From e272f2ba68e1d754e6b228bf6bea705e202f395a Mon Sep 17 00:00:00 2001
From: jolheiser <john.olheiser@gmail.com>
Date: Tue, 27 Feb 2024 21:58:16 -0600
Subject: [PATCH] wip: dex

Signed-off-by: jolheiser <john.olheiser@gmail.com>
---
 machines/dragonwell/default.nix |   2 +-
 machines/dragonwell/dex.nix     |  24 ++++++++++++++++++++++++
 secrets/personal/dex.age        | Bin 0 -> 562 bytes
 secrets/secrets.nix             |   1 +
 4 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 machines/dragonwell/dex.nix
 create mode 100644 secrets/personal/dex.age

diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix
index 14d13f6..dc6edda 100644
--- a/machines/dragonwell/default.nix
+++ b/machines/dragonwell/default.nix
@@ -2,7 +2,7 @@ let
   username = "jolheiser";
   key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
 in {
-  imports = [./caddy.nix ./golink.nix ./gotosocial.nix ./restic.nix ./ugit.nix ./hardware.nix];
+  imports = [./caddy.nix ./dex.nix ./golink.nix ./gotosocial.nix ./restic.nix ./ugit.nix ./hardware.nix];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
diff --git a/machines/dragonwell/dex.nix b/machines/dragonwell/dex.nix
new file mode 100644
index 0000000..fa89dc6
--- /dev/null
+++ b/machines/dragonwell/dex.nix
@@ -0,0 +1,24 @@
+{config, ...}: {
+  age.secrets.dex.file = ../../secrets/personal/dex.age;
+  services.dex = {
+    enable = true;
+    settings = {
+      issuer = "https://auth.jolheiser.com";
+      storage = {
+        type = "sqlite3";
+        config.file = "/var/lib/dex/dex.db";
+      };
+      web.http = "localhost:2884";
+      enablePasswordDB = true;
+      staticPasswords = [
+        {
+          email = "john@jolheiser.com";
+          hash = "$DEX_JOLHEISER_HASH";
+          username = "jolheiser";
+          userID = "$DEX_JOLHEISER_UID";
+        }
+      ];
+    };
+    environmentFile = config.age.secrets.dex.path;
+  };
+}
diff --git a/secrets/personal/dex.age b/secrets/personal/dex.age
new file mode 100644
index 0000000000000000000000000000000000000000..8fa15a49fe2282ea27c85c2d201940a9fafde92d
GIT binary patch
literal 562
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT4wa7BlPgf`|sB(5q
zGBNSD2zSZ#a4Yb4%T5Y(GBV0_a}7xiF7@@$E;5R8&QA04DCR25FUiP{aC0xH@;8YH
zPc$*n&d$hBF|F_k_A5_zb&K>gHH)fDNiWp52t>Cn&DgNi&ru=3$t2M~%_B0uyv!>y
z+sw$(xH2%w)W6EoGr1zK)VoAm-@wV&wICwQAe*Zyz`dl@xF{{M$kf|B#~{hTEXY$o
zEF#CLtkBEf%U54pJJ8E4%P-F(Hxgu<d4+F~mu`AdYGQG!LVljUpOLQ<S8||9u#=Bp
zRbHvHg;!KbsilWSsdJEFcA{}wN_kR2fOm0$r$uOCL717pyP2z*i$_>cplhm^TV7yU
za%y5y7FW7kqJObhK#^CjBbTnOu0lz!i?L~5d19$Ym41#zNm+1qR$#Jupj)7!cDQdy
zdYG|MWLjoap`nvWB$veZ!|z`)IBi=jV7KzY--R#vZeGZcZ-{CRuA9QX^|beMpT(+%
zN`>*C50vywmVFYk!Q!-HcHfLit7k4f!xPiJ-a+*mZ^;af)U7QpsqrN;+c*75JbCKp
zxm_EqUwZa)-IiSVv(P@<PxTEud&3dN=aS8_T09&~pWT%!n5s&?w2Hg>PIo-7J5S<D
q;);hW^$z5=_^dp<tufG8$8FKx8uMa<CB`DLdlWjKPS5=FWCZ|cpUuwz

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index a38e355..cdffc0f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -21,4 +21,5 @@ in {
   "personal/restic-env.age".publicKeys = [jolheiser dragonwell];
   "personal/restic-pass.age".publicKeys = [jolheiser dragonwell];
   "personal/restic-repo.age".publicKeys = [jolheiser dragonwell];
+  "personal/dex.age".publicKeys = [jolheiser dragonwell];
 }