diff --git a/flake.lock b/flake.lock index 00dfea1..d78098f 100644 --- a/flake.lock +++ b/flake.lock @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1722562293, - "narHash": "sha256-JLhM5xSbx5Isjyfz8+WhCfJ9hgEJ4VYRivTOANYZVWM=", + "lastModified": 1722476581, + "narHash": "sha256-dCNcvjaOTu+cPin3VUym9pglsghWYJe5oUpKTuAgiiU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "2056dac5adce82433b1dae711868b1c22e5ed07e", + "rev": "1fe57eaf074d28246ec310486fe3db4ae44d0451", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722578639, - "narHash": "sha256-yge4OI8r8JBFtoajezauguXwYJ7M+Enwb3ZGbJF4YKA=", + "lastModified": 1722489601, + "narHash": "sha256-sB37J92AwEcmzg0GgxdI1TU6M+psUpbo0iYLFJBmsfo=", "owner": "xinyangli", "repo": "nixpkgs", - "rev": "4c71f761584bd9f9a4c4ba090c353c7f3e65c430", + "rev": "eee3d54e62749dfd0f263e3903ca0ec1ebdbe72b", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1722372011, - "narHash": "sha256-B2xRiC3NEJy/82ugtareBkRqEkPGpMyjaLxaR8LBxNs=", + "lastModified": 1722221733, + "narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cf05eeada35e122770c5c14add958790fcfcbef5", + "rev": "12bf09802d77264e441f48e25459c10c93eada2e", "type": "github" }, "original": { @@ -222,11 +222,11 @@ }, "nur": { "locked": { - "lastModified": 1722577920, - "narHash": "sha256-+Nilyq9pr3f13pNqE3UaJ/zxB69fQ8MmkA5xu6oYtIs=", + "lastModified": 1722485061, + "narHash": "sha256-opkrX6noshjk2V3PKBiksA8+M6K7cu3EuiuAWL04pNs=", "owner": "nix-community", "repo": "NUR", - "rev": "a3f8a8853ee2e17c2efd5a33a5c91c1d79bc9c49", + "rev": "3bf06551d5922d420607091f5a3321e712ece307", "type": "github" }, "original": { diff --git a/machines/massicot/default.nix b/machines/massicot/default.nix index ab45a34..2e7597f 100644 --- a/machines/massicot/default.nix +++ b/machines/massicot/default.nix @@ -7,7 +7,7 @@ ./networking.nix ./services.nix ]; - + sops = { defaultSopsFile = ./secrets.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -28,9 +28,6 @@ grafana_oauth_secret = { owner = "grafana"; }; - miniflux_oauth_secret = { - owner = "miniflux"; - }; }; }; @@ -45,7 +42,7 @@ fileSystems."/mnt/storage" = { device = "//u380335-sub1.your-storagebox.de/u380335-sub1"; fsType = "cifs"; - options = [ "credentials=${config.sops.secrets.storage_box_mount.path}" ]; + options = ["credentials=${config.sops.secrets.storage_box_mount.path}"]; }; environment.systemPackages = with pkgs; [ @@ -54,7 +51,7 @@ ]; system.stateVersion = "22.11"; - + networking = { hostName = "massicot"; }; @@ -70,9 +67,9 @@ }; security.sudo = { - execWheelOnly = true; - wheelNeedsPassword = false; - }; + execWheelOnly = true; + wheelNeedsPassword = false; + }; services.openssh = { enable = true; @@ -86,6 +83,6 @@ }; services.fail2ban.enable = true; programs.mosh.enable = true; - + systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ]; } diff --git a/machines/massicot/kanidm-provision.nix b/machines/massicot/kanidm-provision.nix index 374fb69..3bbf1ca 100644 --- a/machines/massicot/kanidm-provision.nix +++ b/machines/massicot/kanidm-provision.nix @@ -32,16 +32,13 @@ grafana-users = { members = [ "xin" ]; }; - miniflux-users = { - members = [ "xin" ]; - }; }; persons = { xin = { displayName = "Xinyang Li"; mailAddresses = [ "lixinyang411@gmail.com" ]; }; - + zhuo = { displayName = "Zhuo"; mailAddresses = [ "13681104320@163.com" ]; @@ -95,13 +92,6 @@ immich-users = [ "openid" "email" "profile" ]; }; }; - miniflux = { - displayName = "Miniflux"; - originUrl = "https://rss.xinyang.life/"; - scopeMaps = { - miniflux-users = [ "openid" "email" "profile" ]; - }; - }; grafana = { displayName = "Grafana"; originUrl = "https://grafana.xinyang.life/"; @@ -120,4 +110,4 @@ }; }; }; -} +} \ No newline at end of file diff --git a/machines/massicot/services.nix b/machines/massicot/services.nix index b16d42d..2db1118 100644 --- a/machines/massicot/services.nix +++ b/machines/massicot/services.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: let kanidm_listen_port = 5324; in @@ -85,21 +85,6 @@ in }; provision = import ./kanidm-provision.nix; }; - - services.miniflux = { - enable = true; - config = { - LISTEN_ADDR = "127.0.0.1:58173"; - OAUTH2_PROVIDER = "oidc"; - OAUTH2_CLIEND_ID = "miniflux"; - OAUTH2_REDIRECT_URL = "https://rss.xinyang.life/oauth2/oidc/callback"; - OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.xinyang.life/oauth2/openid/miniflux"; - OAUTH2_USER_CREATION = 1; - CREATE_ADMIN = lib.mkForce ""; - }; - adminCredentialsFile = config.sops.secrets.miniflux_oauth_secret; - }; - services.matrix-conduit = { enable = true; # package = inputs.conduit.packages.${pkgs.system}.default; @@ -253,11 +238,6 @@ in } } ''; - - virtualHosts."https://rss.xinyang.life".extraConfig = '' - reverse_proxy ${config.services.miniflux.config.LISTEN_ADDR} - ''; - virtualHosts."https://ntfy.xinyang.life".extraConfig = '' reverse_proxy unix/${config.services.ntfy-sh.settings.listen-unix} @httpget { diff --git a/modules/nixos/common-settings/nix-conf.nix b/modules/nixos/common-settings/nix-conf.nix index f24dfc9..9d7f31e 100644 --- a/modules/nixos/common-settings/nix-conf.nix +++ b/modules/nixos/common-settings/nix-conf.nix @@ -43,8 +43,8 @@ in ]; extra-substituters = mkIf cfg.enableMirrors [ - "https://mirrors.bfsu.edu.cn/nix-channels/store?priority=100" - "https://mirrors.ustc.edu.cn/nix-channels/store?priority=100" + "https://mirrors.bfsu.edu.cn/nix-channels/store" + "https://mirrors.ustc.edu.cn/nix-channels/store" ]; trusted-public-keys = [