all repos — nixfiles @ 06af30708d8b6bf0362a890d7cd4c96b606e5818

System and user configuration, managed by nix and home-manager

remove dex setup (replaced with rauthy)

Alan Pearce
commit

06af30708d8b6bf0362a890d7cd4c96b606e5818

parent

f105e9e2b7e55d9feebaed2a21e9cbf734292895

3 files changed, 0 insertions(+), 66 deletions(-)

changed files
D secrets/dex.age

Not showing binary file.

M secrets/secrets.nixsecrets/secrets.nix
@@ -20,7 +20,6 @@ binarycache = [ linde ];
     forgejo-actions-runner = [ linde ];
     paperless = [ linde ];
     powerdns = [ linde ];
-    dex = [ linde ];
     golink = [ linde ];
     photoprism = [ linde ];
     cifs-photoprism = [ linde ];
M system/linde.nixsystem/linde.nix
@@ -42,7 +42,6 @@ symlink = false;
       };
     acme.file = ../secrets/acme.age;
     binarycache.file = ../secrets/binarycache.age;
-    dex.file = ../secrets/dex.age;
     powerdns.file = ../secrets/powerdns.age;
     redis-website.file = ../secrets/redis-website.age;
     cifs-paperless.file = ../secrets/cifs-paperless.age;

@@ -560,13 +559,6 @@ encode zstd gzip
             reverse_proxy http://127.0.0.1:8080
           '';
         };
-        "id.alanpearce.eu" = {
-          extraConfig = ''
-            encode zstd gzip
-            ${security-headers {}}
-            reverse_proxy http://${config.services.dex.settings.web.http}
-          '';
-        };
         "files.${domain}" = {
           extraConfig = ''
             encode zstd gzip

@@ -863,63 +855,6 @@ };
         };
         system.stateVersion = "24.11";
       };
-    };
-
-  users.users.dex = {
-    home = "/var/lib/dex";
-    createHome = true;
-    isSystemUser = true;
-    group = "dex";
-  };
-  users.groups.dex = { };
-  services.dex =
-    let
-      issuer = "https://id.alanpearce.eu/";
-    in
-    {
-      enable = true;
-      environmentFile = config.age.secrets.dex.path;
-      settings = {
-        inherit issuer;
-        storage = {
-          type = "sqlite3";
-          config.file = "/var/lib/dex/storage.sqlite";
-        };
-        web.http = "127.0.0.1:5556";
-        connectors = [{
-          type = "github";
-          id = "github";
-          name = "GitHub";
-          config = {
-            clientID = "$GITHUB_CLIENT_ID";
-            clientSecret = "$GITHUB_CLIENT_SECRET";
-            redirectURI = "${issuer}callback";
-            orgs = [{
-              name = "i-am-alin";
-            }];
-            teamNameField = "slug";
-            useLoginAsID = true;
-          };
-        }];
-        staticClients = [
-          {
-            name = "Tailscale";
-            id = "oCaiv7aije1thaep0eib";
-            secretEnv = "TAILSCALE_CLIENT_SECRET";
-            redirectURIs = [ "https://login.tailscale.com/a/oauth_response" ];
-          }
-        ];
-      };
-    };
-  systemd.services.dex.serviceConfig =
-    let
-      user = config.users.users.dex;
-    in
-    {
-      ReadWritePaths = [ user.home ];
-      DynamicUser = lib.mkForce false;
-      User = user.name;
-      Group = user.group;
     };
 
   users.groups.rauthy = { };