From c40e6e32555f5582d4022b31b48119e8bd9688f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jana=20D=C3=B6nszelmann?= Date: Sat, 3 Jan 2026 02:00:21 +0100 Subject: [PATCH] update flake and more pocketid --- .direnv/flake-profile | 2 +- .direnv/flake-profile-11-link | 1 - .direnv/flake-profile-12-link | 1 + fili/services/auth/default.nix | 2 -- fili/services/auth/kanidm.nix | 46 -------------------------------- fili/services/auth/pocketid.nix | 11 +++++--- fili/services/forgejo.nix | 3 ++- fili/services/media/jellyfin.nix | 2 +- fili/services/nginx.nix | 1 - flake.lock | 32 +++++++++++----------- 10 files changed, 29 insertions(+), 72 deletions(-) delete mode 120000 .direnv/flake-profile-11-link create mode 120000 .direnv/flake-profile-12-link delete mode 100644 fili/services/auth/kanidm.nix diff --git a/.direnv/flake-profile b/.direnv/flake-profile index c7ae88b..e48a077 120000 --- a/.direnv/flake-profile +++ b/.direnv/flake-profile @@ -1 +1 @@ -flake-profile-11-link \ No newline at end of file +flake-profile-12-link \ No newline at end of file diff --git a/.direnv/flake-profile-11-link b/.direnv/flake-profile-11-link deleted file mode 120000 index 2688811..0000000 --- a/.direnv/flake-profile-11-link +++ /dev/null @@ -1 +0,0 @@ -/nix/store/0r147knri9hgvgkbnqqwgmqbrsfr90w0-nix-shell-env \ No newline at end of file diff --git a/.direnv/flake-profile-12-link b/.direnv/flake-profile-12-link new file mode 120000 index 0000000..7bc9f01 --- /dev/null +++ b/.direnv/flake-profile-12-link @@ -0,0 +1 @@ +/nix/store/bkrxrlbnvzf087ch5lrbs6y00s4qy4i9-nix-shell-env \ No newline at end of file diff --git a/fili/services/auth/default.nix b/fili/services/auth/default.nix index 1717685..9aa0dea 100644 --- a/fili/services/auth/default.nix +++ b/fili/services/auth/default.nix @@ -1,8 +1,6 @@ _: { imports = [ - ./kanidm.nix ./oauth2-proxy.nix - ./pocketid.nix ]; } diff --git a/fili/services/auth/kanidm.nix b/fili/services/auth/kanidm.nix deleted file mode 100644 index 9e023e1..0000000 --- a/fili/services/auth/kanidm.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ pkgs, config, ... }: -let - lib = pkgs.lib; - domain = "auth.donsz.nl"; - port = 3013; - backupsDir = "/var/lib/kanidm/backup"; -in -{ - services.kanidm.enableServer = true; - services.kanidm.package = pkgs.kanidm_1_6; - services.kanidm.serverSettings = { - tls_chain = "/var/lib/acme/${domain}/fullchain.pem"; - tls_key = "/var/lib/acme/${domain}/key.pem"; - bindaddress = "[::1]:${toString port}"; - ldapbindaddress = "[::1]:3636"; - inherit domain; - origin = "https://${domain}"; - trust_x_forward_for = true; - - online_backup = { - path = backupsDir; - schedule = "0 0 * * *"; - }; - }; - - systemd.services.kanidm = { - preStart = lib.mkBefore '' - mkdir -p "${backupsDir}" - ''; - serviceConfig = { - SupplementaryGroups = [ config.security.acme.certs.${domain}.group ]; - }; - }; - - environment.systemPackages = [ pkgs.kanidm ]; - - services.nginx.virtualHosts.${domain} = { - forceSSL = true; - http2 = true; - enableACME = true; - - locations."/" = { - proxyPass = "https://[::1]:${toString port}"; - }; - }; -} diff --git a/fili/services/auth/pocketid.nix b/fili/services/auth/pocketid.nix index 8ce83a8..ebb9dde 100644 --- a/fili/services/auth/pocketid.nix +++ b/fili/services/auth/pocketid.nix @@ -5,7 +5,7 @@ sopsFile = ../../../secrets/pocketid.env; }; - services.nginx.virtualHosts."auth2.donsz.nl" = { + services.nginx.virtualHosts."auth.donsz.nl" = { forceSSL = true; enableACME = true; extraConfig = '' @@ -24,8 +24,9 @@ PORT = 1411; TRUST_PROXY = true; - APP_URL = "https://auth2.donsz.nl"; - ALLOW_USER_SIGNUPS = "disabled"; + APP_URL = "https://auth.donsz.nl"; + ALLOW_USER_SIGNUPS = "withToken"; + UI_CONFIG_DISABLED = true; ALLOW_OWN_ACCOUNT_EDIT = true; DB_PROVIDER = "postgres"; @@ -47,6 +48,10 @@ EMAIL_LOGIN_NOTIFICATION_ENABLED = true; EMAIL_API_KEY_EXPIRATION_ENABLED = true; EMAIL_ONE_TIME_ACCESS_AS_ADMIN_ENABLED = true; + + ACCENT_COLOR = "#c66995"; + + LOG_LEVEL = "debug"; }; }; } diff --git a/fili/services/forgejo.nix b/fili/services/forgejo.nix index d6f62bc..7a1e79c 100644 --- a/fili/services/forgejo.nix +++ b/fili/services/forgejo.nix @@ -64,8 +64,9 @@ in HTTP_PORT = 13121; }; service = { - DISABLE_REGISTRATION = true; + DISABLE_REGISTRATION = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + SHOW_REGISTRATION_BUTTON = false; ENABLE_PASSWORD_SIGNIN_FORM = false; }; diff --git a/fili/services/media/jellyfin.nix b/fili/services/media/jellyfin.nix index 18dccda..e49c3e3 100644 --- a/fili/services/media/jellyfin.nix +++ b/fili/services/media/jellyfin.nix @@ -126,7 +126,7 @@ in extraPackages = with pkgs; [ intel-ocl intel-media-driver - intel-media-sdk + # intel-media-sdk ]; }; diff --git a/fili/services/nginx.nix b/fili/services/nginx.nix index e58c7b6..819a3cb 100644 --- a/fili/services/nginx.nix +++ b/fili/services/nginx.nix @@ -19,5 +19,4 @@ security.acme.defaults.email = "jana@donsz.nl"; security.acme.acceptTerms = true; - security.acme.preliminarySelfsigned = true; } diff --git a/flake.lock b/flake.lock index 18fd076..9637052 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1755272288, - "narHash": "sha256-ypTPb2eKcOBbOoyvPV0j4ZOXs4kayo73/2KI456QnE0=", + "lastModified": 1762034856, + "narHash": "sha256-QVey3iP3UEoiFVXgypyjTvCrsIlA4ecx6Acaz5C8/PQ=", "owner": "zhaofengli", "repo": "colmena", - "rev": "5bf4ce6a24adba74a5184f4a9bef01d545a09473", + "rev": "349b035a5027f23d88eeb3bc41085d7ee29f18ed", "type": "github" }, "original": { @@ -290,11 +290,11 @@ "nixpkgs-mozilla": "nixpkgs-mozilla" }, "locked": { - "lastModified": 1767125309, - "narHash": "sha256-/L20TewrRZfUTYPEeLG1UBducFeM7N/UVvcLb2Deypg=", + "lastModified": 1767285863, + "narHash": "sha256-IZcAGuoAVgbke0Xtc6yQE+AItfFhyxjONlE9H0brHaE=", "ref": "refs/heads/main", - "rev": "603f69dbfc8d7acc91b6043420155f1f0660bb66", - "revCount": 52, + "rev": "179aca580debf2434028172c9f939884d82a2b4d", + "revCount": 55, "type": "git", "url": "ssh://forgejo@git.donsz.nl/jana/money.is.fckn.gay.git" }, @@ -426,11 +426,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1703499205, - "narHash": "sha256-lF9rK5mSUfIZJgZxC3ge40tp1gmyyOXZ+lRY3P8bfbg=", + "lastModified": 1766840161, + "narHash": "sha256-Ss/LHpJJsng8vz1Pe33RSGIWUOcqM1fjrehjUkdrWio=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870", + "rev": "3edc4a30ed3903fdf6f90c837f961fa6b49582d1", "type": "github" }, "original": { @@ -660,11 +660,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1758425756, - "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", + "lastModified": 1766894905, + "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", + "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", "type": "github" }, "original": { @@ -799,11 +799,11 @@ }, "vpn-confinement": { "locked": { - "lastModified": 1749672087, - "narHash": "sha256-j8LG0s0QcvNkZZLcItl78lvTZemvsScir0dG3Ii4B1c=", + "lastModified": 1765634578, + "narHash": "sha256-Fujb9sn1cj+u/bzfo2RbQkcAvJ7Ch1pimJzFie4ptb4=", "owner": "Maroka-chan", "repo": "VPN-Confinement", - "rev": "880b3bd2c864dce4f6afc79f6580ca699294c011", + "rev": "f2989e1e3cb06c7185939e9ddc368f88b998616a", "type": "github" }, "original": {