Compare commits
2 commits
59c4ee3e8d
...
870802e6d2
| Author | SHA1 | Date | |
|---|---|---|---|
870802e6d2
|
|||
|
27fbff7e9b
|
6 changed files with 61 additions and 91 deletions
66
flake.lock
generated
66
flake.lock
generated
|
|
@ -116,11 +116,11 @@
|
|||
},
|
||||
"catppuccin": {
|
||||
"locked": {
|
||||
"lastModified": 1726952185,
|
||||
"narHash": "sha256-l/HbsQjJMT6tlf8KCooFYi3J6wjIips3n6/aWAoLY4g=",
|
||||
"lastModified": 1728407414,
|
||||
"narHash": "sha256-B8LaxUP93eh+it8RW1pGq4SsU2kj7f0ipzFuhBvpON8=",
|
||||
"owner": "catppuccin",
|
||||
"repo": "nix",
|
||||
"rev": "630b559cc1cb4c0bdd525af506935323e4ccd5d1",
|
||||
"rev": "96cf8b4a05fb23a53c027621b1147b5cf9e5439f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -143,11 +143,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711386353,
|
||||
"narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=",
|
||||
"lastModified": 1728263678,
|
||||
"narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "colmena",
|
||||
"rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db",
|
||||
"rev": "b0a62f234fae02a006123e661ff70e62af16106b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -433,11 +433,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727111745,
|
||||
"narHash": "sha256-EYLvFRoTPWtD+3uDg2wwQvlz88OrIr3zld+jFE5gDcY=",
|
||||
"lastModified": 1728791962,
|
||||
"narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "21c021862fa696c8199934e2153214ab57150cb6",
|
||||
"rev": "64c6325b28ebd708653dd41d88f306023f296184",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -540,11 +540,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726975622,
|
||||
"narHash": "sha256-bPDZosnom0+02ywmMZAvmj7zvsQ6mVv/5kmvSgbTkaY=",
|
||||
"lastModified": 1728790083,
|
||||
"narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=",
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "c7515c2fdaf2e1f3f49856cef6cec95bb2138417",
|
||||
"rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -564,11 +564,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727142313,
|
||||
"narHash": "sha256-uEkvjrMOmQiGMw2m7iAHZDE82Wt+i3P65+dFmgpBbAM=",
|
||||
"lastModified": 1728179514,
|
||||
"narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-vscode-extensions",
|
||||
"rev": "487e99ffa42d57de53eba5ca4b60cd95fb442c42",
|
||||
"rev": "018196c371073d669510fd69dd2f6dc0ec608c41",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -579,11 +579,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1727040444,
|
||||
"narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=",
|
||||
"lastModified": 1728729581,
|
||||
"narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac",
|
||||
"rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -623,11 +623,11 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1726969270,
|
||||
"narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=",
|
||||
"lastModified": 1728740863,
|
||||
"narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075",
|
||||
"rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -639,11 +639,11 @@
|
|||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1725762081,
|
||||
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
|
||||
"lastModified": 1728156290,
|
||||
"narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
|
||||
"rev": "17ae88b569bb15590549ff478bab6494dde4a907",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -655,11 +655,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1727147895,
|
||||
"narHash": "sha256-2YZYrtEqQlPT77i6F3PSfA6pHeC62Q94u+c5N26BbNo=",
|
||||
"lastModified": 1728875381,
|
||||
"narHash": "sha256-AS9lhq7s3WWfuX8/oHN8c1qoVDFZaL9BO33eWoU9YzY=",
|
||||
"owner": "xinyangli",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "1b7b0516e42e87d04944092f04e85a393f12e3a8",
|
||||
"rev": "6e5bbf8c5a13f682d0d223b8c109e270fed721d8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -713,11 +713,11 @@
|
|||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1727146799,
|
||||
"narHash": "sha256-EgTExhm77mFu0dNkl4A9LaVYwZYcx62hIG1Q7IJbzzg=",
|
||||
"lastModified": 1728871971,
|
||||
"narHash": "sha256-9DA3YgtiAC7ADY0Qsjnz95R8jebLJQcdg37dZIgEtdI=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "819ed7a5b7dfec428810dfa1403d4fcb5cad44f3",
|
||||
"rev": "97bf2fe3008121ebd4a71ffc01ddd6bb8a6345c2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -774,11 +774,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726524647,
|
||||
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
|
||||
"lastModified": 1728345710,
|
||||
"narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
|
||||
"rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
|
|
@ -126,7 +126,11 @@
|
|||
|
||||
# Enable CUPS to print documents.
|
||||
services.printing.enable = true;
|
||||
# services.printing.drivers = [ pkgs.hplip ];
|
||||
services.printing.drivers = [
|
||||
pkgs.hplip
|
||||
pkgs.gutenprintBin
|
||||
pkgs.canon-cups-ufr2
|
||||
];
|
||||
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
|
|
@ -180,6 +184,7 @@
|
|||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
imhex
|
||||
oidc-agent
|
||||
# Filesystem
|
||||
(owncloud-client.overrideAttrs (
|
||||
|
|
@ -187,8 +192,8 @@
|
|||
src = pkgs.fetchFromGitHub {
|
||||
owner = "xinyangli";
|
||||
repo = "client";
|
||||
rev = "e5ec2d68077361f1597b137a944884dda5574487";
|
||||
hash = "sha256-xs8g7DdL1VxArK3n1c/9k7nW2vwYRHRuz6zaeX7E3eM=";
|
||||
rev = "780d1c4c8bf02be42e118c792ff833ab10c2fdcc";
|
||||
hash = "sha256-pEwcGJI9sN9nooW/RQHmi52Du6yzofgZeB8PcjwPtZ8=";
|
||||
};
|
||||
}
|
||||
))
|
||||
|
|
|
|||
|
|
@ -118,31 +118,18 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
owncloud = {
|
||||
displayName = "ownCloud";
|
||||
originUrl = "https://drive.xinyang.life:8443/";
|
||||
originLanding = "https://drive.xinyang.life:8443/";
|
||||
public = true;
|
||||
preferShortUsername = true;
|
||||
scopeMaps = {
|
||||
ocis-users = [
|
||||
"openid"
|
||||
"email"
|
||||
"profile"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# It's used for all the clients. I'm too lazy to change the name.
|
||||
owncloud-android = {
|
||||
displayName = "ownCloud Apps";
|
||||
originLanding = "https://drive.xinyang.life:8443/";
|
||||
originUrl = [
|
||||
"http://localhost/"
|
||||
"http://127.0.0.1/"
|
||||
"http://localhost:38622/"
|
||||
"http://localhost:43580/"
|
||||
"https://drive.xinyang.life:8443/"
|
||||
# TODO: Should allow mobile redirect url not ending with /
|
||||
# "oc://android.owncloud.com"
|
||||
];
|
||||
basicSecretFile = config.sops.secrets."kanidm/ocis_android_secret".path;
|
||||
public = true;
|
||||
preferShortUsername = true;
|
||||
scopeMaps = {
|
||||
ocis-users = [
|
||||
|
|
|
|||
|
|
@ -9,9 +9,6 @@ forgejo:
|
|||
restic:
|
||||
repo: ENC[AES256_GCM,data:/vybkTU7LMWSlco9W2pJouU9wm4okXClSHXQMCA6SGIHWp4Ppl6C+jS4sNJALc6ntKzcEHyWO/R3JPjQKjZNH4YtrnNQp/ZY9g==,iv:gAvp6blg5JuBKzLw6YSgM1Uc24Aesov3ttCRXZXBvJw=,tag:pvH1y6BFOl7jIn/qQejUbQ==,type:str]
|
||||
password: ENC[AES256_GCM,data:5eIIBtGtBFwcAQ+ZwTYOtg==,iv:3GEM8Imu0i1aTwwSspvz2EzwJOXUC/b15hzkFFuZ+YY=,tag:wscba+nMtshldgUtcEKnOw==,type:str]
|
||||
kanidm:
|
||||
ocis_android_secret: ENC[AES256_GCM,data:vuEIvBEhIME+C/s3xoskddtf5nogC9nPq+HUyyAl3u9nvH3bTzUkfE/1wolaCLeeupnD3pDokdRyKzjEmoZACQ==,iv:cmx/0i23p1uEI0oAiWdcvGRq4+075+VuAMkFSfXzfso=,tag:yVnqz16L5kyW9vAVng53pA==,type:str]
|
||||
ocis_desktop_secret: ENC[AES256_GCM,data:WTfUQzTB9An9p9xof2nuIkD5mYzMaisS62Cv86zX05rkB/wXmTnZiY7ztUoN9OmhGoPgeZg0+d+Jo6bV1hoqlw==,iv:V4iqtYIOcyDXIijcD0IXqpaSs2rxyWiOSZGer/BFSe4=,tag:1nCU1KmWQcY5ZXjlzhxaQQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -36,8 +33,8 @@ sops:
|
|||
dnFBa0lDWWZtS1BHdzBoVzNTaGNkSEEKi/W1n7RT8NpTp00SBMwxsUJAPDhumJ/i
|
||||
V2VnaSNwouD3SswTcoBzqQpBP9XrqzjIYGke90ZODFQbMY9WDQ+O0g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-14T05:48:04Z"
|
||||
mac: ENC[AES256_GCM,data:zdGdvk2pMaZYUsTI9XsSUpgtWrNmZNPg7KoV0zAt19h7Qccu3OGTSfXD+rhhhxhhWgBohGIhDVAVQcORnAw1Y/ykgqxERCANuzoBvvR1eKfPcRNiCEr2dmUAybDF7B2MWKlJ5Fsnpk/caK717Fe8XdAJDuplFwmMWi2c1c61/NQ=,iv:KPQTGzFQH+CQmLeXBzMSbU4lVH0/Wc6CeTp6w/pMMOY=,tag:UVA+sQwQa2bpy2/woBgAkQ==,type:str]
|
||||
lastmodified: "2024-09-30T07:19:35Z"
|
||||
mac: ENC[AES256_GCM,data:WSGvA1RkChrD07Sf4BFVMbdTXQYxAHeGGQ52e+pnPh0lZPOzMc9sLDrBPqDK2OfrHC+hK8RC7FxQTGs6G/oBB4nUzIZPn9WycTiU5elwWDfktizH0gr3EJDm7Gs+bTWQpwdoJZGZ8XErK+yegCaKL5cSOSTlBBbQOnZfnoNBg5c=,iv:xyJRFfxHC2xV0ro4CbdOPau1zORxA64OqpvKr4aFZvQ=,tag:c9NA90d5WTK2pfxwoyOX5A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
|
|
|||
|
|
@ -268,33 +268,15 @@ in
|
|||
virtualHosts."http://auth.xinyang.life:80".extraConfig = ''
|
||||
reverse_proxy ${config.security.acme.certs."auth.xinyang.life".listenHTTP}
|
||||
'';
|
||||
virtualHosts."https://auth.xinyang.life".extraConfig =
|
||||
let
|
||||
reverseProxyKanidm = ''
|
||||
reverse_proxy https://127.0.0.1:${toString kanidm_listen_port} {
|
||||
header_up Host {upstream_hostport}
|
||||
header_down Access-Control-Allow-Origin "*"
|
||||
transport http {
|
||||
tls_server_name ${config.services.kanidm.serverSettings.domain}
|
||||
}
|
||||
virtualHosts."https://auth.xinyang.life".extraConfig = ''
|
||||
reverse_proxy https://127.0.0.1:${toString kanidm_listen_port} {
|
||||
header_up Host {upstream_hostport}
|
||||
header_down Access-Control-Allow-Origin "*"
|
||||
transport http {
|
||||
tls_server_name ${config.services.kanidm.serverSettings.domain}
|
||||
}
|
||||
'';
|
||||
in
|
||||
''
|
||||
reverse_proxy /oauth2/openid/owncloud/userinfo https://127.0.0.1:${toString kanidm_listen_port} {
|
||||
header_up Host {upstream_hostport}
|
||||
header_down Access-Control-Allow-Origin "*"
|
||||
transport http {
|
||||
tls_server_name ${config.services.kanidm.serverSettings.domain}
|
||||
}
|
||||
@error status 400
|
||||
handle_response @error {
|
||||
rewrite /oauth2/openid/owncloud/userinfo /oauth2/openid/owncloud-android/userinfo
|
||||
${reverseProxyKanidm}
|
||||
}
|
||||
}
|
||||
${reverseProxyKanidm}
|
||||
'';
|
||||
}
|
||||
'';
|
||||
|
||||
virtualHosts."https://rss.xinyang.life".extraConfig = ''
|
||||
reverse_proxy ${config.custom.miniflux.environment.LISTEN_ADDR}
|
||||
|
|
|
|||
|
|
@ -15,21 +15,20 @@
|
|||
OCIS_LOG_PRETTY = "true";
|
||||
PROXY_AUTOPROVISION_ACCOUNTS = "true";
|
||||
PROXY_USER_OIDC_CLAIM = "preferred_username";
|
||||
PROXY_OIDC_ISSUER = "https://auth.xinyang.life/oauth2/openid/owncloud";
|
||||
PROXY_OIDC_REWRITE_WELLKNOWN = "false";
|
||||
PROXY_OIDC_ISSUER = "https://auth.xinyang.life/oauth2/openid/owncloud-android";
|
||||
PROXY_OIDC_REWRITE_WELLKNOWN = "true";
|
||||
PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD = "none";
|
||||
OCIS_EXCLUDE_RUN_SERVICES = "idp";
|
||||
WEB_HTTP_ADDR = "127.0.0.1:12345";
|
||||
WEB_OIDC_METADATA_URL = "https://auth.xinyang.life/oauth2/openid/owncloud/.well-known/openid-configuration";
|
||||
WEB_OIDC_AUTHORITY = "https://auth.xinyang.life/oauth2/openid/owncloud";
|
||||
WEB_OIDC_CLIENT_ID = "owncloud";
|
||||
WEB_OIDC_METADATA_URL = "https://auth.xinyang.life/oauth2/openid/owncloud-android/.well-known/openid-configuration";
|
||||
WEB_OIDC_AUTHORITY = "https://auth.xinyang.life/oauth2/openid/owncloud-android";
|
||||
WEB_OIDC_CLIENT_ID = "owncloud-android";
|
||||
};
|
||||
# environmentFile = config.sops.secrets."ocis/env".path;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8443 ];
|
||||
services.caddy.virtualHosts."${config.services.ocis.url}".extraConfig = ''
|
||||
redir /.well-known/openid-configuration https://auth.xinyang.life/oauth2/openid/owncloud-android/.well-known/openid-configuration permanent
|
||||
reverse_proxy ${config.services.ocis.address}:${toString config.services.ocis.port}
|
||||
'';
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue