From 02ba4fa6adf353692ab01685c897ae8db8f92b22 Mon Sep 17 00:00:00 2001 From: Bereich Administration Rechentechnik Date: Wed, 29 Jan 2025 10:15:34 +0100 Subject: [PATCH] use 'real' nixos mailserver repo --- authentik.nix | 32 +++++++++++++ flake.lock | 124 +++++++++++++++++++++----------------------------- flake.nix | 2 +- 3 files changed, 86 insertions(+), 72 deletions(-) create mode 100644 authentik.nix diff --git a/authentik.nix b/authentik.nix new file mode 100644 index 0000000..8ce460d --- /dev/null +++ b/authentik.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, ... }:{ + users.groups.authentik = { }; + users.users.authentik = { + isSystemUser = true; + extraGroups = [ "docker" ]; + group = "authentik"; + }; + services.authentik = { + enable = true; + # The environmentFile needs to be on the target host! + # Best use something like sops-nix or agenix to manage it + environmentFile = "/var/lib/authentik_secret"; + settings = { + email = { + host = "mail.stura.htw-dresden.de"; + port = 25; + username = "authentik@stura.htw-dresden.de"; + use_tls = false; + use_ssl = false; + from = "authentik@stura.htw-dresden.de"; + }; + disable_startup_analytics = true; + avatars = "initials"; + }; + + nginx = { + enable = true; + enableACME = true; + host = "auth.htw.stura-dresden.de"; + }; + }; +} diff --git a/flake.lock b/flake.lock index 9a388c6..1337a66 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736445563, - "narHash": "sha256-+f1MWPtja+LRlTHJP/i/3yxmnzo2LGtZmxtJJTdAp8o=", + "lastModified": 1737810234, + "narHash": "sha256-zTS99/ZE8khNnIWFEsF21E6seR9IizGYkY19t6iK7z4=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "bf5a5bf42189ff5f468f0ff26c9296233a97eb6c", + "rev": "1fa3cbed36fb03d2f6ceab981d083af98b5c7d0f", "type": "github" }, "original": { @@ -61,11 +61,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -95,11 +95,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -116,11 +116,11 @@ ] }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -134,20 +134,20 @@ "blobs": "blobs", "flake-compat": "flake-compat_2", "nixpkgs": "nixpkgs_2", - "utils": "utils" + "nixpkgs-24_11": "nixpkgs-24_11" }, "locked": { - "lastModified": 1712828206, - "narHash": "sha256-9b+73fDYFVMph6q0jYONHyq45OCc77/6rri+EPbyFoQ=", - "owner": "GoldsteinE", - "repo": "simple-nixos-mailserver", - "rev": "a9f6b3097f6121d7bcb4170043fc5e641f8a35f9", - "type": "github" + "lastModified": 1737201600, + "narHash": "sha256-JBh5+g8oQteQdQqbO07dGHBRQo/NGI61JPlTjdfQ1pk=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "ade37b2765032f83d2d4bd50b6204a40a4c05eb4", + "type": "gitlab" }, "original": { - "owner": "GoldsteinE", - "repo": "simple-nixos-mailserver", - "type": "github" + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "type": "gitlab" } }, "napalm": { @@ -200,11 +200,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735834308, - "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", + "lastModified": 1737632463, + "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6df24922a1400241dae323af55f30e4318a6ca65", + "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", "type": "github" }, "original": { @@ -214,25 +214,40 @@ "type": "github" } }, + "nixpkgs-24_11": { + "locked": { + "lastModified": 1734083684, + "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-24.11", + "type": "indirect" + } + }, "nixpkgs-lib": { "locked": { - "lastModified": 1727825735, - "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", + "lastModified": 1735774519, + "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" } }, "nixpkgs_2": { "locked": { - "lastModified": 1709703039, - "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -243,11 +258,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1737469691, - "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", + "lastModified": 1737885589, + "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", + "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", "type": "github" }, "original": { @@ -275,11 +290,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1735164664, - "narHash": "sha256-DaWy+vo3c4TQ93tfLjUgcpPaSoDw4qV4t76Y3Mhu84I=", + "lastModified": 1736884309, + "narHash": "sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv+VX5k=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "1fb01e90771f762655be7e0e805516cd7fa4d58e", + "rev": "75d0515332b7ca269f6d7abfd2c44c47a7cbca7b", "type": "github" }, "original": { @@ -310,21 +325,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -346,24 +346,6 @@ "repo": "treefmt-nix", "type": "github" } - }, - "utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 04c71ea..f4c84dd 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,7 @@ authentik = { url = "github:nix-community/authentik-nix"; }; - mailserver.url = "github:GoldsteinE/simple-nixos-mailserver"; + mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; }; outputs = { self, nixpkgs, authentik, mailserver }: {