authelia/invoiceplane: get working setup

This commit is contained in:
Benjamin Yule Bädorf 2024-04-06 02:36:58 +02:00
parent 9578d0fa1a
commit e79b99e3ed
Signed by: b12f
GPG key ID: 729956E1124F8F26
10 changed files with 234 additions and 187 deletions

View file

@ -3,17 +3,17 @@
"adblock-unbound": { "adblock-unbound": {
"inputs": { "inputs": {
"adblockStevenBlack": "adblockStevenBlack", "adblockStevenBlack": "adblockStevenBlack",
"flake-utils": "flake-utils", "lancache-domains": "lancache-domains",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1688055723, "lastModified": 1704832551,
"narHash": "sha256-8WtkSAr4qYA3o6kiOCESK3rHJmIsa6TMBrT3/Cbfvro=", "narHash": "sha256-6xS/ANMIh3b4Ia3Ubl9rtb3LVw9QldihnP3IvuG9zwQ=",
"owner": "MayNiklas", "owner": "MayNiklas",
"repo": "nixos-adblock-unbound", "repo": "nixos-adblock-unbound",
"rev": "9356ccd526fdcf91bfee7f0ebebae831349d43cc", "rev": "a5d3731836b1c2ca65834e07be03c02daca5b434",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -41,16 +41,18 @@
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1682101079, "lastModified": 1712079060,
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=", "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447", "rev": "1381a759b205dff7a6818733118d02253340fd5e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -59,6 +61,22 @@
"type": "github" "type": "github"
} }
}, },
"authelia-438": {
"locked": {
"lastModified": 1712072300,
"narHash": "sha256-ktLwXde5fBdpjbzq0oVDJmXoc1PA42OVSfY5922gLgI=",
"owner": "nicomem",
"repo": "nixpkgs",
"rev": "3fcf0a77415c55b0a2e40e45543bd722139d1dc1",
"type": "github"
},
"original": {
"owner": "nicomem",
"ref": "authelia-4.38",
"repo": "nixpkgs",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -67,11 +85,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696360011, "lastModified": 1700795494,
"narHash": "sha256-HpPv27qMuPou4acXcZ8Klm7Zt0Elv9dgDvSJaomWb9Y=", "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "8b6ea26d5d2e8359d06278364f41fbc4b903b28a", "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -85,7 +103,7 @@
"inputs": { "inputs": {
"devshell": "devshell", "devshell": "devshell",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
@ -113,11 +131,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1695052866, "lastModified": 1711973905,
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", "narHash": "sha256-UFKME/N1pbUtn+2Aqnk+agUt8CekbpuqwzljivfIme8=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", "rev": "88b3059b020da69cbe16526b8d639bd5e0b51c8b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -170,11 +188,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1696426674,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -188,11 +206,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1693611461, "lastModified": 1712014858,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -205,6 +223,24 @@
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": { "locked": {
"lastModified": 1709336216, "lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
@ -220,21 +256,6 @@
} }
}, },
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -250,6 +271,27 @@
} }
}, },
"home-manager": { "home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -272,11 +314,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1706639736, "lastModified": 1708968331,
"narHash": "sha256-CaG4j9+UwBDfinxxvJMo6yOonSmSo0ZgnbD7aj2Put0=", "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "cd13c2917eaa68e4c49fea0ff9cada45440d7045", "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -285,14 +327,51 @@
"type": "github" "type": "github"
} }
}, },
"invoiceplane-template": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1712363499,
"narHash": "sha256-FAOmocYCC5EGaXhCyYAMRONHuWgWetZr5Wx5WC7USIU=",
"ref": "refs/heads/main",
"rev": "da49f15b23f3badfa15f11c79c0f2cb7c75be83b",
"revCount": 18,
"type": "git",
"url": "ssh://gitea@git.pub.solar/b12f/invoiceplane-templates"
},
"original": {
"type": "git",
"url": "ssh://gitea@git.pub.solar/b12f/invoiceplane-templates"
}
},
"lancache-domains": {
"flake": false,
"locked": {
"lastModified": 1679999806,
"narHash": "sha256-oDZ2pSf8IgofRS4HaRppGcd4kHQj48AC9dkS++avYy8=",
"owner": "uklans",
"repo": "cache-domains",
"rev": "31b2ba1e0a7c419327cb97f589b508d78b9aecbf",
"type": "github"
},
"original": {
"owner": "uklans",
"repo": "cache-domains",
"type": "github"
}
},
"mobile-nixos": { "mobile-nixos": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696124168, "lastModified": 1711757427,
"narHash": "sha256-EzGHYAR7rozQQLZEHbKEcb5VpUFGoxwEsM0OWfW4wqU=", "narHash": "sha256-PqHK0J9YCRKlxpJp+UG+/xpwfIQRPVUPspvbbP3FB2M=",
"owner": "nixos", "owner": "nixos",
"repo": "mobile-nixos", "repo": "mobile-nixos",
"rev": "7cee346c3f8e73b25b1cfbf7a086a7652c11e0f3", "rev": "f7087f8fdbd1309af315ef8c92345320aadc5edf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -306,11 +385,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1690426816, "lastModified": 1712254133,
"narHash": "sha256-vvOrLE6LlBVYigA1gSrlkknFwfuq9qmLA4h6ubiJ22g=", "narHash": "sha256-fwuWrAprqoA4fUrkZGVb6PjRpebm5xjNsyoaw+JVSyY=",
"owner": "musnix", "owner": "musnix",
"repo": "musnix", "repo": "musnix",
"rev": "e651b06f8a3ac7d71486984100e8a79334da8329", "rev": "b5bcdce137b00185dce5fa578739cd52770b8794",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -321,15 +400,15 @@
}, },
"nixd": { "nixd": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1710142672, "lastModified": 1711809944,
"narHash": "sha256-MRClVDHMGXglXpSR+RflwnrY/ngePqrxOwiwoh5/BtU=", "narHash": "sha256-Z5FEXEn/5lAnGUSDIah0NRkP3RCE5sQQrms7ltvzH/8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixd", "repo": "nixd",
"rev": "eb40e5b315fafa1086f69be84918bbd9235e0a10", "rev": "bcf0de61178c4dbf1488e8417cc7e28cc5390164",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -341,11 +420,11 @@
}, },
"nixos-flake": { "nixos-flake": {
"locked": { "locked": {
"lastModified": 1692742948, "lastModified": 1711376798,
"narHash": "sha256-19LQQFGshuQNrrXZYVt+mWY0O3NbhEXeMy3MZwzYZGo=", "narHash": "sha256-37wawZGSX/dD1rn7TwFJhUdpozC2VPEQXetpfpK/D+w=",
"owner": "srid", "owner": "srid",
"repo": "nixos-flake", "repo": "nixos-flake",
"rev": "2c25190ceacdaaae7e8afbecfa87096bb499a431", "rev": "7b19503e7f8c7cc0884fc2fbd669c0cc2e05aef5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -356,11 +435,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1686838567, "lastModified": 1712324865,
"narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=", "narHash": "sha256-+BatEWd4HlMeK7Ora+gYIkarjxFVCg9oKrIeybHIIX4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89", "rev": "f3b959627bca46a9f7052b8fbc464b8323e68c2c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -388,11 +467,11 @@
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"dir": "lib", "dir": "lib",
"lastModified": 1693471703, "lastModified": 1711703276,
"narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=", "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85", "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -404,6 +483,24 @@
} }
}, },
"nixpkgs-lib_2": { "nixpkgs-lib_2": {
"locked": {
"dir": "lib",
"lastModified": 1711703276,
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib_3": {
"locked": { "locked": {
"dir": "lib", "dir": "lib",
"lastModified": 1709237383, "lastModified": 1709237383,
@ -423,11 +520,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1711717242, "lastModified": 1712353617,
"narHash": "sha256-PW9J9sFw5DA4Fo3Cq4Soc+an6tjTS4VV2NxG6G0UMqw=", "narHash": "sha256-9KtWUwlKA7g/PERi3eYMgh+Ok+Y9QxE6WSOblpyKYcs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "824952ff6b32b0019465b139b5c76d915ec074ea", "rev": "f4089f8b1d676762db7acbb3e790ccee6d0c9da5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -439,11 +536,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1711523803, "lastModified": 1712163089,
"narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=", "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2726f127c15a4cc9810843b96cad73c7eb39e443", "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -455,11 +552,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1690272529, "lastModified": 1711703276,
"narHash": "sha256-MakzcKXEdv/I4qJUtq/k/eG+rVmyOZLnYNC2w1mB59Y=", "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ef99fa5c5ed624460217c31ac4271cfb5cb2502c", "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -487,11 +584,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1711460390, "lastModified": 1712168706,
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434", "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -526,12 +623,14 @@
"inputs": { "inputs": {
"adblock-unbound": "adblock-unbound", "adblock-unbound": "adblock-unbound",
"agenix": "agenix", "agenix": "agenix",
"authelia-438": "authelia-438",
"deno2nix": "deno2nix", "deno2nix": "deno2nix",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"home-manager": "home-manager", "home-manager": "home-manager_2",
"impermanence": "impermanence", "impermanence": "impermanence",
"invoiceplane-template": "invoiceplane-template",
"mobile-nixos": "mobile-nixos", "mobile-nixos": "mobile-nixos",
"musnix": "musnix", "musnix": "musnix",
"nixd": "nixd", "nixd": "nixd",
@ -543,13 +642,46 @@
"openstreetmap": "openstreetmap" "openstreetmap": "openstreetmap"
} }
}, },
"utils": { "systems": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1681028828,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -22,6 +22,8 @@
deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.inputs.flake-compat.follows = "flake-compat"; deploy-rs.inputs.flake-compat.follows = "flake-compat";
authelia-438.url = "github:nicomem/nixpkgs/authelia-4.38";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.nixpkgs.follows = "nixpkgs";
@ -41,6 +43,9 @@
openstreetmap.inputs.nixpkgs.follows = "nixpkgs"; openstreetmap.inputs.nixpkgs.follows = "nixpkgs";
deno2nix.url = "github:SnO2WMaN/deno2nix"; deno2nix.url = "github:SnO2WMaN/deno2nix";
invoiceplane-template.url = "git+ssh://gitea@git.pub.solar/b12f/invoiceplane-templates";
invoiceplane-template.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs@{ self, ... }: outputs = inputs@{ self, ... }:
@ -68,6 +73,7 @@
overlays = with inputs; [ overlays = with inputs; [
agenix.overlays.default agenix.overlays.default
nixd.overlays.default nixd.overlays.default
invoiceplane-template.overlays.default
]; ];
}; };
}; };

View file

@ -6,7 +6,6 @@
./networking.nix ./networking.nix
./unbound.nix ./unbound.nix
./nginx.nix ./nginx.nix
./invoiceplane-proxy.nix
./wireguard.nix ./wireguard.nix
./email.nix ./email.nix
./website.nix ./website.nix

View file

@ -1,20 +0,0 @@
{
flake,
config,
pkgs,
lib,
...
}: {
security.acme.certs = {
"invoicing.b12f.io" = {};
};
services.nginx.virtualHosts = {
"invoicing.b12f.io" = {
forceSSL = true;
useACMEHost = "invoicing.b12f.io";
# This redirects to invoiceplane on pie
locations."/".proxyPass = "https://invoicing.b12f.io";
};
};
}

View file

@ -1,14 +1,22 @@
{ {
flake,
lib, lib,
config, config,
pkgs, pkgs,
flake,
... ...
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
disabledModules = [
"services/security/authelia.nix"
];
imports = [
"${flake.inputs.authelia-438}/nixos/modules/services/security/authelia.nix"
];
age.secrets."authelia-storage-encryption-key" = { age.secrets."authelia-storage-encryption-key" = {
file = "${flake.self}/secrets/authelia-storage-encryption-key.age"; file = "${flake.self}/secrets/authelia-storage-encryption-key.age";
mode = "400"; mode = "400";
@ -70,6 +78,7 @@ in {
server = { server = {
port = 9092; port = 9092;
host = "127.0.0.1"; host = "127.0.0.1";
endpoints.authz.auth-request.implementation = "AuthRequest";
}; };
authentication_backend = { authentication_backend = {
refresh_interval = "disable"; refresh_interval = "disable";
@ -84,11 +93,9 @@ in {
totp.issuer = "auth.b12f.io"; totp.issuer = "auth.b12f.io";
storage.local.path = "/var/lib/authelia-b12f/db.sqlite3"; storage.local.path = "/var/lib/authelia-b12f/db.sqlite3";
access_control.default_policy = "two_factor"; access_control.default_policy = "two_factor";
session = { session.cookies = [
domain = "auth.b12f.io"; { domain = "b12f.io"; authelia_url = "https://auth.b12f.io"; }
# authelia_url = "https://auth.b12f.io"; ];
};
notifier.disable_startup_check = true;
notifier.smtp = { notifier.smtp = {
host = "mail.b12f.io"; host = "mail.b12f.io";
port = 587; port = 587;

View file

@ -28,11 +28,6 @@ in {
"invoicing.b12f.io" = { "invoicing.b12f.io" = {
forceSSL = true; forceSSL = true;
useACMEHost = "invoicing.b12f.io"; useACMEHost = "invoicing.b12f.io";
extraConfig = "include /etc/nginx/conf-available/authelia-location.conf;";
locations."/".extraConfig = ''
include /etc/nginx/conf-available/proxy.conf;
include /etc/nginx/conf-available/authelia-authrequest.conf;
'';
}; };
}; };
@ -49,6 +44,8 @@ in {
createLocally = false; createLocally = false;
}; };
invoiceTemplates = [ pkgs.invoiceplane-template ];
extraConfig = '' extraConfig = ''
SETUP_COMPLETED=true SETUP_COMPLETED=true
DISABLE_SETUP=true DISABLE_SETUP=true

View file

@ -1,12 +1,7 @@
## Headers ## Headers
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri; proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-URI $request_uri; proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
## Basic Proxy Configuration ## Basic Proxy Configuration
client_body_buffer_size 128k; client_body_buffer_size 128k;
@ -21,7 +16,7 @@ proxy_buffers 64 256k;
## Please read the following documentation before configuring this: ## Please read the following documentation before configuring this:
## https://www.authelia.com/integration/proxies/nginx/#trusted-proxies ## https://www.authelia.com/integration/proxies/nginx/#trusted-proxies
set_real_ip_from 10.13.12.0/24; set_real_ip_from 10.13.12.0/24;
set_real_ip_from fc00::/7; set_real_ip_from fd00:b12f:acab:1312:acab::/80;
real_ip_header X-Forwarded-For; real_ip_header X-Forwarded-For;
real_ip_recursive on; real_ip_recursive on;

View file

@ -42,12 +42,6 @@ in {
networking.firewall.allowedUDPPorts = [51820]; networking.firewall.allowedUDPPorts = [51820];
systemd.services.wireguard-wg-tunnel = { systemd.services.wireguard-wg-tunnel = {
after = [
"network.target"
"network-online.target"
"nss-lookup.target"
];
wants = [ wants = [
"wireguard-wg-private.service" "wireguard-wg-private.service"
]; ];

View file

@ -9,15 +9,18 @@
nixpkgs.overlays = [ nixpkgs.overlays = [
inputs.deno2nix.overlays.default inputs.deno2nix.overlays.default
inputs.nixd.overlays.default inputs.nixd.overlays.default
inputs.invoiceplane-template.overlays.default
(final: prev: let (final: prev: let
unstable = import inputs.nixpkgs-unstable { system = prev.system; }; unstable = import inputs.nixpkgs-unstable { system = prev.system; };
master = import inputs.nixpkgs-master { system = prev.system; }; master = import inputs.nixpkgs-master { system = prev.system; };
authelia-438 = import inputs.authelia-438 { system = prev.system; };
in { in {
factorio-headless = master.factorio-headless; factorio-headless = master.factorio-headless;
paperless-ngx = master.paperless-ngx; paperless-ngx = unstable.paperless-ngx;
waybar = master.waybar; waybar = master.waybar;
ungoogled-chromium = master.ungoogled-chromium; ungoogled-chromium = master.ungoogled-chromium;
authelia = authelia-438.authelia;
adlist = inputs.adblock-unbound.packages.${prev.system}; adlist = inputs.adblock-unbound.packages.${prev.system};
@ -38,11 +41,11 @@
vimPlugins = prev.vimPlugins // {inherit (unstable.vimPlugins) nvim-lspconfig;}; vimPlugins = prev.vimPlugins // {inherit (unstable.vimPlugins) nvim-lspconfig;};
}) })
(import ./element-desktop.nix)
(import ../pkgs) (import ../pkgs)
(import ./blesh.nix) (import ./blesh.nix)
(import ./rnix-lsp.nix) (import ./rnix-lsp.nix)
(import ./neovim-plugins.nix) (import ./neovim-plugins.nix)
(import ./element-desktop.nix)
(final: prev: { (final: prev: {
b12f-io = prev.stdenv.mkDerivation { b12f-io = prev.stdenv.mkDerivation {

View file

@ -1,66 +0,0 @@
{
lib,
buildGoModule,
fetchFromGitHub,
vendorSha256 ? ""
}:
with lib;
let
plugins = [
"github.com/mholt/caddy-events-exec"
];
imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n");
main = ''
package main
import (
caddycmd "github.com/caddyserver/caddy/v2/cmd"
_ "github.com/caddyserver/caddy/v2/modules/standard"
${imports}
)
func main() {
caddycmd.Main()
}
'';
in buildGoModule rec {
pname = "caddy";
version = "2.6.4";
subPackages = [ "cmd/caddy" ];
src = fetchFromGitHub {
owner = "caddyserver";
repo = pname;
rev = "v${version}";
sha256 = "sha256-xNCxzoNpXkj8WF9+kYJfO18ux8/OhxygkGjA49+Q4vY=";
};
inherit vendorSha256;
overrideModAttrs = (_: {
preBuild = "echo '${main}' > cmd/caddy/main.go";
postInstall = "cp go.sum go.mod $out/ && ls $out/";
});
postPatch = ''
echo '${main}' > cmd/caddy/main.go
cat cmd/caddy/main.go
'';
postConfigure = ''
cp vendor/go.sum ./
cp vendor/go.mod ./
'';
meta = with lib; {
homepage = https://caddyserver.com;
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
license = licenses.asl20;
maintainers = with maintainers; [ rushmorem fpletz zimbatm ];
};
}