Henry-Hiles/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Auth API

Browse source
This commit is contained in:
Henry Hiles 2025-06-20 14:14:44 -04:00
parent 71b13f2084
commit a1878bc2e4
No known key found for this signature in database
9 changed files with 187 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

21
clients/quadraticserver/auth.nix Normal file
View file

@ -0,0 +1,21 @@
{
inputs,
config,
...
}: {
imports = [inputs.matrixoidc.nixosModules.default];
services = let
socket = "/var/run/matrixoidc/socket";
domain = "auth.federated.nexus";
in {
matrixoidc = {
enable = true;
jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path;
args = ["--socket" socket "--homeserver" config.services.grapevine.settings.server_discovery.client.base_url "--issuer" "https://${domain}" "--authorizeEndpoint" "https://federated.nexus/login" "--serviceDomain" "federated.nexus"];
group = "caddy";
};
caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
};
}

33
clients/quadraticserver/bridges.nix
View file

@ -29,13 +29,12 @@
};
};
};
domain = "ooye.federated.nexus";
runtimeDir = "matrix-ooye";
in {
imports = [inputs.nix-matrix-appservices.nixosModule inputs.ooye.modules.default];
services = rec {
services = let
domain = "ooye.federated.nexus";
in {
matrix-appservices.services = builtins.mapAttrs (name: value:
value
// {
@ -50,24 +49,16 @@ in {
};
};
matrix-ooye = {
enable = true;
homeserver = config.services.grapevine.settings.server_discovery.client.base_url;
homeserverName = "federated.nexus";
discordTokenPath = config.age.secrets."discordToken.age".path;
discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
socket = "/run/matrix-ooye/socket";
bridgeOrigin = "https://${domain}";
};
# matrix-ooye = {
# enable = true;
# homeserver = config.services.grapevine.settings.server_discovery.client.base_url;
# homeserverName = "federated.nexus";
# discordTokenPath = config.age.secrets."discordToken.age".path;
# discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${matrix-ooye.socket}";
};
# bridgeOrigin = "https://${domain}";
# };
systemd.services = {
matrix-ooye.serviceConfig = {
RuntimeDirectory = runtimeDir;
UMask = "0007";
Group = "caddy";
};
# caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${matrix-ooye.socket}";
};
}

36
clients/quadraticserver/searxng.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
lib,
...
}: {
services = with config.services.searx.settings.server; {
searx = {
enable = true;
environmentFile = config.age.secrets."searxngSecret.age".path;
settings = {
general = {
instance_name = "Federated Nexus Search";
contact_url = "mailto:henry@henryhiles.com";
debug = true;
};
search = {
autocomplete = "duckduckgo";
favicon_resolver = "duckduckgo";
};
server = {
base_url = "search.federated.nexus";
port = 80;
bind_address = "127.0.0.4";
};
engines = lib.mapAttrsToList (name: value: {inherit name;} // value) {
"wikidata".disabled = true;
};
};
};
caddy.virtualHosts."${base_url}".extraConfig = "reverse_proxy ${bind_address}";
};
}

112
flake.lock generated
View file

@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1747575206,
"narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "4835b1dc898959d8547a871ef484930675cb47f1",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
@ -368,6 +368,24 @@
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"stylix",
@ -564,11 +582,11 @@
]
},
"locked": {
"lastModified": 1749243446,
"narHash": "sha256-P1gumhZN5N9q+39ndePHYrtwOwY1cGx+VoXGl+vTm7A=",
"lastModified": 1750304462,
"narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2d7d65f65b61fdfce23278e59ca266ddd0ef0a36",
"rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c",
"type": "github"
},
"original": {
@ -598,6 +616,27 @@
"type": "github"
}
},
"matrixoidc": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1750442843,
"narHash": "sha256-pRVFQ3KccBzO7EdG1K8uOQL37oqN0NZ3dDnsxc35gGo=",
"ref": "refs/heads/main",
"rev": "f076bd496fa2a9f902fd2007342a0b2a1566b90a",
"revCount": 15,
"type": "git",
"url": "https://git.federated.nexus/Henry-Hiles/matrixoidc"
},
"original": {
"type": "git",
"url": "https://git.federated.nexus/Henry-Hiles/matrixoidc"
}
},
"nh": {
"inputs": {
"nixpkgs": [
@ -605,11 +644,11 @@
]
},
"locked": {
"lastModified": 1749068096,
"narHash": "sha256-AC47bSPkt+R2mY5M1LvWHDr6+wtT//ddwCFj95iuF4g=",
"lastModified": 1750263362,
"narHash": "sha256-n5XvEaSanFe9g1AF6l2o+6OE8THpErU44pu6tt0c9PE=",
"owner": "nix-community",
"repo": "nh",
"rev": "89e79abedb6683d0fb2618f1016247e6d2b8f6bb",
"rev": "4b39f8496d5bc4f86d0f256ca4b2d7dbcbd9fc00",
"type": "github"
},
"original": {
@ -710,6 +749,21 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1748740939,
"narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "656a64127e9d791a334452c6b6606d17539476e2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1724316499,
@ -728,11 +782,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1749143949,
"narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=",
"lastModified": 1750365781,
"narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d",
"rev": "08f22084e6085d19bcfb4be30d1ca76ecb96fe54",
"type": "github"
},
"original": {
@ -775,11 +829,11 @@
]
},
"locked": {
"lastModified": 1737779835,
"narHash": "sha256-iZ/kQ/XFqIx053AuSHhCwu3HA8627ognYiJl/LRNpD0=",
"lastModified": 1749767813,
"narHash": "sha256-1vMSz6xcGc90rDo5BVdB/e6hbP+RrovyGNXhaUWrVKU=",
"ref": "refs/heads/master",
"rev": "11cc65efa2909bdc7e3e978bf1f56f6d141bf82a",
"revCount": 11,
"rev": "fe1e8f28844350efdce4b15342e69c82b1e3369a",
"revCount": 12,
"type": "git",
"url": "https://cgit.rory.gay/nix/OOYE-module.git"
},
@ -796,11 +850,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1749258464,
"narHash": "sha256-WRaIY1PS/kT8Rq+PJi2UETD/l2El/RCTHvBvy9uPBV4=",
"lastModified": 1750413286,
"narHash": "sha256-g2ORiqHTWOS8W7xEBRDrqbo/uXEs/ZN85kG0pCSbk/o=",
"owner": "wamserma",
"repo": "flake-programs-sqlite",
"rev": "42ad7e97923f587ec8f7924ebe92d1a984ad1737",
"rev": "afd1949edb9a0f2433c3d05a4401b95add9620aa",
"type": "github"
},
"original": {
@ -833,6 +887,7 @@
"firefox-gnome-theme": "firefox-gnome-theme",
"grapevine": "grapevine",
"home-manager": "home-manager_2",
"matrixoidc": "matrixoidc",
"nh": "nh",
"nix-matrix-appservices": "nix-matrix-appservices",
"nixpkgs": "nixpkgs_2",
@ -867,7 +922,7 @@
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme_2",
"flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_2",
"flake-parts": "flake-parts_3",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_3",
@ -883,11 +938,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1749236315,
"narHash": "sha256-Ndtdvwz8D4WOYHl5mj9d5F5iC8WPH6uPNF7RcU3QzmE=",
"lastModified": 1750369088,
"narHash": "sha256-njtrVYrl+4I3ikgAoKLyQ+5MZ1BKwazAiEpLq2efwrE=",
"owner": "danth",
"repo": "stylix",
"rev": "29d006198ee05143cca8b4b89f37025823da1bcc",
"rev": "8c1421ae02475a874f2a09cc4a7ad6de63fbc9e8",
"type": "github"
},
"original": {
@ -1075,17 +1130,12 @@
}
},
"wrapper-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1747562021,
"narHash": "sha256-XfF+5zjoWbAcAiGNb++og6yDGJRwWYpADr9P6WuieQA=",
"lastModified": 1750422615,
"narHash": "sha256-+HCOFcrVM+cvvivuQxW9vMOon3T8b1sGtlPze5vLGCI=",
"owner": "viperML",
"repo": "wrapper-manager",
"rev": "f2b0bec5140403cf24cae96f6764d97b5d59b0e2",
"rev": "754ed625186e67f588d6dd664afbbfda8128a7e3",
"type": "github"
},
"original": {

17
flake.nix
View file

@ -1,6 +1,11 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
wrapper-manager.url = "github:viperML/wrapper-manager";
firefox-gnome-theme = {
url = "github:rafaelmardojai/firefox-gnome-theme";
flake = false;
};
grapevine = {
url = "gitlab:matrix/grapevine?ref=olivia/openid-api&host=gitlab.computer.surgery";
inputs.nixpkgs.follows = "nixpkgs";
@ -13,6 +18,10 @@
url = "git+https://cgit.rory.gay/nix/OOYE-module.git";
inputs.nixpkgs.follows = "nixpkgs";
};
matrixoidc = {
url = "git+https://git.federated.nexus/Henry-Hiles/matrixoidc";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-matrix-appservices = {
url = "gitlab:coffeetables/nix-matrix-appservices";
inputs.nixpkgs.follows = "nixpkgs";
@ -29,18 +38,10 @@
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
firefox-gnome-theme = {
url = "github:rafaelmardojai/firefox-gnome-theme";
flake = false;
};
programsdb = {
url = "github:wamserma/flake-programs-sqlite";
inputs.nixpkgs.follows = "nixpkgs";
};
wrapper-manager = {
url = "github:viperML/wrapper-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nh = {
url = "github:nix-community/nh";
inputs.nixpkgs.follows = "nixpkgs";

8
modules/desktop/desktop.nix
View file

@ -1,10 +1,8 @@
{
environment.sessionVariables.NIXOS_OZONE_WL = "1";
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
xkb.layout = "us";
services.displayManager = {
gdm.enable = true;
gnome.enable = true;
};
}

12
secrets/oidcJwtSecret.age Normal file
View file

@ -0,0 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBOUTRE
WFRYRXFXQ2h4U0xoVmt1MXF5WVhNcHJLTDZyOHdKUEVncWRwN0ZVCkhBUVp2TFlG
OTBocE1xM0ZhblhCaUhFVTdpSUwrcmlmWmRiR3llbDE5SWMKLT4gPUgtZ3JlYXNl
IEkvR3AgQHlCQDJgWSA3ZjtnKUhJCjdmalZjNWpvendTNWdqYTh6TU5QOS9IT3g5
QWFuN0pGQWVqMUlLSTRhdlRaWjY5bEg0SnNqSDdpazc2U1BBMzUKK1g0bFJIZWhI
aWI5QlRScGFHOEhZRHpaV291ajg3YWpzUFh3djFZVHc0RQotLS0gUWJYQW1VaEFV
Y3grQ3kzSUY0SWk2UWo1WUM5M2tUV2lhQTY5T1hIQUxqRQqmwjz0Y6d7mAuEWPO3
UGfQsIaGnQ2JAHuwtR3J8LtFmI9hyNdU4lpfs611QMX+7Calx707XEG5xrKWtT6F
tQRWIvAGu2FVzxow8deDAlWVs8lNnr8url4N4Ii5XMkLFyW0BTgZ5t8cSy6tKvW6
SN8o
-----END AGE ENCRYPTED FILE-----

9
secrets/searxngSecret.age Normal file
View file

@ -0,0 +1,9 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBxZjYy
dkxESEMxdUswVDNXZFZ2b1RubTIraFJ6bU9oUXFPNmoxVG41SkRjCkR1cHZBcS9B
OUdyZXNmS3hHcVBQb0tPMHM4K1lOZXY1SEgwdGNPZHA0ckkKLT4gfTxQVS0tZ3Jl
YXNlIGotIHBJfGoydApIbERyaXdVZ0xYc3ZCaXE2d3VYWlFoSkF2TmZDR0VuOHpK
dU5QaFUvclRvMU9BCi0tLSBNV2tTRm1Yb1BMUE1qd1o3ZXRoblpEMFVKd1dCeHJC
bGVYZFMrblQ1TC9RCkgi4Jlqkr7NYUx5CBZSFbcWUxNqrx59p5zFpshzNFwJic3B
syvn9t+u22kDcP8QcsfAHrY9WbwOCR4iDJ1z
-----END AGE ENCRYPTED FILE-----

7
wrappers/default.nix
View file

@ -5,11 +5,12 @@
isDesktop,
...
}: {
environment.systemPackages = with dirUtils; [
(inputs.wrapper-manager.lib.build {
environment.systemPackages = [
(inputs.wrapper-manager.lib {
inherit pkgs;
specialArgs = {inherit inputs;};
modules = dirFiles ".nix" ./common ++ opt isDesktop (dirFiles ".nix" ./common-desktop);
modules = with dirUtils; dirFiles ".nix" ./common ++ opt isDesktop (dirFiles ".nix" ./common-desktop);
})
.config.build.toplevel
];
}