Auth API

clients/quadraticserver/auth.nix

@@ -0,0 +1,21 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  imports = [inputs.matrixoidc.nixosModules.default];
+
+  services = let
+    socket = "/var/run/matrixoidc/socket";
+    domain = "auth.federated.nexus";
+  in {
+    matrixoidc = {
+      enable = true;
+      jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path;
+      args = ["--socket" socket "--homeserver" config.services.grapevine.settings.server_discovery.client.base_url "--issuer" "https://${domain}" "--authorizeEndpoint" "https://federated.nexus/login" "--serviceDomain" "federated.nexus"];
+      group = "caddy";
+    };
+
+    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
+  };
+}

clients/quadraticserver/bridges.nix

@@ -29,13 +29,12 @@
       };
     };
   };
-
-  domain = "ooye.federated.nexus";
-  runtimeDir = "matrix-ooye";
 in {
   imports = [inputs.nix-matrix-appservices.nixosModule inputs.ooye.modules.default];
 
-  services = rec {
+  services = let
+    domain = "ooye.federated.nexus";
+  in {
     matrix-appservices.services = builtins.mapAttrs (name: value:
       value
       // {
@@ -50,24 +49,16 @@ in {
       };
     };
 
-    matrix-ooye = {
+    # matrix-ooye = {
-      enable = true;
+    #   enable = true;
-      homeserver = config.services.grapevine.settings.server_discovery.client.base_url;
+    #   homeserver = config.services.grapevine.settings.server_discovery.client.base_url;
-      homeserverName = "federated.nexus";
+    #   homeserverName = "federated.nexus";
-      discordTokenPath = config.age.secrets."discordToken.age".path;
+    #   discordTokenPath = config.age.secrets."discordToken.age".path;
-      discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
+    #   discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
-      socket = "/run/matrix-ooye/socket";
-      bridgeOrigin = "https://${domain}";
-    };
 
-    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${matrix-ooye.socket}";
+    #   bridgeOrigin = "https://${domain}";
-  };
+    # };
 
-  systemd.services = {
+    # caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${matrix-ooye.socket}";
-    matrix-ooye.serviceConfig = {
-      RuntimeDirectory = runtimeDir;
-      UMask = "0007";
-      Group = "caddy";
-    };
   };
 }

clients/quadraticserver/searxng.nix

@@ -0,0 +1,36 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  services = with config.services.searx.settings.server; {
+    searx = {
+      enable = true;
+      environmentFile = config.age.secrets."searxngSecret.age".path;
+
+      settings = {
+        general = {
+          instance_name = "Federated Nexus Search";
+          contact_url = "mailto:henry@henryhiles.com";
+          debug = true;
+        };
+        search = {
+          autocomplete = "duckduckgo";
+          favicon_resolver = "duckduckgo";
+        };
+
+        server = {
+          base_url = "search.federated.nexus";
+
+          port = 80;
+          bind_address = "127.0.0.4";
+        };
+
+        engines = lib.mapAttrsToList (name: value: {inherit name;} // value) {
+          "wikidata".disabled = true;
+        };
+      };
+    };
+    caddy.virtualHosts."${base_url}".extraConfig = "reverse_proxy ${bind_address}";
+  };
+}

flake.lock

@@ -10,11 +10,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1747575206,
+        "lastModified": 1750173260,
-        "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
+        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
+        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
         "type": "github"
       },
       "original": {
@@ -368,6 +368,24 @@
       }
     },
     "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1749398372,
+        "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-parts_3": {
       "inputs": {
         "nixpkgs-lib": [
           "stylix",
@@ -564,11 +582,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749243446,
+        "lastModified": 1750304462,
-        "narHash": "sha256-P1gumhZN5N9q+39ndePHYrtwOwY1cGx+VoXGl+vTm7A=",
+        "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2d7d65f65b61fdfce23278e59ca266ddd0ef0a36",
+        "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c",
         "type": "github"
       },
       "original": {
@@ -598,6 +616,27 @@
         "type": "github"
       }
     },
+    "matrixoidc": {
+      "inputs": {
+        "flake-parts": "flake-parts_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1750442843,
+        "narHash": "sha256-pRVFQ3KccBzO7EdG1K8uOQL37oqN0NZ3dDnsxc35gGo=",
+        "ref": "refs/heads/main",
+        "rev": "f076bd496fa2a9f902fd2007342a0b2a1566b90a",
+        "revCount": 15,
+        "type": "git",
+        "url": "https://git.federated.nexus/Henry-Hiles/matrixoidc"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.federated.nexus/Henry-Hiles/matrixoidc"
+      }
+    },
     "nh": {
       "inputs": {
         "nixpkgs": [
@@ -605,11 +644,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749068096,
+        "lastModified": 1750263362,
-        "narHash": "sha256-AC47bSPkt+R2mY5M1LvWHDr6+wtT//ddwCFj95iuF4g=",
+        "narHash": "sha256-n5XvEaSanFe9g1AF6l2o+6OE8THpErU44pu6tt0c9PE=",
         "owner": "nix-community",
         "repo": "nh",
-        "rev": "89e79abedb6683d0fb2618f1016247e6d2b8f6bb",
+        "rev": "4b39f8496d5bc4f86d0f256ca4b2d7dbcbd9fc00",
         "type": "github"
       },
       "original": {
@@ -710,6 +749,21 @@
         "type": "github"
       }
     },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1748740939,
+        "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "656a64127e9d791a334452c6b6606d17539476e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
     "nixpkgs-stable": {
       "locked": {
         "lastModified": 1724316499,
@@ -728,11 +782,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1749143949,
+        "lastModified": 1750365781,
-        "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=",
+        "narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d",
+        "rev": "08f22084e6085d19bcfb4be30d1ca76ecb96fe54",
         "type": "github"
       },
       "original": {
@@ -775,11 +829,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737779835,
+        "lastModified": 1749767813,
-        "narHash": "sha256-iZ/kQ/XFqIx053AuSHhCwu3HA8627ognYiJl/LRNpD0=",
+        "narHash": "sha256-1vMSz6xcGc90rDo5BVdB/e6hbP+RrovyGNXhaUWrVKU=",
         "ref": "refs/heads/master",
-        "rev": "11cc65efa2909bdc7e3e978bf1f56f6d141bf82a",
+        "rev": "fe1e8f28844350efdce4b15342e69c82b1e3369a",
-        "revCount": 11,
+        "revCount": 12,
         "type": "git",
         "url": "https://cgit.rory.gay/nix/OOYE-module.git"
       },
@@ -796,11 +850,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1749258464,
+        "lastModified": 1750413286,
-        "narHash": "sha256-WRaIY1PS/kT8Rq+PJi2UETD/l2El/RCTHvBvy9uPBV4=",
+        "narHash": "sha256-g2ORiqHTWOS8W7xEBRDrqbo/uXEs/ZN85kG0pCSbk/o=",
         "owner": "wamserma",
         "repo": "flake-programs-sqlite",
-        "rev": "42ad7e97923f587ec8f7924ebe92d1a984ad1737",
+        "rev": "afd1949edb9a0f2433c3d05a4401b95add9620aa",
         "type": "github"
       },
       "original": {
@@ -833,6 +887,7 @@
         "firefox-gnome-theme": "firefox-gnome-theme",
         "grapevine": "grapevine",
         "home-manager": "home-manager_2",
+        "matrixoidc": "matrixoidc",
         "nh": "nh",
         "nix-matrix-appservices": "nix-matrix-appservices",
         "nixpkgs": "nixpkgs_2",
@@ -867,7 +922,7 @@
         "base16-vim": "base16-vim",
         "firefox-gnome-theme": "firefox-gnome-theme_2",
         "flake-compat": "flake-compat_5",
-        "flake-parts": "flake-parts_2",
+        "flake-parts": "flake-parts_3",
         "git-hooks": "git-hooks",
         "gnome-shell": "gnome-shell",
         "home-manager": "home-manager_3",
@@ -883,11 +938,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1749236315,
+        "lastModified": 1750369088,
-        "narHash": "sha256-Ndtdvwz8D4WOYHl5mj9d5F5iC8WPH6uPNF7RcU3QzmE=",
+        "narHash": "sha256-njtrVYrl+4I3ikgAoKLyQ+5MZ1BKwazAiEpLq2efwrE=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "29d006198ee05143cca8b4b89f37025823da1bcc",
+        "rev": "8c1421ae02475a874f2a09cc4a7ad6de63fbc9e8",
         "type": "github"
       },
       "original": {
@@ -1075,17 +1130,12 @@
       }
     },
     "wrapper-manager": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
       "locked": {
-        "lastModified": 1747562021,
+        "lastModified": 1750422615,
-        "narHash": "sha256-XfF+5zjoWbAcAiGNb++og6yDGJRwWYpADr9P6WuieQA=",
+        "narHash": "sha256-+HCOFcrVM+cvvivuQxW9vMOon3T8b1sGtlPze5vLGCI=",
         "owner": "viperML",
         "repo": "wrapper-manager",
-        "rev": "f2b0bec5140403cf24cae96f6764d97b5d59b0e2",
+        "rev": "754ed625186e67f588d6dd664afbbfda8128a7e3",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,6 +1,11 @@
 {
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+    wrapper-manager.url = "github:viperML/wrapper-manager";
+    firefox-gnome-theme = {
+      url = "github:rafaelmardojai/firefox-gnome-theme";
+      flake = false;
+    };
     grapevine = {
       url = "gitlab:matrix/grapevine?ref=olivia/openid-api&host=gitlab.computer.surgery";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -13,6 +18,10 @@
       url = "git+https://cgit.rory.gay/nix/OOYE-module.git";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    matrixoidc = {
+      url = "git+https://git.federated.nexus/Henry-Hiles/matrixoidc";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     nix-matrix-appservices = {
       url = "gitlab:coffeetables/nix-matrix-appservices";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -29,18 +38,10 @@
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    firefox-gnome-theme = {
-      url = "github:rafaelmardojai/firefox-gnome-theme";
-      flake = false;
-    };
     programsdb = {
       url = "github:wamserma/flake-programs-sqlite";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    wrapper-manager = {
-      url = "github:viperML/wrapper-manager";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
     nh = {
       url = "github:nix-community/nh";
       inputs.nixpkgs.follows = "nixpkgs";

modules/desktop/desktop.nix

@@ -1,10 +1,8 @@
 {
   environment.sessionVariables.NIXOS_OZONE_WL = "1";
 
-  services.xserver = {
+  services.displayManager = {
-    enable = true;
+    gdm.enable = true;
-    displayManager.gdm.enable = true;
+    gnome.enable = true;
-    desktopManager.gnome.enable = true;
-    xkb.layout = "us";
   };
 }

secrets/oidcJwtSecret.age

@@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBOUTRE
+WFRYRXFXQ2h4U0xoVmt1MXF5WVhNcHJLTDZyOHdKUEVncWRwN0ZVCkhBUVp2TFlG
+OTBocE1xM0ZhblhCaUhFVTdpSUwrcmlmWmRiR3llbDE5SWMKLT4gPUgtZ3JlYXNl
+IEkvR3AgQHlCQDJgWSA3ZjtnKUhJCjdmalZjNWpvendTNWdqYTh6TU5QOS9IT3g5
+QWFuN0pGQWVqMUlLSTRhdlRaWjY5bEg0SnNqSDdpazc2U1BBMzUKK1g0bFJIZWhI
+aWI5QlRScGFHOEhZRHpaV291ajg3YWpzUFh3djFZVHc0RQotLS0gUWJYQW1VaEFV
+Y3grQ3kzSUY0SWk2UWo1WUM5M2tUV2lhQTY5T1hIQUxqRQqmwjz0Y6d7mAuEWPO3
+UGfQsIaGnQ2JAHuwtR3J8LtFmI9hyNdU4lpfs611QMX+7Calx707XEG5xrKWtT6F
+tQRWIvAGu2FVzxow8deDAlWVs8lNnr8url4N4Ii5XMkLFyW0BTgZ5t8cSy6tKvW6
+SN8o
+-----END AGE ENCRYPTED FILE-----

secrets/searxngSecret.age

@@ -0,0 +1,9 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBxZjYy
+dkxESEMxdUswVDNXZFZ2b1RubTIraFJ6bU9oUXFPNmoxVG41SkRjCkR1cHZBcS9B
+OUdyZXNmS3hHcVBQb0tPMHM4K1lOZXY1SEgwdGNPZHA0ckkKLT4gfTxQVS0tZ3Jl
+YXNlIGotIHBJfGoydApIbERyaXdVZ0xYc3ZCaXE2d3VYWlFoSkF2TmZDR0VuOHpK
+dU5QaFUvclRvMU9BCi0tLSBNV2tTRm1Yb1BMUE1qd1o3ZXRoblpEMFVKd1dCeHJC
+bGVYZFMrblQ1TC9RCkgi4Jlqkr7NYUx5CBZSFbcWUxNqrx59p5zFpshzNFwJic3B
+syvn9t+u22kDcP8QcsfAHrY9WbwOCR4iDJ1z
+-----END AGE ENCRYPTED FILE-----

wrappers/default.nix

@@ -5,11 +5,12 @@
   isDesktop,
   ...
 }: {
-  environment.systemPackages = with dirUtils; [
+  environment.systemPackages = [
-    (inputs.wrapper-manager.lib.build {
+    (inputs.wrapper-manager.lib {
       inherit pkgs;
       specialArgs = {inherit inputs;};
-      modules = dirFiles ".nix" ./common ++ opt isDesktop (dirFiles ".nix" ./common-desktop);
+      modules = with dirUtils; dirFiles ".nix" ./common ++ opt isDesktop (dirFiles ".nix" ./common-desktop);
     })
+    .config.build.toplevel
   ];
 }