diff --git a/clients/quadraticserver/auth.nix b/clients/quadraticserver/auth.nix new file mode 100644 index 0000000..714052e --- /dev/null +++ b/clients/quadraticserver/auth.nix @@ -0,0 +1,21 @@ +{ + inputs, + config, + ... +}: { + imports = [inputs.matrixoidc.nixosModules.default]; + + services = let + socket = "/var/run/matrixoidc/socket"; + domain = "auth.federated.nexus"; + in { + matrixoidc = { + enable = true; + jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path; + args = ["--socket" socket "--homeserver" config.services.grapevine.settings.server_discovery.client.base_url "--issuer" "https://${domain}" "--authorizeEndpoint" "https://federated.nexus/login" "--serviceDomain" "federated.nexus"]; + group = "caddy"; + }; + + caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}"; + }; +} diff --git a/clients/quadraticserver/bridges.nix b/clients/quadraticserver/bridges.nix index 2e379ba..bcac322 100644 --- a/clients/quadraticserver/bridges.nix +++ b/clients/quadraticserver/bridges.nix @@ -29,13 +29,12 @@ }; }; }; - - domain = "ooye.federated.nexus"; - runtimeDir = "matrix-ooye"; in { imports = [inputs.nix-matrix-appservices.nixosModule inputs.ooye.modules.default]; - services = rec { + services = let + domain = "ooye.federated.nexus"; + in { matrix-appservices.services = builtins.mapAttrs (name: value: value // { @@ -50,24 +49,16 @@ in { }; }; - matrix-ooye = { - enable = true; - homeserver = config.services.grapevine.settings.server_discovery.client.base_url; - homeserverName = "federated.nexus"; - discordTokenPath = config.age.secrets."discordToken.age".path; - discordClientSecretPath = config.age.secrets."discordClientSecret.age".path; - socket = "/run/matrix-ooye/socket"; - bridgeOrigin = "https://${domain}"; - }; + # matrix-ooye = { + # enable = true; + # homeserver = config.services.grapevine.settings.server_discovery.client.base_url; + # homeserverName = "federated.nexus"; + # discordTokenPath = config.age.secrets."discordToken.age".path; + # discordClientSecretPath = config.age.secrets."discordClientSecret.age".path; - caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${matrix-ooye.socket}"; - }; + # bridgeOrigin = "https://${domain}"; + # }; - systemd.services = { - matrix-ooye.serviceConfig = { - RuntimeDirectory = runtimeDir; - UMask = "0007"; - Group = "caddy"; - }; + # caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${matrix-ooye.socket}"; }; } diff --git a/clients/quadraticserver/searxng.nix b/clients/quadraticserver/searxng.nix new file mode 100644 index 0000000..74798b7 --- /dev/null +++ b/clients/quadraticserver/searxng.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: { + services = with config.services.searx.settings.server; { + searx = { + enable = true; + environmentFile = config.age.secrets."searxngSecret.age".path; + + settings = { + general = { + instance_name = "Federated Nexus Search"; + contact_url = "mailto:henry@henryhiles.com"; + debug = true; + }; + search = { + autocomplete = "duckduckgo"; + favicon_resolver = "duckduckgo"; + }; + + server = { + base_url = "search.federated.nexus"; + + port = 80; + bind_address = "127.0.0.4"; + }; + + engines = lib.mapAttrsToList (name: value: {inherit name;} // value) { + "wikidata".disabled = true; + }; + }; + }; + caddy.virtualHosts."${base_url}".extraConfig = "reverse_proxy ${bind_address}"; + }; +} diff --git a/flake.lock b/flake.lock index c148e9e..ecff3ab 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -368,6 +368,24 @@ } }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -564,11 +582,11 @@ ] }, "locked": { - "lastModified": 1749243446, - "narHash": "sha256-P1gumhZN5N9q+39ndePHYrtwOwY1cGx+VoXGl+vTm7A=", + "lastModified": 1750304462, + "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=", "owner": "nix-community", "repo": "home-manager", - "rev": "2d7d65f65b61fdfce23278e59ca266ddd0ef0a36", + "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c", "type": "github" }, "original": { @@ -598,6 +616,27 @@ "type": "github" } }, + "matrixoidc": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750442843, + "narHash": "sha256-pRVFQ3KccBzO7EdG1K8uOQL37oqN0NZ3dDnsxc35gGo=", + "ref": "refs/heads/main", + "rev": "f076bd496fa2a9f902fd2007342a0b2a1566b90a", + "revCount": 15, + "type": "git", + "url": "https://git.federated.nexus/Henry-Hiles/matrixoidc" + }, + "original": { + "type": "git", + "url": "https://git.federated.nexus/Henry-Hiles/matrixoidc" + } + }, "nh": { "inputs": { "nixpkgs": [ @@ -605,11 +644,11 @@ ] }, "locked": { - "lastModified": 1749068096, - "narHash": "sha256-AC47bSPkt+R2mY5M1LvWHDr6+wtT//ddwCFj95iuF4g=", + "lastModified": 1750263362, + "narHash": "sha256-n5XvEaSanFe9g1AF6l2o+6OE8THpErU44pu6tt0c9PE=", "owner": "nix-community", "repo": "nh", - "rev": "89e79abedb6683d0fb2618f1016247e6d2b8f6bb", + "rev": "4b39f8496d5bc4f86d0f256ca4b2d7dbcbd9fc00", "type": "github" }, "original": { @@ -710,6 +749,21 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1748740939, + "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1724316499, @@ -728,11 +782,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1749143949, - "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=", + "lastModified": 1750365781, + "narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d", + "rev": "08f22084e6085d19bcfb4be30d1ca76ecb96fe54", "type": "github" }, "original": { @@ -775,11 +829,11 @@ ] }, "locked": { - "lastModified": 1737779835, - "narHash": "sha256-iZ/kQ/XFqIx053AuSHhCwu3HA8627ognYiJl/LRNpD0=", + "lastModified": 1749767813, + "narHash": "sha256-1vMSz6xcGc90rDo5BVdB/e6hbP+RrovyGNXhaUWrVKU=", "ref": "refs/heads/master", - "rev": "11cc65efa2909bdc7e3e978bf1f56f6d141bf82a", - "revCount": 11, + "rev": "fe1e8f28844350efdce4b15342e69c82b1e3369a", + "revCount": 12, "type": "git", "url": "https://cgit.rory.gay/nix/OOYE-module.git" }, @@ -796,11 +850,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1749258464, - "narHash": "sha256-WRaIY1PS/kT8Rq+PJi2UETD/l2El/RCTHvBvy9uPBV4=", + "lastModified": 1750413286, + "narHash": "sha256-g2ORiqHTWOS8W7xEBRDrqbo/uXEs/ZN85kG0pCSbk/o=", "owner": "wamserma", "repo": "flake-programs-sqlite", - "rev": "42ad7e97923f587ec8f7924ebe92d1a984ad1737", + "rev": "afd1949edb9a0f2433c3d05a4401b95add9620aa", "type": "github" }, "original": { @@ -833,6 +887,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "grapevine": "grapevine", "home-manager": "home-manager_2", + "matrixoidc": "matrixoidc", "nh": "nh", "nix-matrix-appservices": "nix-matrix-appservices", "nixpkgs": "nixpkgs_2", @@ -867,7 +922,7 @@ "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme_2", "flake-compat": "flake-compat_5", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", @@ -883,11 +938,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1749236315, - "narHash": "sha256-Ndtdvwz8D4WOYHl5mj9d5F5iC8WPH6uPNF7RcU3QzmE=", + "lastModified": 1750369088, + "narHash": "sha256-njtrVYrl+4I3ikgAoKLyQ+5MZ1BKwazAiEpLq2efwrE=", "owner": "danth", "repo": "stylix", - "rev": "29d006198ee05143cca8b4b89f37025823da1bcc", + "rev": "8c1421ae02475a874f2a09cc4a7ad6de63fbc9e8", "type": "github" }, "original": { @@ -1075,17 +1130,12 @@ } }, "wrapper-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, "locked": { - "lastModified": 1747562021, - "narHash": "sha256-XfF+5zjoWbAcAiGNb++og6yDGJRwWYpADr9P6WuieQA=", + "lastModified": 1750422615, + "narHash": "sha256-+HCOFcrVM+cvvivuQxW9vMOon3T8b1sGtlPze5vLGCI=", "owner": "viperML", "repo": "wrapper-manager", - "rev": "f2b0bec5140403cf24cae96f6764d97b5d59b0e2", + "rev": "754ed625186e67f588d6dd664afbbfda8128a7e3", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 90cbb02..ae5c8cd 100755 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,11 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + wrapper-manager.url = "github:viperML/wrapper-manager"; + firefox-gnome-theme = { + url = "github:rafaelmardojai/firefox-gnome-theme"; + flake = false; + }; grapevine = { url = "gitlab:matrix/grapevine?ref=olivia/openid-api&host=gitlab.computer.surgery"; inputs.nixpkgs.follows = "nixpkgs"; @@ -13,6 +18,10 @@ url = "git+https://cgit.rory.gay/nix/OOYE-module.git"; inputs.nixpkgs.follows = "nixpkgs"; }; + matrixoidc = { + url = "git+https://git.federated.nexus/Henry-Hiles/matrixoidc"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nix-matrix-appservices = { url = "gitlab:coffeetables/nix-matrix-appservices"; inputs.nixpkgs.follows = "nixpkgs"; @@ -29,18 +38,10 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - firefox-gnome-theme = { - url = "github:rafaelmardojai/firefox-gnome-theme"; - flake = false; - }; programsdb = { url = "github:wamserma/flake-programs-sqlite"; inputs.nixpkgs.follows = "nixpkgs"; }; - wrapper-manager = { - url = "github:viperML/wrapper-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nh = { url = "github:nix-community/nh"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/desktop/desktop.nix b/modules/desktop/desktop.nix index f613753..d13b930 100644 --- a/modules/desktop/desktop.nix +++ b/modules/desktop/desktop.nix @@ -1,10 +1,8 @@ { environment.sessionVariables.NIXOS_OZONE_WL = "1"; - services.xserver = { - enable = true; - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - xkb.layout = "us"; + services.displayManager = { + gdm.enable = true; + gnome.enable = true; }; } diff --git a/secrets/oidcJwtSecret.age b/secrets/oidcJwtSecret.age new file mode 100644 index 0000000..343bf19 --- /dev/null +++ b/secrets/oidcJwtSecret.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBOUTRE +WFRYRXFXQ2h4U0xoVmt1MXF5WVhNcHJLTDZyOHdKUEVncWRwN0ZVCkhBUVp2TFlG +OTBocE1xM0ZhblhCaUhFVTdpSUwrcmlmWmRiR3llbDE5SWMKLT4gPUgtZ3JlYXNl +IEkvR3AgQHlCQDJgWSA3ZjtnKUhJCjdmalZjNWpvendTNWdqYTh6TU5QOS9IT3g5 +QWFuN0pGQWVqMUlLSTRhdlRaWjY5bEg0SnNqSDdpazc2U1BBMzUKK1g0bFJIZWhI +aWI5QlRScGFHOEhZRHpaV291ajg3YWpzUFh3djFZVHc0RQotLS0gUWJYQW1VaEFV +Y3grQ3kzSUY0SWk2UWo1WUM5M2tUV2lhQTY5T1hIQUxqRQqmwjz0Y6d7mAuEWPO3 +UGfQsIaGnQ2JAHuwtR3J8LtFmI9hyNdU4lpfs611QMX+7Calx707XEG5xrKWtT6F +tQRWIvAGu2FVzxow8deDAlWVs8lNnr8url4N4Ii5XMkLFyW0BTgZ5t8cSy6tKvW6 +SN8o +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/searxngSecret.age b/secrets/searxngSecret.age new file mode 100644 index 0000000..8053e0d --- /dev/null +++ b/secrets/searxngSecret.age @@ -0,0 +1,9 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBxZjYy +dkxESEMxdUswVDNXZFZ2b1RubTIraFJ6bU9oUXFPNmoxVG41SkRjCkR1cHZBcS9B +OUdyZXNmS3hHcVBQb0tPMHM4K1lOZXY1SEgwdGNPZHA0ckkKLT4gfTxQVS0tZ3Jl +YXNlIGotIHBJfGoydApIbERyaXdVZ0xYc3ZCaXE2d3VYWlFoSkF2TmZDR0VuOHpK +dU5QaFUvclRvMU9BCi0tLSBNV2tTRm1Yb1BMUE1qd1o3ZXRoblpEMFVKd1dCeHJC +bGVYZFMrblQ1TC9RCkgi4Jlqkr7NYUx5CBZSFbcWUxNqrx59p5zFpshzNFwJic3B +syvn9t+u22kDcP8QcsfAHrY9WbwOCR4iDJ1z +-----END AGE ENCRYPTED FILE----- diff --git a/wrappers/default.nix b/wrappers/default.nix index 22a7108..0f0b89f 100644 --- a/wrappers/default.nix +++ b/wrappers/default.nix @@ -5,11 +5,12 @@ isDesktop, ... }: { - environment.systemPackages = with dirUtils; [ - (inputs.wrapper-manager.lib.build { + environment.systemPackages = [ + (inputs.wrapper-manager.lib { inherit pkgs; specialArgs = {inherit inputs;}; - modules = dirFiles ".nix" ./common ++ opt isDesktop (dirFiles ".nix" ./common-desktop); + modules = with dirUtils; dirFiles ".nix" ./common ++ opt isDesktop (dirFiles ".nix" ./common-desktop); }) + .config.build.toplevel ]; }