From 62e97d324a1ad86b4151ee69a5141aa245712d78 Mon Sep 17 00:00:00 2001 From: arcnmx Date: Tue, 14 Mar 2023 17:25:37 -0700 Subject: [PATCH] flake update --- flake.lock | 121 +++++++++++++------------- nixos/systems/tewi/home-assistant.nix | 2 +- nixos/systems/tewi/kanidm.nix | 19 +++- 3 files changed, 80 insertions(+), 62 deletions(-) diff --git a/flake.lock b/flake.lock index f67e9218..36655d06 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "arcexprs": { "flake": false, "locked": { - "lastModified": 1667597026, - "narHash": "sha256-XHtUQKU+w+m2/DPVlB8fmUKtSIarv/n0wOGwho/ZuCo=", + "lastModified": 1678638160, + "narHash": "sha256-ebcCqd4cPhrvymQanuJm6F1s9WsKBGyxqVOqFXr2zpk=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "a00aaa69de023da7f1429a2bd3081b1f5400118b", + "rev": "9094de8bbb2cf5139e1c5dc8f0a9ca999c2687ca", "type": "github" }, "original": { @@ -20,11 +20,11 @@ "ci": { "flake": false, "locked": { - "lastModified": 1667599669, - "narHash": "sha256-0/PsJ5UoJ4Xa74vu25xoUO07JxHfK6pLhnjEglsWvFA=", + "lastModified": 1668974663, + "narHash": "sha256-HnZEJNJfXAVJsk/0r5NB/vPmQ5aj7OMiEBFnJrV8LIU=", "owner": "arcnmx", "repo": "ci", - "rev": "bfb73a0a2f7daeca40f8ee73506b1c5b5b5d53dc", + "rev": "21b6f5f3bfafb1fc41c01d151be1b7515f83a1af", "type": "github" }, "original": { @@ -41,11 +41,11 @@ ] }, "locked": { - "lastModified": 1667419884, - "narHash": "sha256-oLNw87ZI5NxTMlNQBv1wG2N27CUzo9admaFlnmavpiY=", + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "cfc0125eafadc9569d3d6a16ee928375b77e3100", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", "type": "github" }, "original": { @@ -75,11 +75,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1662645711, - "narHash": "sha256-XKpPCtECGZQ5bFPPDUX3oAltXOJNwAI/OktxiLnADRE=", + "lastModified": 1676839496, + "narHash": "sha256-1Ay9zi0u1lycmEeFqIxr0RWH+JvH9BnzgRzkPeWEAYY=", "owner": "doomemacs", "repo": "snippets", - "rev": "03a62fe7edf7e87fdbd925713fbd3bf292d14b00", + "rev": "fe4003014ae00b866f117cb193f711fd9d72fd11", "type": "github" }, "original": { @@ -91,16 +91,17 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1667507825, - "narHash": "sha256-Tss8NXLO5HIqcY+v+lMy/tcdBKNwKxW5Lb4PkuS5rmY=", + "lastModified": 1676366521, + "narHash": "sha256-i4UAY8t9Au9SJtsgYppa3NHSVf1YkV6yqnNIQd+Km4g=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "ccefa5f7ddbb036656d8617ed2862fe057d60fb4", + "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", "type": "github" }, "original": { "owner": "nix-community", "repo": "emacs-overlay", + "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", "type": "github" } }, @@ -203,11 +204,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -219,11 +220,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -234,11 +235,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -272,11 +273,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1671209729, - "narHash": "sha256-zxn1eA/rMi2DOx43V7q87bGaDzvL7CMVY/Ti7lJ92DQ=", + "lastModified": 1678729503, + "narHash": "sha256-j+h4Bdqbe+qjzhxdhkRmVgSx2lxJ8HnKeYcAhhnd1zM=", "owner": "nix-community", "repo": "home-manager", - "rev": "7d55a72d4c1df694e87a41a7e6c9a7b6e9a40ca3", + "rev": "24c1a6335e3da6a3ecf82f33ac50c2ad66aee346", "type": "github" }, "original": { @@ -343,11 +344,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1667731647, - "narHash": "sha256-E/Y5yxX8u0RlLt07PJoQ+QAYMbbL19WayLU/SJDtnMw=", + "lastModified": 1678412173, + "narHash": "sha256-6JVSsVwXQcIGZAaZsExsR1TLRBvSw1hOqUH3dLSLn4M=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "c38ccd08345f58001cac2c2578e71d3f29b59bc0", + "rev": "4b836ed0756534228ef73e53f0c7ae5bf26ce82b", "type": "github" }, "original": { @@ -374,11 +375,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1667629849, - "narHash": "sha256-P+v+nDOFWicM4wziFK9S/ajF2lc0N2Rg9p6Y35uMoZI=", + "lastModified": 1678654296, + "narHash": "sha256-aVfw3ThpY7vkUeF1rFy10NAkpKDS2imj3IakrzT0Occ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3bacde6273b09a21a8ccfba15586fb165078fb62", + "rev": "5a1dc8acd977ff3dccd1328b7c4a6995429a656b", "type": "github" }, "original": { @@ -390,11 +391,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1677948530, - "narHash": "sha256-BkQjq8AGHD55RJe4PUnrWRZZ8jS64p/k0bGDck5wKwY=", + "lastModified": 1678582009, + "narHash": "sha256-J8QzUOOv3/y97q19pGOz28gLC3lAUy1c4bWpsi5D460=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d51554151a91cd4543a7620843cc378e3cbc767e", + "rev": "c34fc09c77172c4189df4594a0749e25a23cdd9b", "type": "github" }, "original": { @@ -422,11 +423,11 @@ }, "nur": { "locked": { - "lastModified": 1667742561, - "narHash": "sha256-lhNo7sk3eqq9SOABZYBECXlP552B1wgsLEGSQkWMM1M=", + "lastModified": 1678820117, + "narHash": "sha256-miIXtoDhKU7uE8uzNNaRlfWjrOAbzzRKbzDUn2RZRuU=", "owner": "nix-community", "repo": "nur", - "rev": "8aab177dc76d9b2cffe23720567ad81aaae13052", + "rev": "bfbdf0ac425e2874211a731a80ee045ca8d848b1", "type": "github" }, "original": { @@ -455,11 +456,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1666586252, - "narHash": "sha256-cwYEMnsv8kreTPKslM2yz59I4zm331w4WU4OHGzcslc=", + "lastModified": 1678194588, + "narHash": "sha256-sN/UYf5pQWOtHEw+IlVrEey3cmitudch7InCzqw3jXI=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "48b237d9e21a4edf528d4bd1ed99d1f3757e4931", + "rev": "8589de94d8a44cd566eb3fe128f8091d7e958ee9", "type": "github" }, "original": { @@ -471,11 +472,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1664301003, - "narHash": "sha256-8CAq/EB52RMQHNLZM0uc/1N5gKTfxGhf7WFt9sMKoD8=", + "lastModified": 1675694242, + "narHash": "sha256-4Fn33CTVTCqh5TyVAggSr8Fm8/hB8Xgl+hkxh3WCrI8=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "aa104c0bbc3113f6d3d167b20bd8d6bf6a285f0f", + "rev": "fff6c888065588527b1c1d7dd7e41c29ef767e17", "type": "github" }, "original": { @@ -519,11 +520,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1665992801, - "narHash": "sha256-bqNgaBT6WPfumhdG1VPZ6ngn0QA9RDuVtVJtVwxbOd4=", + "lastModified": 1678242855, + "narHash": "sha256-T9btOHiOdvhC1JijcfGOBc84miAbEb7CWd1Wvzae5m8=", "owner": "hakimel", "repo": "reveal.js", - "rev": "f6f657b627f9703e32414d8d3f16fb49d41031cb", + "rev": "724c4fee274914dd2d997b7584cf603c44e96c72", "type": "github" }, "original": { @@ -589,11 +590,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1678440572, - "narHash": "sha256-zfL09Yy6H7QQwfacCPL0gOfWpVkTbE5jXJh5oZmGf8g=", + "lastModified": 1678590185, + "narHash": "sha256-scvu8HegWwbcvPKjh6M1DnpPYAv4EnP1krsRPItoQ+E=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1568702de0d2488c1e77011a9044de7fadec80c4", + "rev": "9e98f7a442b0e318de9cce757675c2ab922bdf2b", "type": "github" }, "original": { @@ -605,11 +606,11 @@ "tf-nix": { "flake": false, "locked": { - "lastModified": 1670125422, - "narHash": "sha256-7QuCX4vGl58k3jzGkeHEI4aeSbcOKueb4U5RyZHulM8=", + "lastModified": 1678722496, + "narHash": "sha256-akpjWk90RYLKGtoE48bjJz3TGBneymL7saOhM6SzaXk=", "owner": "arcnmx", "repo": "tf-nix", - "rev": "210f7e9c46bf8fa8f0b621f6e24adaea5a55e827", + "rev": "79e2387f3c4947277e1fdf5526135b7e7ca8125e", "type": "github" }, "original": { @@ -637,11 +638,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1663136308, - "narHash": "sha256-FI25RLoHqhcjA2qel75LVmQH4rTkKiAUR2w9QODT1XM=", + "lastModified": 1678360867, + "narHash": "sha256-aVJhKsbnJgHXDbhL8eqpnsS98zbXGWlxZBA2fpNTNJg=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "c3da5520b988720f7f6e9e5e11b60746598112e0", + "rev": "cde9c90b073c32ad6b9b53d9b42e4a03b6d5fdc2", "type": "github" }, "original": { @@ -652,11 +653,11 @@ }, "utils": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { diff --git a/nixos/systems/tewi/home-assistant.nix b/nixos/systems/tewi/home-assistant.nix index f0691a3b..2636c90c 100644 --- a/nixos/systems/tewi/home-assistant.nix +++ b/nixos/systems/tewi/home-assistant.nix @@ -146,7 +146,6 @@ in { energy = {}; group = {}; history = {}; - image = {}; input_boolean = {}; input_button = {}; input_datetime = {}; @@ -188,6 +187,7 @@ in { aiohomekit securetar getmac # for upnp integration + python-otbr-api (aiogithubapi.overrideAttrs (_: { doInstallCheck = false; })) ]; extraComponents = [ diff --git a/nixos/systems/tewi/kanidm.nix b/nixos/systems/tewi/kanidm.nix index 6064fa47..f2daecb7 100644 --- a/nixos/systems/tewi/kanidm.nix +++ b/nixos/systems/tewi/kanidm.nix @@ -1,4 +1,19 @@ -{ config, tf,... }: { +{ pkgs, config, tf,... }: let + conf = import ./snakeoil-certs.nix; + domain = conf.domain; + unencryptedCert = with pkgs; runCommand "kanidm-cert" { + domain = "id.gensokyo.zone"; + nativeBuildInputs = [ minica ]; + } '' + install -d $out + cd $out + minica \ + --ca-key ca.key.pem \ + --ca-cert ca.cert.pem \ + --domains $domain + cat $domain/cert.pem ca.cert.pem > $domain.pem + ''; +in { networks.gensokyo = { tcp = [ 8080 636 ]; }; @@ -20,6 +35,8 @@ db_fs_type = "zfs"; bindaddress = "${config.networks.tailscale.ipv4}:8080"; ldapbindaddress = "${config.networks.tailscale.ipv4}:636"; + tls_chain = "${unencryptedCert}/${unencryptedCert.domain}.pem"; + tls_key = "${unencryptedCert}/${unencryptedCert.domain}/key.pem"; }; }; }