wip: dex

Signed-off-by: jolheiser <john.olheiser@gmail.com>

machines/dragonwell/default.nix

@@ -2,7 +2,7 @@ let
   username = "jolheiser";
   key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
 in {
-  imports = [./caddy.nix ./golink.nix ./gotosocial.nix ./restic.nix ./ugit.nix ./hardware.nix];
+  imports = [./caddy.nix ./dex.nix ./golink.nix ./gotosocial.nix ./restic.nix ./ugit.nix ./hardware.nix];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;

machines/dragonwell/dex.nix

@@ -0,0 +1,24 @@
+{config, ...}: {
+  age.secrets.dex.file = ../../secrets/personal/dex.age;
+  services.dex = {
+    enable = true;
+    settings = {
+      issuer = "https://auth.jolheiser.com";
+      storage = {
+        type = "sqlite3";
+        config.file = "/var/lib/dex/dex.db";
+      };
+      web.http = "localhost:2884";
+      enablePasswordDB = true;
+      staticPasswords = [
+        {
+          email = "john@jolheiser.com";
+          hash = "$DEX_JOLHEISER_HASH";
+          username = "jolheiser";
+          userID = "$DEX_JOLHEISER_UID";
+        }
+      ];
+    };
+    environmentFile = config.age.secrets.dex.path;
+  };
+}

secrets/secrets.nix

@@ -21,4 +21,5 @@ in {
   "personal/restic-env.age".publicKeys = [jolheiser dragonwell];
   "personal/restic-pass.age".publicKeys = [jolheiser dragonwell];
   "personal/restic-repo.age".publicKeys = [jolheiser dragonwell];
+  "personal/dex.age".publicKeys = [jolheiser dragonwell];
 }