remove dex setup (replaced with rauthy)
1 file changed, 0 insertions(+), 65 deletions(-)
changed files
M system/linde.nix → system/linde.nix
@@ -42,7 +42,6 @@ symlink = false; }; acme.file = ../secrets/acme.age; binarycache.file = ../secrets/binarycache.age; - dex.file = ../secrets/dex.age; powerdns.file = ../secrets/powerdns.age; redis-website.file = ../secrets/redis-website.age; cifs-paperless.file = ../secrets/cifs-paperless.age;@@ -560,13 +559,6 @@ encode zstd gzip reverse_proxy http://127.0.0.1:8080 ''; }; - "id.alanpearce.eu" = { - extraConfig = '' - encode zstd gzip - ${security-headers {}} - reverse_proxy http://${config.services.dex.settings.web.http} - ''; - }; "files.${domain}" = { extraConfig = '' encode zstd gzip@@ -863,63 +855,6 @@ }; }; system.stateVersion = "24.11"; }; - }; - - users.users.dex = { - home = "/var/lib/dex"; - createHome = true; - isSystemUser = true; - group = "dex"; - }; - users.groups.dex = { }; - services.dex = - let - issuer = "https://id.alanpearce.eu/"; - in - { - enable = true; - environmentFile = config.age.secrets.dex.path; - settings = { - inherit issuer; - storage = { - type = "sqlite3"; - config.file = "/var/lib/dex/storage.sqlite"; - }; - web.http = "127.0.0.1:5556"; - connectors = [{ - type = "github"; - id = "github"; - name = "GitHub"; - config = { - clientID = "$GITHUB_CLIENT_ID"; - clientSecret = "$GITHUB_CLIENT_SECRET"; - redirectURI = "${issuer}callback"; - orgs = [{ - name = "i-am-alin"; - }]; - teamNameField = "slug"; - useLoginAsID = true; - }; - }]; - staticClients = [ - { - name = "Tailscale"; - id = "oCaiv7aije1thaep0eib"; - secretEnv = "TAILSCALE_CLIENT_SECRET"; - redirectURIs = [ "https://login.tailscale.com/a/oauth_response" ]; - } - ]; - }; - }; - systemd.services.dex.serviceConfig = - let - user = config.users.users.dex; - in - { - ReadWritePaths = [ user.home ]; - DynamicUser = lib.mkForce false; - User = user.name; - Group = user.group; }; users.groups.rauthy = { };