext4";
|
||||
device = "scsi-0QEMU_QEMU_HARDDISK_21170924-part1";
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 45y3aQ p0Usa815a3d7RuGRRZMFxs5HUTpg/DU23x1VeuBZay0
|
||||
EFrqhAkoLTCknnTxMtbkjNuM17Con2flUOE9i/119No
|
||||
-> ssh-ed25519 ihSg8g IbY+C8M3wDLDGf7r8BKuBTLJR8D17j+CNrLgxc2w+Ts
|
||||
LVcaq3XerJvPsjzZcQ2TlXxgsqaiNK9oOhHi1Mw4+Vg
|
||||
-> ssh-rsa fFaiTA
|
||||
TyybYObSw1sv/QIAo/mTZQpwhGic9vrSkuJUByEmGt5jioB0oOhlRVyG4Vr1bfLP
|
||||
rC6ZQTyDYL7k/m2qcaCpmqjYbQaN9CCkSwt0IatSruw0LtVmp8SFeVu7qnlZM/il
|
||||
+V0fQvCTZhpprwJ0hbLkP+lVuVeBvBnzfjevdEzI8hkG5/5g1d/cBIZmQdwf/bs8
|
||||
lcudlU+rWIUPbm3ATFbODxUJuCGjHP/5G+2qJgxSs+upX6mZZydQz+2QzEdhIzZe
|
||||
GTS0Cs2QhoQY9zZPojQM/j3f9Co2EgsbjN70wXyCsiEVBZA/5atTjTByBXBGXYMN
|
||||
icrgOSlN1dXHeVTtRqNKxPXb9NEgnwQDnuJJDxLFOGolYuABuc2mXeS313Uo0rET
|
||||
nQ64Frcoc3kFeTJc2TqmYwr/gWXyE5lShzEB5MeQVXqbJvL/76S9EqRSBZarsSu9
|
||||
7WVXX87XDWWniHB7Lb9auIDuFwdpoJCHG/SgqSMCwLw9FmzaKa30VMINJZWBHDGS
|
||||
1f9tJnwktes0j3+5rrZ1ci0p2/J6L+a+0bKMT+7iVt1ERrOBbEnGlGXFfQQgH4NC
|
||||
w2cnWgOwX0nSxBWGC/jbxjwvttCINQQ9VQw0lXWtGwyLtGpaM6fiVVPfgXOVX+Fr
|
||||
lAbtYwyqzJJfCvdcwt8TrA5HGfWCYgWv+IG782UE1Qo
|
||||
-> s`wc*6R-grease ~U2A K=u(>1iU
|
||||
sVFDRSg5MJbq9wvdzOJLxoQLVlOpwRQF+WOvHaMXK73lfpemVPxn
|
||||
--- nP/fEbtZZLAOfJt6cu6e5U7viH8aEnYy6JReSX2qlQA
|
||||
å e}=<15>0ANd…PÁQçLÜa<C39C>òŸ<nz·›h^Àõ>Eèùdâ~1I™{Ƙ„28¾‘·”‰™O~¿’·•v<E280A2>ýÂøÏÄB–B“к×&¶?&<0E>#<
·¾ZN° Ù5Ó[ËÝß6<C39F>ã<EFBFBD>xÈo(åA 'ØÞJ9-/&d;1ÕôÛ¥ç<»ÍØæ—ÐL¢ÍQà:ä׬p
|
|
@ -2,7 +2,7 @@ let
|
|||
yubi-back = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";
|
||||
yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";
|
||||
backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";
|
||||
prefect = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINB12NMo/O8kCQEUx/9GG7cyx8HJEvtA/SHaJutstqB6";
|
||||
prefect = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP532AB5mkNvE29MkDDY8HEf8ZdktGWiI0PzLrvbmLQe";
|
||||
in {
|
||||
"headscale-oidc-secret.age".publicKeys = [ prefect yubi-main yubi-back ];
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
}: {
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
package = pkgs.callPackage ../../../pkgs/caddyBin.nix {};
|
||||
package = pkgs.callPackage ../../../pkgs/caddyBin2.nix {};
|
||||
email = "me@thehedgehog.me";
|
||||
globalConfig = ''
|
||||
order filter after encode
|
||||
|
|
|
@ -30,18 +30,18 @@
|
|||
};
|
||||
};
|
||||
# OIDC configuration, so I can have my beloved SSO.
|
||||
openIdConnect = {
|
||||
# Issuer is HedgeCloud auth, my private auth server
|
||||
issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
|
||||
# All people get assigned to the "main" namespace
|
||||
domainMap = {
|
||||
".*" = "main";
|
||||
};
|
||||
# Set client ID for OIDC
|
||||
clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
|
||||
# Client Secret is in this file
|
||||
clientSecretFile = "/run/agenix/headscale-oidc-secret";
|
||||
};
|
||||
# openIdConnect = {
|
||||
# # Issuer is HedgeCloud auth, my private auth server
|
||||
# issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
|
||||
# # All people get assigned to the "main" namespace
|
||||
# domainMap = {
|
||||
# ".*" = "main";
|
||||
# };
|
||||
# # Set client ID for OIDC
|
||||
# clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
|
||||
# # Client Secret is in this file
|
||||
# clientSecretFile = "/run/agenix/headscale-oidc-secret";
|
||||
# };
|
||||
# Misc settings that aren't set in the above sections
|
||||
settings = {
|
||||
tls_letsencrypt_challenge_type = "HTTP-01";
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
{ config.age.secrets = {
|
||||
headscale-oidc-secret = {
|
||||
file = ../secrets/headscale-oidc-secret.age;
|
||||
path = "/run/agenix/headscale-oidc-secret";
|
||||
owner = "headscale";
|
||||
group = "headscale";
|
||||
};
|
||||
# headscale-oidc-secret = {
|
||||
# file = ../secrets/headscale-oidc-secret.age;
|
||||
# path = "/run/agenix/headscale-oidc-secret";
|
||||
# owner = "headscale";
|
||||
# group = "headscale";
|
||||
# };
|
||||
};}
|
||||
|
||||
|
|
24
pkgs/caddyBin2.nix
Normal file
24
pkgs/caddyBin2.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
fetchFromGitea,
|
||||
lib,
|
||||
stdenv,
|
||||
pkgs,
|
||||
}:
|
||||
stdenv.mkDerivation {
|
||||
pname = "caddy-bin";
|
||||
version = "2.5.2";
|
||||
phases = [ "unpackPhase" "installPhase" ];
|
||||
|
||||
src = fetchFromGitea rec {
|
||||
domain = "git.exozy.me";
|
||||
owner = "thehedgehog";
|
||||
repo = "nix";
|
||||
rev = "c1db2bc786df5f843b243e7516338c0a487c0571";
|
||||
sha256 = "sha256-/hC/H3OvKGRMqylqwK70Y/LjPFKgSsjWOx5tvKYyOvk=";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
install -d $out/bin
|
||||
install -m 755 binaries/caddy $out/bin/caddy
|
||||
'';
|
||||
}
|
Loading…
Reference in a new issue