Compare commits

..

2 commits

Author SHA1 Message Date
Tristan Daniël Maat aef71f548a
WIP: authelia: Add SSO 2024-06-14 01:01:39 +02:00
Tristan Daniël Maat 501c3466bc
Update to NixOS 24.05 2024-06-14 00:49:12 +02:00
4 changed files with 16 additions and 11 deletions

View file

@ -132,7 +132,10 @@
sudo.execWheelOnly = true; sudo.execWheelOnly = true;
pam = { pam = {
enableSSHAgentAuth = true; sshAgentAuth = {
enable = true;
authorizedKeysFiles = ["/etc/ssh/authorized_keys.d/%u"];
};
services.sudo.sshAgentAuth = true; services.sudo.sshAgentAuth = true;
}; };
}; };

View file

@ -3,6 +3,9 @@
config, config,
... ...
}: let }: let
# Update pending on rewrite of nextcloud news, though there is an
# alpha to switch to if it becomes necessary:
# https://github.com/nextcloud/news/issues/2610
nextcloud = pkgs.nextcloud27; nextcloud = pkgs.nextcloud27;
hostName = "nextcloud.${config.services.nginx.domain}"; hostName = "nextcloud.${config.services.nginx.domain}";
in { in {
@ -17,15 +20,16 @@ in {
configureRedis = true; configureRedis = true;
config = { config = {
overwriteProtocol = "https";
dbtype = "pgsql"; dbtype = "pgsql";
dbhost = "/run/postgresql"; dbhost = "/run/postgresql";
adminuser = "tlater"; adminuser = "tlater";
adminpassFile = config.sops.secrets."nextcloud/tlater".path; adminpassFile = config.sops.secrets."nextcloud/tlater".path;
};
defaultPhoneRegion = "AT"; settings = {
default_phone_region = "AT";
overwriteprotocol = "https";
}; };
phpOptions = { phpOptions = {
@ -37,8 +41,6 @@ in {
}; };
}; };
services.redis.vmOverCommit = true;
# Ensure that this service doesn't start before postgres is ready # Ensure that this service doesn't start before postgres is ready
systemd.services.nextcloud-setup.after = ["postgresql.service"]; systemd.services.nextcloud-setup.after = ["postgresql.service"];

View file

@ -242,16 +242,16 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1714272655, "lastModified": 1718208800,
"narHash": "sha256-3/ghIWCve93ngkx5eNPdHIKJP/pMzSr5Wc4rNKE1wOc=", "narHash": "sha256-US1tAChvPxT52RV8GksWZS415tTS7PV42KTc2PNDBmc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "12430e43bd9b81a6b4e79e64f87c624ade701eaf", "rev": "cc54fb41d13736e92229c21627ea4f22199fee6b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-23.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

View file

@ -2,7 +2,7 @@
description = "tlater.net host configuration"; description = "tlater.net host configuration";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
disko = { disko = {
url = "github:nix-community/disko"; url = "github:nix-community/disko";