diff --git a/modules/nixos/common-settings/auth.nix b/modules/nixos/common-settings/auth.nix index 2fae197..11667df 100644 --- a/modules/nixos/common-settings/auth.nix +++ b/modules/nixos/common-settings/auth.nix @@ -22,6 +22,7 @@ in config = mkIf cfg.enable { services.kanidm = { + package = pkgs.kanidm_1_5; enableClient = true; clientSettings = { uri = "https://${idpUrl}"; @@ -37,6 +38,7 @@ in enable = true; authorizedKeysCommand = "/etc/ssh/auth %u"; authorizedKeysCommandUser = "kanidm-ssh-runner"; + openFirewall = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; diff --git a/modules/nixos/kanidm-client.nix b/modules/nixos/kanidm-client.nix index 881d48b..24e006a 100644 --- a/modules/nixos/kanidm-client.nix +++ b/modules/nixos/kanidm-client.nix @@ -38,6 +38,7 @@ in config = mkIf cfg.enable { services.kanidm = mkMerge [ (mkIf cfg.enable { + package = pkgs.kanidm_1_5; enableClient = true; clientSettings = { uri = cfg.uri; diff --git a/modules/nixos/monitor/default.nix b/modules/nixos/monitor/default.nix index 5b9d31a..c13c8a6 100644 --- a/modules/nixos/monitor/default.nix +++ b/modules/nixos/monitor/default.nix @@ -119,12 +119,9 @@ in name = "ntfy"; webhook_configs = [ { - url = "${ntfyUrl}/prometheus-alerts?tpl=yes&m=${lib.escapeURL '' - {{range .alerts}}{{ if eq .status "resolved" }}✅{{ else }}{{ if eq .status "firing" }}🔥{{end}}{{end}}{{.labels.alertname}} - {{.annotations.summary}} - {{end}}''}"; + url = "${ntfyUrl}/prometheus-alerts?tpl=yes&m=%7B%7Brange%20.alerts%7D%7D%7B%7B%20if%20eq%20.status%20%22resolved%22%20%7D%7D%E2%9C%85%7B%7B%20else%20%7D%7D%7B%7B%20if%20eq%20.status%20%22firing%22%20%7D%7D%F0%9F%94%A5%7B%7Bend%7D%7D%7B%7Bend%7D%7D%7B%7B.labels.alertname%7D%7D%0A%7B%7B.annotations.summary%7D%7D%0A%7B%7Bend%7D%7D"; send_resolved = true; - max_alerts = 5; + max_alerts = 10; } ]; }