From 35b19d67d7afafaf70414dbd41766285abab6130 Mon Sep 17 00:00:00 2001
From: xinyangli <lixinyang411@gmail.com>
Date: Fri, 14 Feb 2025 14:33:02 +0800
Subject: [PATCH] auth: switch domain

---
 machines/calcite/configuration.nix     | 3 ++-
 modules/nixos/common-settings/auth.nix | 9 ++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix
index 1c792b3..e5a74ea 100644
--- a/machines/calcite/configuration.nix
+++ b/machines/calcite/configuration.nix
@@ -6,6 +6,7 @@
 }:
 let
   inherit (lib) mkForce getExe;
+  inherit (config.my-lib.settings) idpUrl;
 in
 {
   imports = [
@@ -223,7 +224,7 @@ in
   services.kanidm = {
     enableClient = true;
     clientSettings = {
-      uri = "https://auth.xinyang.life";
+      uri = "https://${idpUrl}";
     };
   };
 
diff --git a/modules/nixos/common-settings/auth.nix b/modules/nixos/common-settings/auth.nix
index d9739fe..2fae197 100644
--- a/modules/nixos/common-settings/auth.nix
+++ b/modules/nixos/common-settings/auth.nix
@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  my-lib,
   ...
 }:
 
@@ -12,7 +11,7 @@ let
     mkEnableOption
     ;
 
-  inherit (my-lib) idpUrl;
+  inherit (config.my-lib.settings) idpUrl;
 
   cfg = config.commonSettings.auth;
 in
@@ -25,7 +24,7 @@ in
     services.kanidm = {
       enableClient = true;
       clientSettings = {
-        uri = "https://auth.xinyang.life";
+        uri = "https://${idpUrl}";
       };
       enablePam = true;
       unixSettings = {
@@ -48,11 +47,11 @@ in
     environment.etc."ssh/auth" = {
       mode = "0555";
       text = ''
-        #!${pkgs.stdenv.shell}
+        #!/bin/sh
         ${pkgs.kanidm}/bin/kanidm_ssh_authorizedkeys $1
       '';
     };
-    users.groups.wheel.members = [ "xin@auth.xinyang.life" ];
+    users.groups.wheel.members = [ "xin@${idpUrl}" ];
     users.groups.kanidm-ssh-runner = { };
     users.users.kanidm-ssh-runner = {
       isSystemUser = true;