diff options
-rw-r--r-- | data/aliases.nix | 1 | ||||
-rw-r--r-- | flake.lock | 24 | ||||
-rw-r--r-- | machines/x1-pincer.nix | 1 | ||||
-rw-r--r-- | modules/desktop.nix | 2 | ||||
-rw-r--r-- | modules/login.nix | 46 |
5 files changed, 62 insertions, 12 deletions
diff --git a/data/aliases.nix b/data/aliases.nix index 8445ecd..d2de58e 100644 --- a/data/aliases.nix +++ b/data/aliases.nix @@ -22,5 +22,6 @@ rec { prometheus = { port = 11112; }; prometheus-exporter = { port = 11113; }; prometheus-snmp-exporter = { port = 11114; }; + login = { address = ip.dragon; port = 11115; }; }; } @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1621135068, - "narHash": "sha256-aPJlgosfLp3QtPDFLf/N7qNpIo5Q45MpYyzlaACL2G4=", + "lastModified": 1625384440, + "narHash": "sha256-WnDK+LZioER6eeC8Sm7GPvbiS6XPyUqn+qtc2lvjLHo=", "owner": "rycee", "repo": "home-manager", - "rev": "77188bcd6e2c6c7a99253b36f08ed7b65f2901d2", + "rev": "ac319fd3149b23a3ad8ee24cb2def6e67acf194c", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1620983891, - "narHash": "sha256-E2OKVgGo/cUqDsrIeYGVx64b4cxgzd7+bX33NHL0rbA=", + "lastModified": 1625333638, + "narHash": "sha256-M6J9RN60XJyv6nUfDFCwnz5aVjhe8+GJnV8Q9VpdQQQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c4399b921fa7ff5f93ee10b3521b56b722ed74d8", + "rev": "41775780a0b6b32b3d32dcc32bb9bc6df809062d", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1624172050, - "narHash": "sha256-sLQEhZ6Ffjx0J1AJxHQDY4y7XWKxI/Zgm/hQJjkjZ6M=", + "lastModified": 1625176478, + "narHash": "sha256-s1RTYNKw7ySyqrZjns9Cq+Nnjpp75ePgL06pgcbIpoA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6613a30c5e3ee59753181512b4bedd4121569925", + "rev": "21b696caf392ad6fa513caf3327d0aa0430ffb72", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1621073999, - "narHash": "sha256-Cp99YreSFedcWovxNmO8g8qFYltQQJPRLfuot6Z7iGE=", + "lastModified": 1625366435, + "narHash": "sha256-29ZJQBmJ9p2IienoYXCT/qq8sf+rfOvXWfeqVLZOh0E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "83d907fd760d9ee4f49b4b7e4b1c6682f137b573", + "rev": "20887e4bbfdae3aed6bfa1f53ddf138ee325515e", "type": "github" }, "original": { diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix index 72c4549..041a2fd 100644 --- a/machines/x1-pincer.nix +++ b/machines/x1-pincer.nix @@ -7,6 +7,7 @@ let ports = { orbekk.desktop.enable = true; orbekk.thinkpad.enable = true; orbekk.simple-firewall.allowedTCPPorts = [ ports.minecraft ]; # socks proxy + orbekk.login.enable = true; networking.networkmanager.enable = true; diff --git a/modules/desktop.nix b/modules/desktop.nix index c707545..6fcc3de 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -74,6 +74,7 @@ in ledger networkmanagerapplet nix-index + nixfmt pavucontrol rofi rxvt_unicode-with-plugins @@ -99,6 +100,7 @@ in services = { avahi.enable = true; + blueman.enable = true; xserver = { enable = true; diff --git a/modules/login.nix b/modules/login.nix new file mode 100644 index 0000000..d2a6de3 --- /dev/null +++ b/modules/login.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.orbekk.login; + aliases = import ../data/aliases.nix; +in +{ + options = { + orbekk.login = { + enable = lib.mkEnableOption "Enable login server"; + loginPort = lib.mkOption { + type = lib.types.int; + default = aliases.services.login.port; + }; + loginDomain = lib.mkOption { + type = lib.types.str; + default = "login.orbekk.com"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + services.keycloak = { + enable = false; + httpPort = "8080"; + bindAddress = "127.0.0.1"; + database.type = "postgresql"; + database.passwordFile = "/opt/secret/keycloak/db_password"; + frontendUrl = "http://localhost/auth"; + }; + + environment.systemPackages = with pkgs; [ + xmlstarlet + libtidy + jq + ]; + + # services.nginx.virtualHosts.${cfg.loginDomain} = { + # enableACME = true; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://127.0.0.1:${toString cfg.loginPort}"; + # proxyWebsockets = true; + # }; + # }; + }; +} |