diff --git a/clients/quadraticserver/bridges.nix b/clients/quadraticserver/bridges.nix index b344fb3..fa9feb4 100644 --- a/clients/quadraticserver/bridges.nix +++ b/clients/quadraticserver/bridges.nix @@ -51,7 +51,7 @@ in { gmessages = { host = "127.0.0.5"; serviceConfig.EnvironmentFile = config.age.secrets."gmessages.age".path; - package = inputs.nixpkgs-goolm.legacyPackages.${pkgs.system}.mautrix-gmessages; + package = pkgs.mautrix-gmessages; }; }; diff --git a/clients/quadraticserver/docs.nix b/clients/quadraticserver/docs.nix index c11efb1..ba03880 100644 --- a/clients/quadraticserver/docs.nix +++ b/clients/quadraticserver/docs.nix @@ -19,11 +19,13 @@ in { inherit s3Url domain; settings = { - OIDC_CREATE_USER = true; OIDC_OP_AUTHORIZATION_ENDPOINT = "https://federated.nexus/login"; OIDC_OP_TOKEN_ENDPOINT = "http://${authDomain}/token"; OIDC_OP_USER_ENDPOINT = "http://${authDomain}/userinfo"; OIDC_RP_SIGN_ALGO = "HS256"; + + LOGIN_REDIRECT_URL = "http://${domain}"; + OIDC_USERINFO_FULLNAME_FIELDS = ''["name"]''; OIDC_USERINFO_SHORTNAME_FIELD = "name"; @@ -68,12 +70,7 @@ in { reverse_proxy /admin/* unix/${socket} - reverse_proxy /collaboration/ws/* http://localhost:${toString cfg.collaborationServer.port} { - transport http { - versions h2c 1.1 - } - } - + reverse_proxy /collaboration/ws/* http://localhost:${toString cfg.collaborationServer.port} reverse_proxy /collaboration/api/* http://localhost:${toString cfg.collaborationServer.port} rewrite /media-auth /api/v1.0/documents/media-auth/ diff --git a/clients/quadraticserver/searxng.nix b/clients/quadraticserver/searxng.nix index f05d94b..7118ee1 100644 --- a/clients/quadraticserver/searxng.nix +++ b/clients/quadraticserver/searxng.nix @@ -106,7 +106,7 @@ }; caddy = { - environmentFile = config.age.secrets."oidcJwtSecretEnv.age".path; + environmentFile = config.age.secrets."base64JwtSecret.age".path; virtualHosts."${domain}".extraConfig = let auth = "https://auth.federated.nexus"; in '' diff --git a/flake.lock b/flake.lock index e135a6d..346c862 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ ] }, "locked": { - "lastModified": 1753373145, - "narHash": "sha256-UhuUj46dobD/POOdVNxKvAvP3luI2T0MZPm2IXl266Y=", + "lastModified": 1753470191, + "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", "owner": "nix-community", "repo": "home-manager", - "rev": "64796151f79e6f3834bfc55f07c5487708bb5b3f", + "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", "type": "github" }, "original": { @@ -1427,11 +1427,11 @@ ] }, "locked": { - "lastModified": 1753208113, - "narHash": "sha256-HDCv8NV382o8Tiv+bCtLfIXRSaiVuSm4jl8bMNbQDTA=", + "lastModified": 1753487470, + "narHash": "sha256-cUmvWt+y31DtRY6Mi9UQybZhaP/ooh4jqdMLzcN35Hg=", "ref": "refs/heads/main", - "rev": "43f59851b80740a1dc5509eb0790ac665ba1d54a", - "revCount": 38, + "rev": "957a6c6c97df642866c039ef586d1c52293ad552", + "revCount": 41, "type": "git", "url": "https://git.federated.nexus/Henry-Hiles/matrixoidc" }, @@ -2132,22 +2132,6 @@ "type": "github" } }, - "nixpkgs-goolm": { - "locked": { - "lastModified": 1752617119, - "narHash": "sha256-MhkyyznD3+aSpttLMttWICMWKCtZPUN1eZD95yNOISE=", - "owner": "Henry-Hiles", - "repo": "nixpkgs", - "rev": "b99b5e51b67239b147b697bec0626d67cc98092a", - "type": "github" - }, - "original": { - "owner": "Henry-Hiles", - "ref": "mautrix-gmessages-goolm", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-latest": { "locked": { "lastModified": 1752336159, @@ -2521,11 +2505,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1753373813, - "narHash": "sha256-HiPFNgtvBotd3qM0ihi12uxs3PLTiLaF3ArHY36eja8=", + "lastModified": 1753433875, + "narHash": "sha256-kwrggwH9zeiLVonO9aA2Wngl/ZAL/1VbJxbBKgyfbXo=", "owner": "wamserma", "repo": "flake-programs-sqlite", - "rev": "523515549c510943583a6610f5f8f7718348975f", + "rev": "79677d017c844fec0511558ee4f96291c85a946e", "type": "github" }, "original": { @@ -2564,7 +2548,6 @@ "matrixoidc": "matrixoidc", "nix-matrix-appservices": "nix-matrix-appservices", "nixpkgs": "nixpkgs_2", - "nixpkgs-goolm": "nixpkgs-goolm", "ooye": "ooye", "programsdb": "programsdb", "run0-sudo-shim": "run0-sudo-shim", @@ -2798,11 +2781,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1753372006, - "narHash": "sha256-eyIYqerHPYHl2Eq802wJSOwMwZ3tdvJ4D+vckDe2mD8=", + "lastModified": 1753490930, + "narHash": "sha256-noQ6sJ1twQvvGH34d13iM0uh95Syx+kb3nw45wTalIM=", "owner": "danth", "repo": "stylix", - "rev": "ceda12a6da2181e424d8ed7e68ed291745f06f49", + "rev": "744431e17676177c18c4c52e8781ba6e91db30d6", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c68f0c1..7981fff 100755 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ inputs = { gnome-mobile.url = "github:chuangzhu/nixpkgs-gnome-mobile"; nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; - nixpkgs-goolm.url = "github:Henry-Hiles/nixpkgs?ref=mautrix-gmessages-goolm"; wrapper-manager.url = "github:viperML/wrapper-manager"; flake-parts.url = "github:hercules-ci/flake-parts"; disko = { diff --git a/secrets/base64JwtSecret.age b/secrets/base64JwtSecret.age new file mode 100644 index 0000000..fcba937 --- /dev/null +++ b/secrets/base64JwtSecret.age @@ -0,0 +1,10 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBadWpV +SWZlT2xDQVZ0eWwwZTJQVFRCaTd1YS9tbU5GUG1DVTlaMFlVb2ljClA4V1NNZC9G +a0p3QzdYeTBQRjg3aGlWS3NsUlpXbm1QMklqSDQxd3RCSEUKLT4gSiZ7M1RSLWdy +ZWFzZSAvZQpXMGYvcGw0eTByd2oKLS0tIFY0MHNoSndUU2prS3hMNkh0TDM4a001 +eGtKdkFLcDlDRU1nWmttdlRvMGcKSS3h9zCyio8qlR3l2wuqS/qUP5TKlbbgwDHI +8dA7W7yORAZoDgtAgxxzxctpVJVvOPfZhN49aFwueounRxw28OwYiyPrpGB1O3G9 +bR7uhWs+9cOrvMfkAtCRdtVUq7r+ZidYiuXhwruvxXy+BTKiDZ7Vk5A9Xt4khacU +MM8VlVwWm87+/0Y= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/lasuiteSecrets.age b/secrets/lasuiteSecrets.age index 5b4b002..184da59 100644 --- a/secrets/lasuiteSecrets.age +++ b/secrets/lasuiteSecrets.age @@ -1,11 +1,11 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSA1eHY4 -Q2UvTnllWTlzbVBaNjA0NDVYN0pLRURKM01vM1I5Nk04d0xVcjJzCk90UHR4Snpu -TmVyQ3BQN205QkRIelRrZlVXUE01L1pDd3AvRVdpVzZrSTAKLT4gVHRRIS1ncmVh -c2Ugc3V1diJZSncgOX4KWUNlTldaRkVETitwclVtdmIwYVFkUnQ1VTdrek8rcVdF -RHJWTmtXOW5XSTdNemt4RmtCSVYrTVhVNlhLWE1VUwpmMm9xUUs0OFF3ZlFVVS9Z -OEZNTmgxNVRoZG9pZlVFQgotLS0gZHlRRk1oL3VhTmJTOHY1aWdNVVBVL3YyUGZu -UEU4RkJJUDVxWCtMYVlBdwpmVV67p+mRvSoWikGr53MDxYMCFQ0/LKzs/kHw7iZF -0huOB/IJwFyu1Pi+A+hz5y9W6aP/5uE1NtDqbAkKz4gOwMrWo8WmyxAsU9xrLGoH -s+gVvu/VdslMzSxGzA== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBxcWZ5 +d3R2emhwSFVNTHVFRnFvajNOTDFjb0hqSWpmWWVqVzY0SEFJNEdBClkrUng3NzZ1 +ajcrK2M1SWM5aUJ0ZThBLzhkdVFKN3QxMStkdE9HUVNLeFEKLT4gJj9qX0RzLS1n +cmVhc2UgKHZvTApxTElBcWRZCi0tLSB5MkpXOFpvN0d5cmozOWVTaHo3SlN6NG5J +NXZVZTRRSEV2amFHcDdZdC9VCivwG1lYRICTYcPQpXgAIgWx8xVRBDXvm51jrc2u +ZKoAS/CgoVU48VfFqEEoI3BO4te4ycRh/5kzuia/qafAIJZf4Fyc8cRnr5eBygdw +tiE+X7adMCSAxKQC6Bc7M+Y8pPt3BF0mKqxSrW9vqo6eyDd9LbIPRf17iB2Sstd3 +a662fQDukeq4t0j1qbqQsv7RmQsOh3IrBthRoBPoq077hx+Ijl69+U7ejoRFDi0Y +v8JXDZcOjyo= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/oidcJwtSecretEnv.age b/secrets/oidcJwtSecretEnv.age deleted file mode 100644 index a57376c..0000000 --- a/secrets/oidcJwtSecretEnv.age +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBYdDJD -NWJNcVUvd0JmTDhVZEVzck12ek1iTlpCREVPYVZ6Y0lhM1VBZmxBCkFwZmU2R3BG -Y0VIcllFUlU1VjZVNDB1eFZ2eFBpMDBLWUVSODlrU0R2VnMKLT4gUlpkLWdyZWFz -ZSAvdF89IEo5LQpVNVcwc2JmZWdUalJrWVNEQXAzQkh1UFJGTzdDeU5HdDdrTnZu -VXFvQ2dnemN0eDFGNnpsU21jMlBrZFNyL0o0CmpYTHFuS2VpdHcKLS0tIE9FZHo5 -dlZtOXNVaUIrUVlxM0lWcGFzc1k3MVhTam9vbzF1ZnExVzd4Qm8KGMrtis7WGy6p -IToPtJLsWzxnQKeD4MMLNfH6PTI0CbPqwBwdjEGjWe6CBENbxsgLL/Ggs3JIDjHI -aYXh7La2fwl1TkVGhOshspT0a7gdRhWJexdVHEUy/qNQyqrpl41r0UW4ZMXwF6bm -ztXlKgSjV8SuFKNzpyMPUEtO7CFkLLPlwxor6CI= ------END AGE ENCRYPTED FILE-----