diff --git a/flake.lock b/flake.lock index ff26f9f..32cf6ae 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,67 @@ "type": "github" } }, + "authentik": { + "inputs": { + "authentik-go": "authentik-go", + "authentik-src": "authentik-src", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "napalm": "napalm", + "nixpkgs": "nixpkgs_2", + "pyproject-build-systems": "pyproject-build-systems", + "pyproject-nix": "pyproject-nix", + "systems": "systems_2", + "uv2nix": "uv2nix" + }, + "locked": { + "lastModified": 1774079362, + "narHash": "sha256-HkoEWTxU5gNigcnhIa3GXukHqC5xGmgVaLICGUKlpdo=", + "owner": "nix-community", + "repo": "authentik-nix", + "rev": "1f279763d8b4a9138c01f1021f53e09bc2c54eb9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "authentik-nix", + "type": "github" + } + }, + "authentik-go": { + "flake": false, + "locked": { + "lastModified": 1771856219, + "narHash": "sha256-zTEmvxe+BpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno=", + "owner": "goauthentik", + "repo": "client-go", + "rev": "4c1444ee54d945fbcc5ae107b4f191ca0352023d", + "type": "github" + }, + "original": { + "owner": "goauthentik", + "repo": "client-go", + "type": "github" + } + }, + "authentik-src": { + "flake": false, + "locked": { + "lastModified": 1772567399, + "narHash": "sha256-0Vpf1hj9C8r+rhrCgwoNazpQ+mwgjdjDhuoKCxYQFWw=", + "owner": "goauthentik", + "repo": "authentik", + "rev": "0dccbd4193c45c581e9fb7cd89df0c1487510f1f", + "type": "github" + }, + "original": { + "owner": "goauthentik", + "ref": "version/2026.2.1", + "repo": "authentik", + "type": "github" + } + }, "blobs": { "flake": false, "locked": { @@ -77,6 +138,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1668681692, @@ -92,7 +169,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1767039857, @@ -108,7 +185,46 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { + "inputs": { + "systems": [ + "authentik", + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -199,11 +315,11 @@ ] }, "locked": { - "lastModified": 1773264488, - "narHash": "sha256-rK0507bDuWBrZo+0zts9bCs/+RRUEHuvFE5DHWPxX/Q=", + "lastModified": 1773681845, + "narHash": "sha256-o8hrZrigP0JYcwnglCp8Zi8jQafWsxbDtRRPzuVwFxY=", "owner": "nix-community", "repo": "home-manager", - "rev": "5c0f63f8d55040a7eed69df7e3fcdd15dfb5a04c", + "rev": "0759e0e137305bc9d0c52c204c6d8dffe6f601a6", "type": "github" }, "original": { @@ -220,11 +336,11 @@ ] }, "locked": { - "lastModified": 1773597207, - "narHash": "sha256-ZHoQqj+prlvfMItkQ/xTZbPguEcRlNPyRzh2j/51z8E=", + "lastModified": 1773681856, + "narHash": "sha256-+bRqxoFCJFO9ZTFhcCkzNXbDT3b8AEk88fyjB7Is6eo=", "owner": "nix-community", "repo": "home-manager", - "rev": "585a161ea6d1ec78e0daee9f1b40f8539d53d4a3", + "rev": "57d5560ee92a424fb71fde800acd6ed2c725dfce", "type": "github" }, "original": { @@ -272,10 +388,10 @@ }, "mms": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", "nix": "nix", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1669478601, @@ -291,10 +407,36 @@ "type": "github" } }, + "napalm": { + "inputs": { + "flake-utils": [ + "authentik", + "flake-utils" + ], + "nixpkgs": [ + "authentik", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725806412, + "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=", + "owner": "willibutz", + "repo": "napalm", + "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5", + "type": "github" + }, + "original": { + "owner": "willibutz", + "ref": "avoid-foldl-stack-overflow", + "repo": "napalm", + "type": "github" + } + }, "nix": { "inputs": { "lowdown-src": "lowdown-src", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-regression": "nixpkgs-regression" }, "locked": { @@ -382,6 +524,21 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "72716169fe93074c333e8d0173151350670b824c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-regression": { "locked": { "lastModified": 1643052045, @@ -400,11 +557,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1773524153, - "narHash": "sha256-Jms57zzlFf64ayKzzBWSE2SGvJmK+NGt8Gli71d9kmY=", + "lastModified": 1773705440, + "narHash": "sha256-xB30bbAp0e7ogSEYyc126mAJMt4FRFh8wtm6ADE1xuM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9f278faa1d0c2fc835bd331d4666b59b505a410", + "rev": "48652e9d5aea46e555b3df87354280d4f29cd3a3", "type": "github" }, "original": { @@ -415,6 +572,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1771848320, + "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2fc6539b481e1d2569f25f8799236694180c0993", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1657693803, "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", @@ -430,7 +603,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1669378442, "narHash": "sha256-nm+4PN0A4SnV0SzEchxrMyKPvI3Ld/aoom4PnHeHucs=", @@ -446,13 +619,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { - "lastModified": 1773389992, - "narHash": "sha256-wvfdLLWJ2I9oEpDd9PfMA8osfIZicoQ5MT1jIwNs9Tk=", + "lastModified": 1773646010, + "narHash": "sha256-iYrs97hS7p5u4lQzuNWzuALGIOdkPXvjz7bviiBjUu8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c06b4ae3d6599a672a6210b7021d699c351eebda", + "rev": "5b2c2d84341b2afb5647081c1386a80d7a8d8605", "type": "github" }, "original": { @@ -462,7 +635,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1773046814, "narHash": "sha256-3CEw64UyzEk5QjfbcXNIl4TfmIpa2oY+duuo6aiawcU=", @@ -478,7 +651,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1773389992, "narHash": "sha256-wvfdLLWJ2I9oEpDd9PfMA8osfIZicoQ5MT1jIwNs9Tk=", @@ -494,16 +667,67 @@ "type": "github" } }, + "pyproject-build-systems": { + "inputs": { + "nixpkgs": [ + "authentik", + "nixpkgs" + ], + "pyproject-nix": [ + "authentik", + "pyproject-nix" + ], + "uv2nix": [ + "authentik", + "uv2nix" + ] + }, + "locked": { + "lastModified": 1771423342, + "narHash": "sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8=", + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "rev": "04e9c186e01f0830dad3739088070e4c551191a4", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "type": "github" + } + }, + "pyproject-nix": { + "inputs": { + "nixpkgs": [ + "authentik", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1771518446, + "narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=", + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", + "authentik": "authentik", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", "mms": "mms", "nix-darwin": "nix-darwin", "nix-homebrew": "nix-homebrew", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable", "simple-nixos-mailserver": "simple-nixos-mailserver", "zen-browser": "zen-browser" @@ -512,16 +736,16 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1773534970, - "narHash": "sha256-soFJ6fOa2g/048R3tJfihmz/PXRZk97mKmXEXcc9H/8=", + "lastModified": 1773599089, + "narHash": "sha256-3R+2SlbvKyYprAwWafUk7ATVKcJRBKlNhbm6Bn6t0HU=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "75f9549a814221a2942f367bc1cabc9303569fa0", + "rev": "7dfcb21d35a4e8de09b38d822a0e0b7d64d61192", "type": "gitlab" }, "original": { @@ -546,17 +770,57 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "uv2nix": { + "inputs": { + "nixpkgs": [ + "authentik", + "nixpkgs" + ], + "pyproject-nix": [ + "authentik", + "pyproject-nix" + ] + }, + "locked": { + "lastModified": 1772187362, + "narHash": "sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc=", + "owner": "pyproject-nix", + "repo": "uv2nix", + "rev": "abe65de114300de41614002fe9dce2152ac2ac23", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "uv2nix", + "type": "github" + } + }, "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1773588616, - "narHash": "sha256-Ukh79t1IMpP4FRsJDZ/3Y72VpW+QwNe/QRB5pTsH20Q=", + "lastModified": 1773737882, + "narHash": "sha256-P6k0BtT1/idYveVRdcwAZk8By9UjZW8XOMhSoS6wTBY=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "b34b64ee5a85ab61394c491ac3dad335d3cbfbb8", + "rev": "a7f1db35d74faf04e5189b3a32f890186ace5c28", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d72fe80..6e4fb44 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,7 @@ mms.url = "github:mkaito/nixos-modded-minecraft-servers"; agenix.url = "github:ryantm/agenix"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; + authentik.url = "github:nix-community/authentik-nix"; home-manager = { url = "github:nix-community/home-manager"; @@ -47,6 +48,7 @@ ./hosts/hitsugibune/configuration.nix inputs.agenix.nixosModules.default inputs.simple-nixos-mailserver.nixosModules.default + inputs.authentik.nixosModules.default ]; }; nixosConfigurations.saberofxebec = nixpkgs-stable.lib.nixosSystem { diff --git a/hosts/goingmerry/configuration.nix b/hosts/goingmerry/configuration.nix index 2257768..f192c64 100644 --- a/hosts/goingmerry/configuration.nix +++ b/hosts/goingmerry/configuration.nix @@ -319,7 +319,7 @@ fprintd.enable = true; blueman.enable = true; onedrive.enable = true; - udev.packages = [ pkgs.yubikey-personalization ]; + udev.packages = [pkgs.yubikey-personalization]; }; # List services that you want to enable: diff --git a/hosts/hitsugibune/authentik.nix b/hosts/hitsugibune/authentik.nix new file mode 100644 index 0000000..ebb08ff --- /dev/null +++ b/hosts/hitsugibune/authentik.nix @@ -0,0 +1,20 @@ +{config, ...}: { + age.secrets.authentik-env = { + file = ../../secrets/authentik.age; + }; + + services.authentik = { + enable = true; + environmentFile = config.age.secrets.authentik-env.path; + settings = { + disable_startup_analytics = true; + avatars = "initials"; + }; + + nginx = { + enable = true; + enableACME = true; + host = "auth.sprechtl.me"; + }; + }; +} diff --git a/secrets/authentik.age b/secrets/authentik.age new file mode 100644 index 0000000..c2ae9d7 --- /dev/null +++ b/secrets/authentik.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 7PLkJg KqYy2n6JMP/zhpOg1Oe+ZCUK+hyxPOYJv3vlH/aiQBo +7s5wV6r9DBsUEBvZREbHCY9M1wm3OTVaD3+gTLlMeJ8 +-> ssh-rsa LgF3EQ +XVnkj2uDGyjHwO3SHvXYAx4GsmDBrXj1MexVhZruQtn+lMQZBbXPcXcsjFipBX9Z +4QsyHoOXc0TiMsb2rv0RSEwU3V5q3mXVsuqc8HENRgsSZOFpnI34gff2konp7ghc +vJrOJ96HhZQHynr09J1Zo6t6ZOz/C12K9nVJ/n39sBop4qc+1jk/0l/rQl30xESf +ZSA5WKW0HJgt6d6iwfxN2PRbfDx3No04rRG+UvoYJ1moIHOzp8c5xiFoFPE0Y+5Y +JyniAUJHw2WbCvp5fwWtYScn1cXSAghfYHD366n9B5sk41Az8RpmtNLKzuNVaW2K +lsaOUyuGotVwkXMuv7gmwPisrupNJ7CT/H8fLFx5p3rh5t4anaWmKSxKWNSXe4Ll +opLV2fGGjR5MxxK0ycBtAmYmbDYtrd4fJWTalaSSvvPzmAhT28vsnsrXAddxp0Au +9ZtfOV+qnE4hxbg5Vd3175U2bmPFdE5jajOJgMN7g8uNJcbAs3/pt7JYP61KZyHU + +--- 56a/qxZxFS00kFf6nFhjyvKwcnWJYnlVYqnDBViEmc4 +Gݏ=xۭ8):5yrՆBbS_LVj('gT@y0aܠME b]v<ڰ#j$3 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 310ff47..648ebe4 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -17,4 +17,5 @@ in { "mautrix-whatsapp.age".publicKeys = [hitsugibune key]; "coturn.age".publicKeys = [hitsugibune key]; "mail-admin.age".publicKeys = [hitsugibune key]; + "authentik.age".publicKeys = [hitsugibune key]; }