Auth API

2025-06-20 14:14:44 -04:00 · 2025-06-20 14:14:44 -04:00 · a1878bc2e4
commit a1878bc2e4
parent 71b13f2084
9 changed files with 187 additions and 68 deletions
--- a/clients/quadraticserver/auth.nix
+++ b/clients/quadraticserver/auth.nix
@ -0,0 +1,21 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  imports = [inputs.matrixoidc.nixosModules.default];
+
+  services = let
+    socket = "/var/run/matrixoidc/socket";
+    domain = "auth.federated.nexus";
+  in {
+    matrixoidc = {
+      enable = true;
+      jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path;
+      args = ["--socket" socket "--homeserver" config.services.grapevine.settings.server_discovery.client.base_url "--issuer" "https://${domain}" "--authorizeEndpoint" "https://federated.nexus/login" "--serviceDomain" "federated.nexus"];
+      group = "caddy";
+    };
+
+    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
+  };
+}
--- a/clients/quadraticserver/bridges.nix
+++ b/clients/quadraticserver/bridges.nix
@ -29,13 +29,12 @@
      };
    };
  };
-
-  domain = "ooye.federated.nexus";
-  runtimeDir = "matrix-ooye";
 in {
  imports = [inputs.nix-matrix-appservices.nixosModule inputs.ooye.modules.default];

-  services = rec {
+  services = let
+    domain = "ooye.federated.nexus";
+  in {
    matrix-appservices.services = builtins.mapAttrs (name: value:
      value
      // {
@ -50,24 +49,16 @@ in {
      };
    };

-    matrix-ooye = {
-      enable = true;
-      homeserver = config.services.grapevine.settings.server_discovery.client.base_url;
-      homeserverName = "federated.nexus";
-      discordTokenPath = config.age.secrets."discordToken.age".path;
-      discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
-      socket = "/run/matrix-ooye/socket";
-      bridgeOrigin = "https://${domain}";
-    };
+    # matrix-ooye = {
+    #   enable = true;
+    #   homeserver = config.services.grapevine.settings.server_discovery.client.base_url;
+    #   homeserverName = "federated.nexus";
+    #   discordTokenPath = config.age.secrets."discordToken.age".path;
+    #   discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;

-    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${matrix-ooye.socket}";
-  };
+    #   bridgeOrigin = "https://${domain}";
+    # };

-  systemd.services = {
-    matrix-ooye.serviceConfig = {
-      RuntimeDirectory = runtimeDir;
-      UMask = "0007";
-      Group = "caddy";
-    };
+    # caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${matrix-ooye.socket}";
  };
 }
--- a/clients/quadraticserver/searxng.nix
+++ b/clients/quadraticserver/searxng.nix
@ -0,0 +1,36 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  services = with config.services.searx.settings.server; {
+    searx = {
+      enable = true;
+      environmentFile = config.age.secrets."searxngSecret.age".path;
+
+      settings = {
+        general = {
+          instance_name = "Federated Nexus Search";
+          contact_url = "mailto:henry@henryhiles.com";
+          debug = true;
+        };
+        search = {
+          autocomplete = "duckduckgo";
+          favicon_resolver = "duckduckgo";
+        };
+
+        server = {
+          base_url = "search.federated.nexus";
+
+          port = 80;
+          bind_address = "127.0.0.4";
+        };
+
+        engines = lib.mapAttrsToList (name: value: {inherit name;} // value) {
+          "wikidata".disabled = true;
+        };
+      };
+    };
+    caddy.virtualHosts."${base_url}".extraConfig = "reverse_proxy ${bind_address}";
+  };
+}