flake update

nixos/systems/tewi/home-assistant.nix

@@ -146,7 +146,6 @@ in {
       energy = {};
       group = {};
       history = {};
-      image = {};
       input_boolean = {};
       input_button = {};
       input_datetime = {};
@@ -188,6 +187,7 @@ in {
       aiohomekit
       securetar
       getmac # for upnp integration
+      python-otbr-api
       (aiogithubapi.overrideAttrs (_: { doInstallCheck = false; }))
     ];
     extraComponents = [

nixos/systems/tewi/kanidm.nix

@@ -1,4 +1,19 @@
-{ config, tf,... }: {
+{ pkgs, config, tf,... }: let
+  conf = import ./snakeoil-certs.nix;
+  domain = conf.domain;
+  unencryptedCert = with pkgs; runCommand "kanidm-cert" {
+    domain = "id.gensokyo.zone";
+    nativeBuildInputs = [ minica ];
+  } ''
+    install -d $out
+    cd $out
+    minica \
+      --ca-key ca.key.pem \
+      --ca-cert ca.cert.pem \
+      --domains $domain
+    cat $domain/cert.pem ca.cert.pem > $domain.pem
+  '';
+in {
   networks.gensokyo = {
     tcp = [ 8080 636 ];
   };
@@ -20,6 +35,8 @@
       db_fs_type = "zfs";
       bindaddress = "${config.networks.tailscale.ipv4}:8080";
       ldapbindaddress = "${config.networks.tailscale.ipv4}:636";
+      tls_chain = "${unencryptedCert}/${unencryptedCert.domain}.pem";
+      tls_key = "${unencryptedCert}/${unencryptedCert.domain}/key.pem";
     };
   };
 }