5 files changed, 62 insertions, 12 deletions

diff --git a/data/aliases.nix b/data/aliases.nix
index 8445ecd..d2de58e 100644
--- a/data/aliases.nix
+++ b/data/aliases.nix
@@ -22,5 +22,6 @@ rec {
     prometheus = { port = 11112; };
     prometheus-exporter = { port = 11113; };
     prometheus-snmp-exporter = { port = 11114; };
+    login = { address = ip.dragon; port = 11115; };
   };
 }
diff --git a/flake.lock b/flake.lock
index f8da271..bb9652e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1621135068,
-        "narHash": "sha256-aPJlgosfLp3QtPDFLf/N7qNpIo5Q45MpYyzlaACL2G4=",
+        "lastModified": 1625384440,
+        "narHash": "sha256-WnDK+LZioER6eeC8Sm7GPvbiS6XPyUqn+qtc2lvjLHo=",
         "owner": "rycee",
         "repo": "home-manager",
-        "rev": "77188bcd6e2c6c7a99253b36f08ed7b65f2901d2",
+        "rev": "ac319fd3149b23a3ad8ee24cb2def6e67acf194c",
         "type": "github"
       },
       "original": {
@@ -23,11 +23,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1620983891,
-        "narHash": "sha256-E2OKVgGo/cUqDsrIeYGVx64b4cxgzd7+bX33NHL0rbA=",
+        "lastModified": 1625333638,
+        "narHash": "sha256-M6J9RN60XJyv6nUfDFCwnz5aVjhe8+GJnV8Q9VpdQQQ=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "c4399b921fa7ff5f93ee10b3521b56b722ed74d8",
+        "rev": "41775780a0b6b32b3d32dcc32bb9bc6df809062d",
         "type": "github"
       },
       "original": {
@@ -39,11 +39,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1624172050,
-        "narHash": "sha256-sLQEhZ6Ffjx0J1AJxHQDY4y7XWKxI/Zgm/hQJjkjZ6M=",
+        "lastModified": 1625176478,
+        "narHash": "sha256-s1RTYNKw7ySyqrZjns9Cq+Nnjpp75ePgL06pgcbIpoA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6613a30c5e3ee59753181512b4bedd4121569925",
+        "rev": "21b696caf392ad6fa513caf3327d0aa0430ffb72",
         "type": "github"
       },
       "original": {
@@ -55,11 +55,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1621073999,
-        "narHash": "sha256-Cp99YreSFedcWovxNmO8g8qFYltQQJPRLfuot6Z7iGE=",
+        "lastModified": 1625366435,
+        "narHash": "sha256-29ZJQBmJ9p2IienoYXCT/qq8sf+rfOvXWfeqVLZOh0E=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "83d907fd760d9ee4f49b4b7e4b1c6682f137b573",
+        "rev": "20887e4bbfdae3aed6bfa1f53ddf138ee325515e",
         "type": "github"
       },
       "original": {
diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix
index 72c4549..041a2fd 100644
--- a/machines/x1-pincer.nix
+++ b/machines/x1-pincer.nix
@@ -7,6 +7,7 @@ let ports = {
   orbekk.desktop.enable = true;
   orbekk.thinkpad.enable = true;
   orbekk.simple-firewall.allowedTCPPorts = [ ports.minecraft ]; # socks proxy
+  orbekk.login.enable = true;
 
   networking.networkmanager.enable = true;
 
diff --git a/modules/desktop.nix b/modules/desktop.nix
index c707545..6fcc3de 100644
--- a/modules/desktop.nix
+++ b/modules/desktop.nix
@@ -74,6 +74,7 @@ in
       ledger
       networkmanagerapplet
       nix-index
+      nixfmt
       pavucontrol
       rofi
       rxvt_unicode-with-plugins
@@ -99,6 +100,7 @@ in
 
     services = {
       avahi.enable = true;
+      blueman.enable = true;
 
       xserver = {
         enable = true;
diff --git a/modules/login.nix b/modules/login.nix
new file mode 100644
index 0000000..d2a6de3
--- /dev/null
+++ b/modules/login.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.orbekk.login;
+  aliases = import ../data/aliases.nix;
+in
+{
+  options = {
+    orbekk.login = {
+      enable = lib.mkEnableOption "Enable login server";
+      loginPort = lib.mkOption {
+        type = lib.types.int;
+        default = aliases.services.login.port;
+      };
+      loginDomain = lib.mkOption {
+        type = lib.types.str;
+        default = "login.orbekk.com";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.keycloak = {
+      enable = false;
+      httpPort = "8080";
+      bindAddress = "127.0.0.1";
+      database.type = "postgresql";
+      database.passwordFile = "/opt/secret/keycloak/db_password";
+      frontendUrl = "http://localhost/auth";
+    };
+
+    environment.systemPackages = with pkgs; [
+      xmlstarlet
+      libtidy
+      jq
+    ];
+
+    # services.nginx.virtualHosts.${cfg.loginDomain} = {
+    #   enableACME = true;
+    #   forceSSL = true;
+    #   locations."/" = {
+    #     proxyPass = "http://127.0.0.1:${toString cfg.loginPort}";
+    #     proxyWebsockets = true;
+    #   };
+    # };
+  };
+}