From 59c4ee3e8d6ea5981796b20ee4deca00e34e9934 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Tue, 24 Sep 2024 11:39:30 +0800 Subject: [PATCH 1/8] home/calcite: fix not build --- home/xin/calcite.nix | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/home/xin/calcite.nix b/home/xin/calcite.nix index b850d52..20b90e6 100644 --- a/home/xin/calcite.nix +++ b/home/xin/calcite.nix @@ -1,6 +1,8 @@ -{ inputs, pkgs, ... }: +{ pkgs, ... }: { - imports = [ ./common ]; + imports = [ + ./common + ]; programs.nix-index-database.comma.enable = true; @@ -37,11 +39,6 @@ flavor = "mocha"; }; - stylix = { - targets = { - gtk.enable = true; - }; - }; xdg.enable = true; i18n.inputMethod = { From 27fbff7e9bddd236d76545feb88401522e27b004 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Mon, 30 Sep 2024 15:20:07 +0800 Subject: [PATCH 2/8] fix oidc for ocis --- machines/calcite/configuration.nix | 11 ++++++--- machines/massicot/kanidm-provision.nix | 23 ++++------------- machines/massicot/secrets.yaml | 7 ++---- machines/massicot/services.nix | 34 ++++++-------------------- machines/weilite/services/ocis.nix | 11 ++++----- 5 files changed, 28 insertions(+), 58 deletions(-) diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index f397b7a..4601e8c 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -126,7 +126,11 @@ # Enable CUPS to print documents. services.printing.enable = true; - # services.printing.drivers = [ pkgs.hplip ]; + services.printing.drivers = [ + pkgs.hplip + pkgs.gutenprintBin + pkgs.canon-cups-ufr2 + ]; hardware.pulseaudio.enable = false; security.rtkit.enable = true; @@ -180,6 +184,7 @@ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ + imhex oidc-agent # Filesystem (owncloud-client.overrideAttrs ( @@ -187,8 +192,8 @@ src = pkgs.fetchFromGitHub { owner = "xinyangli"; repo = "client"; - rev = "e5ec2d68077361f1597b137a944884dda5574487"; - hash = "sha256-xs8g7DdL1VxArK3n1c/9k7nW2vwYRHRuz6zaeX7E3eM="; + rev = "780d1c4c8bf02be42e118c792ff833ab10c2fdcc"; + hash = "sha256-pEwcGJI9sN9nooW/RQHmi52Du6yzofgZeB8PcjwPtZ8="; }; } )) diff --git a/machines/massicot/kanidm-provision.nix b/machines/massicot/kanidm-provision.nix index 91f86d2..b7702de 100644 --- a/machines/massicot/kanidm-provision.nix +++ b/machines/massicot/kanidm-provision.nix @@ -118,31 +118,18 @@ ]; }; }; - owncloud = { - displayName = "ownCloud"; - originUrl = "https://drive.xinyang.life:8443/"; - originLanding = "https://drive.xinyang.life:8443/"; - public = true; - preferShortUsername = true; - scopeMaps = { - ocis-users = [ - "openid" - "email" - "profile" - ]; - }; - }; - + # It's used for all the clients. I'm too lazy to change the name. owncloud-android = { displayName = "ownCloud Apps"; originLanding = "https://drive.xinyang.life:8443/"; originUrl = [ - "http://localhost/" - "http://127.0.0.1/" + "http://localhost:38622/" + "http://localhost:43580/" + "https://drive.xinyang.life:8443/" # TODO: Should allow mobile redirect url not ending with / # "oc://android.owncloud.com" ]; - basicSecretFile = config.sops.secrets."kanidm/ocis_android_secret".path; + public = true; preferShortUsername = true; scopeMaps = { ocis-users = [ diff --git a/machines/massicot/secrets.yaml b/machines/massicot/secrets.yaml index 302df3b..0f4bbdc 100644 --- a/machines/massicot/secrets.yaml +++ b/machines/massicot/secrets.yaml @@ -9,9 +9,6 @@ forgejo: restic: repo: ENC[AES256_GCM,data:/vybkTU7LMWSlco9W2pJouU9wm4okXClSHXQMCA6SGIHWp4Ppl6C+jS4sNJALc6ntKzcEHyWO/R3JPjQKjZNH4YtrnNQp/ZY9g==,iv:gAvp6blg5JuBKzLw6YSgM1Uc24Aesov3ttCRXZXBvJw=,tag:pvH1y6BFOl7jIn/qQejUbQ==,type:str] password: ENC[AES256_GCM,data:5eIIBtGtBFwcAQ+ZwTYOtg==,iv:3GEM8Imu0i1aTwwSspvz2EzwJOXUC/b15hzkFFuZ+YY=,tag:wscba+nMtshldgUtcEKnOw==,type:str] -kanidm: - ocis_android_secret: ENC[AES256_GCM,data:vuEIvBEhIME+C/s3xoskddtf5nogC9nPq+HUyyAl3u9nvH3bTzUkfE/1wolaCLeeupnD3pDokdRyKzjEmoZACQ==,iv:cmx/0i23p1uEI0oAiWdcvGRq4+075+VuAMkFSfXzfso=,tag:yVnqz16L5kyW9vAVng53pA==,type:str] - ocis_desktop_secret: ENC[AES256_GCM,data:WTfUQzTB9An9p9xof2nuIkD5mYzMaisS62Cv86zX05rkB/wXmTnZiY7ztUoN9OmhGoPgeZg0+d+Jo6bV1hoqlw==,iv:V4iqtYIOcyDXIijcD0IXqpaSs2rxyWiOSZGer/BFSe4=,tag:1nCU1KmWQcY5ZXjlzhxaQQ==,type:str] sops: kms: [] gcp_kms: [] @@ -36,8 +33,8 @@ sops: dnFBa0lDWWZtS1BHdzBoVzNTaGNkSEEKi/W1n7RT8NpTp00SBMwxsUJAPDhumJ/i V2VnaSNwouD3SswTcoBzqQpBP9XrqzjIYGke90ZODFQbMY9WDQ+O0g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-14T05:48:04Z" - mac: ENC[AES256_GCM,data:zdGdvk2pMaZYUsTI9XsSUpgtWrNmZNPg7KoV0zAt19h7Qccu3OGTSfXD+rhhhxhhWgBohGIhDVAVQcORnAw1Y/ykgqxERCANuzoBvvR1eKfPcRNiCEr2dmUAybDF7B2MWKlJ5Fsnpk/caK717Fe8XdAJDuplFwmMWi2c1c61/NQ=,iv:KPQTGzFQH+CQmLeXBzMSbU4lVH0/Wc6CeTp6w/pMMOY=,tag:UVA+sQwQa2bpy2/woBgAkQ==,type:str] + lastmodified: "2024-09-30T07:19:35Z" + mac: ENC[AES256_GCM,data:WSGvA1RkChrD07Sf4BFVMbdTXQYxAHeGGQ52e+pnPh0lZPOzMc9sLDrBPqDK2OfrHC+hK8RC7FxQTGs6G/oBB4nUzIZPn9WycTiU5elwWDfktizH0gr3EJDm7Gs+bTWQpwdoJZGZ8XErK+yegCaKL5cSOSTlBBbQOnZfnoNBg5c=,iv:xyJRFfxHC2xV0ro4CbdOPau1zORxA64OqpvKr4aFZvQ=,tag:c9NA90d5WTK2pfxwoyOX5A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/machines/massicot/services.nix b/machines/massicot/services.nix index dfdac4d..4be75c5 100644 --- a/machines/massicot/services.nix +++ b/machines/massicot/services.nix @@ -268,33 +268,15 @@ in virtualHosts."http://auth.xinyang.life:80".extraConfig = '' reverse_proxy ${config.security.acme.certs."auth.xinyang.life".listenHTTP} ''; - virtualHosts."https://auth.xinyang.life".extraConfig = - let - reverseProxyKanidm = '' - reverse_proxy https://127.0.0.1:${toString kanidm_listen_port} { - header_up Host {upstream_hostport} - header_down Access-Control-Allow-Origin "*" - transport http { - tls_server_name ${config.services.kanidm.serverSettings.domain} - } + virtualHosts."https://auth.xinyang.life".extraConfig = '' + reverse_proxy https://127.0.0.1:${toString kanidm_listen_port} { + header_up Host {upstream_hostport} + header_down Access-Control-Allow-Origin "*" + transport http { + tls_server_name ${config.services.kanidm.serverSettings.domain} } - ''; - in - '' - reverse_proxy /oauth2/openid/owncloud/userinfo https://127.0.0.1:${toString kanidm_listen_port} { - header_up Host {upstream_hostport} - header_down Access-Control-Allow-Origin "*" - transport http { - tls_server_name ${config.services.kanidm.serverSettings.domain} - } - @error status 400 - handle_response @error { - rewrite /oauth2/openid/owncloud/userinfo /oauth2/openid/owncloud-android/userinfo - ${reverseProxyKanidm} - } - } - ${reverseProxyKanidm} - ''; + } + ''; virtualHosts."https://rss.xinyang.life".extraConfig = '' reverse_proxy ${config.custom.miniflux.environment.LISTEN_ADDR} diff --git a/machines/weilite/services/ocis.nix b/machines/weilite/services/ocis.nix index 7438591..dfd4c50 100644 --- a/machines/weilite/services/ocis.nix +++ b/machines/weilite/services/ocis.nix @@ -15,21 +15,20 @@ OCIS_LOG_PRETTY = "true"; PROXY_AUTOPROVISION_ACCOUNTS = "true"; PROXY_USER_OIDC_CLAIM = "preferred_username"; - PROXY_OIDC_ISSUER = "https://auth.xinyang.life/oauth2/openid/owncloud"; - PROXY_OIDC_REWRITE_WELLKNOWN = "false"; + PROXY_OIDC_ISSUER = "https://auth.xinyang.life/oauth2/openid/owncloud-android"; + PROXY_OIDC_REWRITE_WELLKNOWN = "true"; PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD = "none"; OCIS_EXCLUDE_RUN_SERVICES = "idp"; WEB_HTTP_ADDR = "127.0.0.1:12345"; - WEB_OIDC_METADATA_URL = "https://auth.xinyang.life/oauth2/openid/owncloud/.well-known/openid-configuration"; - WEB_OIDC_AUTHORITY = "https://auth.xinyang.life/oauth2/openid/owncloud"; - WEB_OIDC_CLIENT_ID = "owncloud"; + WEB_OIDC_METADATA_URL = "https://auth.xinyang.life/oauth2/openid/owncloud-android/.well-known/openid-configuration"; + WEB_OIDC_AUTHORITY = "https://auth.xinyang.life/oauth2/openid/owncloud-android"; + WEB_OIDC_CLIENT_ID = "owncloud-android"; }; # environmentFile = config.sops.secrets."ocis/env".path; }; networking.firewall.allowedTCPPorts = [ 8443 ]; services.caddy.virtualHosts."${config.services.ocis.url}".extraConfig = '' - redir /.well-known/openid-configuration https://auth.xinyang.life/oauth2/openid/owncloud-android/.well-known/openid-configuration permanent reverse_proxy ${config.services.ocis.address}:${toString config.services.ocis.port} ''; } From 870802e6d218882a160cf583a7476983850ad025 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Mon, 14 Oct 2024 11:17:59 +0800 Subject: [PATCH 3/8] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'catppuccin': 'github:catppuccin/nix/630b559cc1cb4c0bdd525af506935323e4ccd5d1' (2024-09-21) → 'github:catppuccin/nix/96cf8b4a05fb23a53c027621b1147b5cf9e5439f' (2024-10-08) • Updated input 'colmena': 'github:zhaofengli/colmena/cd65ef7a25cdc75052fbd04b120aeb066c3881db' (2024-03-25) → 'github:zhaofengli/colmena/b0a62f234fae02a006123e661ff70e62af16106b' (2024-10-07) • Updated input 'home-manager': 'github:nix-community/home-manager/21c021862fa696c8199934e2153214ab57150cb6' (2024-09-23) → 'github:nix-community/home-manager/64c6325b28ebd708653dd41d88f306023f296184' (2024-10-13) • Updated input 'nix-index-database': 'github:Mic92/nix-index-database/c7515c2fdaf2e1f3f49856cef6cec95bb2138417' (2024-09-22) → 'github:Mic92/nix-index-database/5c54c33aa04df5dd4b0984b7eb861d1981009b22' (2024-10-13) • Updated input 'nix-vscode-extensions': 'github:nix-community/nix-vscode-extensions/487e99ffa42d57de53eba5ca4b60cd95fb442c42' (2024-09-24) → 'github:nix-community/nix-vscode-extensions/018196c371073d669510fd69dd2f6dc0ec608c41' (2024-10-06) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/d0cb432a9d28218df11cbd77d984a2a46caeb5ac' (2024-09-22) → 'github:NixOS/nixos-hardware/a8dd1b21995964b115b1e3ec639dd6ce24ab9806' (2024-10-12) • Updated input 'nixpkgs': 'github:xinyangli/nixpkgs/1b7b0516e42e87d04944092f04e85a393f12e3a8' (2024-09-24) → 'github:xinyangli/nixpkgs/6e5bbf8c5a13f682d0d223b8c109e270fed721d8' (2024-10-14) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/23cbb250f3bf4f516a2d0bf03c51a30900848075' (2024-09-22) → 'github:nixos/nixpkgs/a3f9ad65a0bf298ed5847629a57808b97e6e8077' (2024-10-12) • Updated input 'nur': 'github:nix-community/NUR/819ed7a5b7dfec428810dfa1403d4fcb5cad44f3' (2024-09-24) → 'github:nix-community/NUR/97bf2fe3008121ebd4a71ffc01ddd6bb8a6345c2' (2024-10-14) • Updated input 'sops-nix': 'github:Mic92/sops-nix/e2d404a7ea599a013189aa42947f66cede0645c8' (2024-09-16) → 'github:Mic92/sops-nix/06535d0e3d0201e6a8080dd32dbfde339b94f01b' (2024-10-08) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/dc454045f5b5d814e5862a6d057e7bb5c29edc05' (2024-09-08) → 'github:NixOS/nixpkgs/17ae88b569bb15590549ff478bab6494dde4a907' (2024-10-05) --- flake.lock | 66 +++++++++++++++++++++++++++--------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/flake.lock b/flake.lock index 2392682..d808b79 100644 --- a/flake.lock +++ b/flake.lock @@ -116,11 +116,11 @@ }, "catppuccin": { "locked": { - "lastModified": 1726952185, - "narHash": "sha256-l/HbsQjJMT6tlf8KCooFYi3J6wjIips3n6/aWAoLY4g=", + "lastModified": 1728407414, + "narHash": "sha256-B8LaxUP93eh+it8RW1pGq4SsU2kj7f0ipzFuhBvpON8=", "owner": "catppuccin", "repo": "nix", - "rev": "630b559cc1cb4c0bdd525af506935323e4ccd5d1", + "rev": "96cf8b4a05fb23a53c027621b1147b5cf9e5439f", "type": "github" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1711386353, - "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", + "lastModified": 1728263678, + "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=", "owner": "zhaofengli", "repo": "colmena", - "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", + "rev": "b0a62f234fae02a006123e661ff70e62af16106b", "type": "github" }, "original": { @@ -433,11 +433,11 @@ ] }, "locked": { - "lastModified": 1727111745, - "narHash": "sha256-EYLvFRoTPWtD+3uDg2wwQvlz88OrIr3zld+jFE5gDcY=", + "lastModified": 1728791962, + "narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=", "owner": "nix-community", "repo": "home-manager", - "rev": "21c021862fa696c8199934e2153214ab57150cb6", + "rev": "64c6325b28ebd708653dd41d88f306023f296184", "type": "github" }, "original": { @@ -540,11 +540,11 @@ ] }, "locked": { - "lastModified": 1726975622, - "narHash": "sha256-bPDZosnom0+02ywmMZAvmj7zvsQ6mVv/5kmvSgbTkaY=", + "lastModified": 1728790083, + "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "c7515c2fdaf2e1f3f49856cef6cec95bb2138417", + "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22", "type": "github" }, "original": { @@ -564,11 +564,11 @@ ] }, "locked": { - "lastModified": 1727142313, - "narHash": "sha256-uEkvjrMOmQiGMw2m7iAHZDE82Wt+i3P65+dFmgpBbAM=", + "lastModified": 1728179514, + "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "487e99ffa42d57de53eba5ca4b60cd95fb442c42", + "rev": "018196c371073d669510fd69dd2f6dc0ec608c41", "type": "github" }, "original": { @@ -579,11 +579,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1727040444, - "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", + "lastModified": 1728729581, + "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", + "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806", "type": "github" }, "original": { @@ -623,11 +623,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1726969270, - "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=", + "lastModified": 1728740863, + "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075", + "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077", "type": "github" }, "original": { @@ -639,11 +639,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1725762081, - "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", + "lastModified": 1728156290, + "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", + "rev": "17ae88b569bb15590549ff478bab6494dde4a907", "type": "github" }, "original": { @@ -655,11 +655,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1727147895, - "narHash": "sha256-2YZYrtEqQlPT77i6F3PSfA6pHeC62Q94u+c5N26BbNo=", + "lastModified": 1728875381, + "narHash": "sha256-AS9lhq7s3WWfuX8/oHN8c1qoVDFZaL9BO33eWoU9YzY=", "owner": "xinyangli", "repo": "nixpkgs", - "rev": "1b7b0516e42e87d04944092f04e85a393f12e3a8", + "rev": "6e5bbf8c5a13f682d0d223b8c109e270fed721d8", "type": "github" }, "original": { @@ -713,11 +713,11 @@ }, "nur": { "locked": { - "lastModified": 1727146799, - "narHash": "sha256-EgTExhm77mFu0dNkl4A9LaVYwZYcx62hIG1Q7IJbzzg=", + "lastModified": 1728871971, + "narHash": "sha256-9DA3YgtiAC7ADY0Qsjnz95R8jebLJQcdg37dZIgEtdI=", "owner": "nix-community", "repo": "NUR", - "rev": "819ed7a5b7dfec428810dfa1403d4fcb5cad44f3", + "rev": "97bf2fe3008121ebd4a71ffc01ddd6bb8a6345c2", "type": "github" }, "original": { @@ -774,11 +774,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1726524647, - "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", + "lastModified": 1728345710, + "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", + "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", "type": "github" }, "original": { From a9b1d693860fa341a86989d4562003425b98a0ed Mon Sep 17 00:00:00 2001 From: xinyangli Date: Mon, 14 Oct 2024 11:29:27 +0800 Subject: [PATCH 4/8] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:xinyangli/nixpkgs/6e5bbf8c5a13f682d0d223b8c109e270fed721d8' (2024-10-14) → 'github:xinyangli/nixpkgs/5f7b4a8a49de5fb589a4f67f1ec888382312a490' (2024-10-14) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d808b79..6cd996f 100644 --- a/flake.lock +++ b/flake.lock @@ -655,11 +655,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1728875381, - "narHash": "sha256-AS9lhq7s3WWfuX8/oHN8c1qoVDFZaL9BO33eWoU9YzY=", + "lastModified": 1728876479, + "narHash": "sha256-tjVsONpCYX+pOBqpnLsNOcd9DpbzG2Tnm8K/lgTqQc8=", "owner": "xinyangli", "repo": "nixpkgs", - "rev": "6e5bbf8c5a13f682d0d223b8c109e270fed721d8", + "rev": "5f7b4a8a49de5fb589a4f67f1ec888382312a490", "type": "github" }, "original": { From af0e5ed742d283e5ddcf6d69bc665ffa5bf4ef16 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Mon, 14 Oct 2024 11:35:48 +0800 Subject: [PATCH 5/8] fix: unused secret --- machines/massicot/kanidm-provision.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/machines/massicot/kanidm-provision.nix b/machines/massicot/kanidm-provision.nix index b7702de..31cd6e6 100644 --- a/machines/massicot/kanidm-provision.nix +++ b/machines/massicot/kanidm-provision.nix @@ -1,15 +1,5 @@ { config, lib, ... }: { - sops.secrets = { - "kanidm/ocis_android_secret" = { - owner = "kanidm"; - }; - }; - systemd.services.kanidm.serviceConfig = { - BindReadOnlyPaths = [ - config.sops.secrets."kanidm/ocis_android_secret".path - ]; - }; services.kanidm.provision = { enable = true; autoRemove = true; From 62635224883242d878966066fc022fac708379ee Mon Sep 17 00:00:00 2001 From: xinyangli Date: Mon, 14 Oct 2024 11:45:03 +0800 Subject: [PATCH 6/8] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'my-nixvim': 'git+https://git.xinyang.life/xin/nixvim?ref=refs/heads/master&rev=7e0140a6a9eff2ab3292d8269bc99efeb3581835' (2024-09-02) → 'git+https://git.xinyang.life/xin/nixvim?ref=refs/heads/master&rev=c72cb643b40a030e1cdc1930f63dc0c2a808faaf' (2024-10-14) • Updated input 'my-nixvim/flake-parts': 'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01) → 'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01) • Updated input 'my-nixvim/flake-parts/nixpkgs-lib': 'https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz?narHash=sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q%3D' (2024-08-01) → 'https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz?narHash=sha256-0xHYkMkeLVQAMa7gvkddbPqpxph%2BhDzdu1XdGPJR%2BOs%3D' (2024-10-01) • Updated input 'my-nixvim/nixvim': 'github:nix-community/nixvim/cb413995e1e101c76d755b7f131ce60c7ea3985d' (2024-08-20) → 'github:nix-community/nixvim/619e24366e8ad34230d65a323d26ca981bfa6927' (2024-10-13) • Updated input 'my-nixvim/nixvim/devshell': 'github:numtide/devshell/67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae' (2024-07-27) → 'github:numtide/devshell/dd6b80932022cea34a019e2bb32f6fa9e494dfef' (2024-10-07) • Updated input 'my-nixvim/nixvim/flake-parts': 'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01) → 'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01) • Updated input 'my-nixvim/nixvim/git-hooks': 'github:cachix/git-hooks.nix/bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba' (2024-08-16) → 'github:cachix/git-hooks.nix/eb74e0be24a11a1531b5b8659535580554d30b28' (2024-10-12) • Updated input 'my-nixvim/nixvim/home-manager': 'github:nix-community/home-manager/2598861031b78aadb4da7269df7ca9ddfc3e1671' (2024-08-18) → 'github:nix-community/home-manager/d57112db877f07387ce7104b5ac346ede556d2d7' (2024-10-12) • Updated input 'my-nixvim/nixvim/nix-darwin': 'github:lnl7/nix-darwin/076b9a905af8a52b866c8db068d6da475839d97b' (2024-08-17) → 'github:lnl7/nix-darwin/48b50b3b137be5cfb9f4d006835ce7c3fe558ccc' (2024-10-08) • Updated input 'my-nixvim/nixvim/nixpkgs': 'github:NixOS/nixpkgs/8a3354191c0d7144db9756a74755672387b702ba' (2024-08-18) → 'github:NixOS/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7' (2024-10-09) • Updated input 'my-nixvim/nixvim/nuschtosSearch': 'github:NuschtOS/search/a05d1805f2a2bc47d230e5e92aecbf69f784f3d0' (2024-08-18) → 'github:NuschtOS/search/9578d865b081c29ae98131caf7d2f69a42f0ca6e' (2024-10-12) • Updated input 'my-nixvim/nixvim/nuschtosSearch/flake-utils': 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11) → 'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17) • Updated input 'my-nixvim/nixvim/treefmt-nix': 'github:numtide/treefmt-nix/1d07739554fdc4f8481068f1b11d6ab4c1a4167a' (2024-08-16) → 'github:numtide/treefmt-nix/4446c7a6fc0775df028c5a3f6727945ba8400e64' (2024-10-03) --- flake.lock | 82 +++++++++++++++++++++++++++--------------------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/flake.lock b/flake.lock index 6cd996f..28cf84a 100644 --- a/flake.lock +++ b/flake.lock @@ -165,11 +165,11 @@ ] }, "locked": { - "lastModified": 1722113426, - "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", "owner": "numtide", "repo": "devshell", - "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "type": "github" }, "original": { @@ -245,11 +245,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "type": "github" }, "original": { @@ -267,11 +267,11 @@ ] }, "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "type": "github" }, "original": { @@ -303,11 +303,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1723803910, - "narHash": "sha256-yezvUuFiEnCFbGuwj/bQcqg7RykIEqudOy/RBrId0pc=", + "lastModified": 1728727368, + "narHash": "sha256-7FMyNISP7K6XDSIt1NJxkXZnEdV3HZUXvFoBaJ/qdOg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba", + "rev": "eb74e0be24a11a1531b5b8659535580554d30b28", "type": "github" }, "original": { @@ -455,11 +455,11 @@ ] }, "locked": { - "lastModified": 1723986931, - "narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=", + "lastModified": 1728726232, + "narHash": "sha256-8ZWr1HpciQsrFjvPMvZl0W+b0dilZOqXPoKa2Ux36bc=", "owner": "nix-community", "repo": "home-manager", - "rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671", + "rev": "d57112db877f07387ce7104b5ac346ede556d2d7", "type": "github" }, "original": { @@ -498,11 +498,11 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1725247757, - "narHash": "sha256-M++z1VvmSo18FRVI02mdF2210bCYn+t25Zgflrdn9Tc=", + "lastModified": 1728877458, + "narHash": "sha256-oesnC9TSc3L2er0SyBwW2d0qxN1qmkevP3WKVorlpdA=", "ref": "refs/heads/master", - "rev": "7e0140a6a9eff2ab3292d8269bc99efeb3581835", - "revCount": 14, + "rev": "c72cb643b40a030e1cdc1930f63dc0c2a808faaf", + "revCount": 15, "type": "git", "url": "https://git.xinyang.life/xin/nixvim" }, @@ -520,11 +520,11 @@ ] }, "locked": { - "lastModified": 1723859949, - "narHash": "sha256-kiaGz4deGYKMjJPOji/JVvSP/eTefrIA3rAjOnOpXl4=", + "lastModified": 1728385805, + "narHash": "sha256-mUd38b0vhB7yzgAjNOaFz7VY9xIVzlbn3P2wjGBcVV0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "076b9a905af8a52b866c8db068d6da475839d97b", + "rev": "48b50b3b137be5cfb9f4d006835ce7c3fe558ccc", "type": "github" }, "original": { @@ -595,11 +595,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723991338, - "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a3354191c0d7144db9756a74755672387b702ba", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { @@ -611,14 +611,14 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1722555339, - "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", + "lastModified": 1727825735, + "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" } }, "nixpkgs-stable": { @@ -698,11 +698,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1724127528, - "narHash": "sha256-fKtsvNQeLhPuz1O53x6Xxkd/yYecpolNXRq7mfvnXQk=", + "lastModified": 1728829992, + "narHash": "sha256-722PdOQ4uTTAOyS3Ze4H7LXDNVi9FecKbLEvj3Qu0hM=", "owner": "nix-community", "repo": "nixvim", - "rev": "cb413995e1e101c76d755b7f131ce60c7ea3985d", + "rev": "619e24366e8ad34230d65a323d26ca981bfa6927", "type": "github" }, "original": { @@ -736,11 +736,11 @@ ] }, "locked": { - "lastModified": 1723969429, - "narHash": "sha256-BuewfNEXEf11MIkJY+uvWsdLu1dIvgJqntWChvNdALg=", + "lastModified": 1728701796, + "narHash": "sha256-FTDCOUnq+gdnHC3p5eisv1X1mMtKJDNMegwpZjRzQKY=", "owner": "NuschtOS", "repo": "search", - "rev": "a05d1805f2a2bc47d230e5e92aecbf69f784f3d0", + "rev": "9578d865b081c29ae98131caf7d2f69a42f0ca6e", "type": "github" }, "original": { @@ -871,11 +871,11 @@ ] }, "locked": { - "lastModified": 1723808491, - "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=", + "lastModified": 1727984844, + "narHash": "sha256-xpRqITAoD8rHlXQafYZOLvUXCF6cnZkPfoq67ThN0Hc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a", + "rev": "4446c7a6fc0775df028c5a3f6727945ba8400e64", "type": "github" }, "original": { From 38e749280705a8d512fc668adbf7d28f51876ffc Mon Sep 17 00:00:00 2001 From: xinyangli Date: Mon, 14 Oct 2024 11:56:47 +0800 Subject: [PATCH 7/8] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'my-nixvim': 'git+https://git.xinyang.life/xin/nixvim?ref=refs/heads/master&rev=c72cb643b40a030e1cdc1930f63dc0c2a808faaf' (2024-10-14) → 'git+https://git.xinyang.life/xin/nixvim?ref=refs/heads/master&rev=90a9302a0a028b9359a3c49e56841bff58c72ab6' (2024-10-14) • Updated input 'nur': 'github:nix-community/NUR/97bf2fe3008121ebd4a71ffc01ddd6bb8a6345c2' (2024-10-14) → 'github:nix-community/NUR/6f359b976f93fc46a3674b2a92ffb79dad8e8840' (2024-10-14) --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 28cf84a..ad106f1 100644 --- a/flake.lock +++ b/flake.lock @@ -498,11 +498,11 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1728877458, - "narHash": "sha256-oesnC9TSc3L2er0SyBwW2d0qxN1qmkevP3WKVorlpdA=", + "lastModified": 1728878172, + "narHash": "sha256-qfihteJpOLCGXiccCWJ+N/4rUlQcdvdoNSdCH6UJGD0=", "ref": "refs/heads/master", - "rev": "c72cb643b40a030e1cdc1930f63dc0c2a808faaf", - "revCount": 15, + "rev": "90a9302a0a028b9359a3c49e56841bff58c72ab6", + "revCount": 16, "type": "git", "url": "https://git.xinyang.life/xin/nixvim" }, @@ -713,11 +713,11 @@ }, "nur": { "locked": { - "lastModified": 1728871971, - "narHash": "sha256-9DA3YgtiAC7ADY0Qsjnz95R8jebLJQcdg37dZIgEtdI=", + "lastModified": 1728877747, + "narHash": "sha256-OGSawABgsGqgJoSdWmR0hAuz8gRlAwPcwz4M3u27QaM=", "owner": "nix-community", "repo": "NUR", - "rev": "97bf2fe3008121ebd4a71ffc01ddd6bb8a6345c2", + "rev": "6f359b976f93fc46a3674b2a92ffb79dad8e8840", "type": "github" }, "original": { From 87bf369bd774007e273c5d5b5af17c7cb09fcf46 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Mon, 14 Oct 2024 12:06:41 +0800 Subject: [PATCH 8/8] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'my-nixvim': 'git+https://git.xinyang.life/xin/nixvim?ref=refs/heads/master&rev=90a9302a0a028b9359a3c49e56841bff58c72ab6' (2024-10-14) → 'git+https://git.xinyang.life/xin/nixvim?ref=refs/heads/master&rev=0df66b4ab6faf481b1a94dd2edef66eec8e1efde' (2024-10-14) • Updated input 'nur': 'github:nix-community/NUR/6f359b976f93fc46a3674b2a92ffb79dad8e8840' (2024-10-14) → 'github:nix-community/NUR/23d88faa35dc9de0e35fc3dc2a863c4cf451a8f8' (2024-10-14) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index ad106f1..632d531 100644 --- a/flake.lock +++ b/flake.lock @@ -498,10 +498,10 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1728878172, - "narHash": "sha256-qfihteJpOLCGXiccCWJ+N/4rUlQcdvdoNSdCH6UJGD0=", + "lastModified": 1728878762, + "narHash": "sha256-aYYyuY+IM3d/5NbogZx7ctd8bfNmzHklNIwazSn3jx0=", "ref": "refs/heads/master", - "rev": "90a9302a0a028b9359a3c49e56841bff58c72ab6", + "rev": "0df66b4ab6faf481b1a94dd2edef66eec8e1efde", "revCount": 16, "type": "git", "url": "https://git.xinyang.life/xin/nixvim" @@ -713,11 +713,11 @@ }, "nur": { "locked": { - "lastModified": 1728877747, - "narHash": "sha256-OGSawABgsGqgJoSdWmR0hAuz8gRlAwPcwz4M3u27QaM=", + "lastModified": 1728878648, + "narHash": "sha256-JYNGkY30+zGclR1zebnyHOtRhWKfKHLw6T4IoqhmJFs=", "owner": "nix-community", "repo": "NUR", - "rev": "6f359b976f93fc46a3674b2a92ffb79dad8e8840", + "rev": "23d88faa35dc9de0e35fc3dc2a863c4cf451a8f8", "type": "github" }, "original": {