Henry-Hiles/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Henry-Hiles:f2adbd5897d394e2e4ee492d6b70db92489cb2b5
Branches Tags
Henry-Hiles:main
..
compare: Henry-Hiles:51538c1d61ba2bbfa2df1b20d60336139c5a41c8
Branches Tags
Henry-Hiles:main

No commits in common. "f2adbd5897d394e2e4ee492d6b70db92489cb2b5" and "51538c1d61ba2bbfa2df1b20d60336139c5a41c8" have entirely different histories.
f2adbd5897 ... 51538c1d61

8 changed files with 49 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

7
clients/quadraticserver/caddy.nix
View file

@ -1,12 +1,7 @@
{pkgs, ...}: { {
services.caddy = { services.caddy = {
enable = true; enable = true;
email = "henry@henryhiles.com"; email = "henry@henryhiles.com";
package = pkgs.caddy.withPlugins {
plugins = ["github.com/ggicci/caddy-jwt@v1.1.0"];
hash = "sha256-sdhX/dAQ7lIxBo/ZW6XYX8SRuacLO9HobtIVKD/cw0o=";
};
}; };
networking.firewall.allowedTCPPorts = [2222 443 8448]; # Git SSH, HTTPS, and Matrix networking.firewall.allowedTCPPorts = [2222 443 8448]; # Git SSH, HTTPS, and Matrix
} }

45
clients/quadraticserver/searxng.nix
View file

@ -3,10 +3,7 @@
lib, lib,
... ...
}: { }: {
services = let services = with config.services.searx.settings.server; {
socket = "/var/run/searx/socket";
domain = "search.federated.nexus";
in {
searx = { searx = {
enable = true; enable = true;
environmentFile = config.age.secrets."searxngSecret.age".path; environmentFile = config.age.secrets."searxngSecret.age".path;
@ -15,6 +12,7 @@
general = { general = {
instance_name = "Federated Nexus Search"; instance_name = "Federated Nexus Search";
contact_url = "mailto:henry@henryhiles.com"; contact_url = "mailto:henry@henryhiles.com";
debug = true;
}; };
search = { search = {
autocomplete = "duckduckgo"; autocomplete = "duckduckgo";
@ -22,10 +20,10 @@
}; };
server = { server = {
base_url = "https://${domain}"; base_url = "search.federated.nexus";
port = "8080"; port = 80;
bind_address = "unix://${socket}"; bind_address = "127.0.0.4";
}; };
engines = lib.mapAttrsToList (name: value: {inherit name;} // value) { engines = lib.mapAttrsToList (name: value: {inherit name;} // value) {
@ -33,37 +31,6 @@
}; };
}; };
}; };
caddy.virtualHosts."${base_url}".extraConfig = "reverse_proxy ${bind_address}";
caddy = {
environmentFile = config.age.secrets."oidcJwtSecretEnv.age".path;
virtualHosts."${domain}".extraConfig = let
auth = "https://auth.federated.nexus";
in ''
handle_errors 401 {
redir https://federated.nexus/login?redirect_uri=${auth}/bridge?redirect_uri=https://${domain}{uri} 302
}
route {
jwtauth {
from_cookies id_token
sign_key {$JWK_SECRET}
issuer_whitelist ${auth}
audience_whitelist proxy
}
reverse_proxy unix/${socket}
}
'';
};
};
systemd.services = let
commonConfig = builtins.mapAttrs (_: value: lib.mkForce value) {
Group = "caddy";
RuntimeDirectoryMode = "0770";
UMask = "007";
};
in {
searx.serviceConfig = commonConfig;
searx-init.serviceConfig = commonConfig;
}; };
} }

46
flake.lock generated
View file

@ -582,11 +582,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750614446, "lastModified": 1750304462,
"narHash": "sha256-6WH0aRFay79r775RuTqUcnoZNm6A4uHxU1sbcNIk63s=", "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "7c35504839f915abec86a96435b881ead7eb6a2b", "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -624,11 +624,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750620651, "lastModified": 1750446454,
"narHash": "sha256-MqmzdsKUrOTN8NhjuldA1GHMgVsWsBmtMgHzpiSWnn0=", "narHash": "sha256-Xaa1xkseAkP0o7TCWge1l6RE6NpJEOy4s1Wtx+bzlkk=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "13a469ba6dfbb1ef6431570b952fb4a78471e63f", "rev": "f875ef407195b12fc19e5ddd7d896278c1b98a3f",
"revCount": 28, "revCount": 18,
"type": "git", "type": "git",
"url": "https://git.federated.nexus/Henry-Hiles/matrixoidc" "url": "https://git.federated.nexus/Henry-Hiles/matrixoidc"
}, },
@ -644,11 +644,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750610317, "lastModified": 1750263362,
"narHash": "sha256-tArf9ek4DoR+5lcDlshGS/CjMjX8vMNfpZ1Ys98UrZM=", "narHash": "sha256-n5XvEaSanFe9g1AF6l2o+6OE8THpErU44pu6tt0c9PE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nh", "repo": "nh",
"rev": "e5dbcf9d48257f4a116bc4746e0c59c78e08e161", "rev": "4b39f8496d5bc4f86d0f256ca4b2d7dbcbd9fc00",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -829,17 +829,17 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750514805, "lastModified": 1750513223,
"narHash": "sha256-BcHbwm7cVfxb0ocicnn21PNE7ijyLlUZk1utzrR06Ys=", "narHash": "sha256-BcHbwm7cVfxb0ocicnn21PNE7ijyLlUZk1utzrR06Ys=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "1bf1950bdea07f72b699ac105800f5bb437a70fd", "rev": "236f3406c2a79887cfc010e29ba83c63c330695c",
"revCount": 15, "revCount": 15,
"type": "git", "type": "git",
"url": "https://cgit.rory.gay/nix/OOYE-module.git" "url": "https://git.federated.nexus/Henry-Hiles/OOYE-module"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://cgit.rory.gay/nix/OOYE-module.git" "url": "https://git.federated.nexus/Henry-Hiles/OOYE-module"
} }
}, },
"programsdb": { "programsdb": {
@ -850,11 +850,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1750602466, "lastModified": 1750512214,
"narHash": "sha256-7hrX64drp6NArt+vzGq9jSNBkGA6XEFvxmSrsFzRCDU=", "narHash": "sha256-qb6BTAyIrzMa47Wa9T++AUbO6On4c3p9npHbLlrvJ9I=",
"owner": "wamserma", "owner": "wamserma",
"repo": "flake-programs-sqlite", "repo": "flake-programs-sqlite",
"rev": "7fe4aa40ccbd1630e0447bbf49d9026cf9e6cb57", "rev": "9fd1ee32264cea8782dd7127156a3d42ad77fde8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -938,11 +938,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1750562714, "lastModified": 1750459519,
"narHash": "sha256-GEQdMsWrij7y1UjuONVZYWLBo1OPIt709KcyCxcDfxU=", "narHash": "sha256-5r+n+UspGQmATwiaA/HPoHgLWkmlIFEweHC3A4fqk80=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "100b968012804d6526c5f48a32c30680916bc474", "rev": "faa5a34c3fd533b289ed082ff2b0e579634e3e4f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1131,11 +1131,11 @@
}, },
"wrapper-manager": { "wrapper-manager": {
"locked": { "locked": {
"lastModified": 1750605920, "lastModified": 1750422615,
"narHash": "sha256-H7aKzVWtX2Efp8DwCuMrZex+IiXII2/PF5rO+Mu5oYU=", "narHash": "sha256-+HCOFcrVM+cvvivuQxW9vMOon3T8b1sGtlPze5vLGCI=",
"owner": "viperML", "owner": "viperML",
"repo": "wrapper-manager", "repo": "wrapper-manager",
"rev": "238d49c10383cd1db56d694bff9d573684c71526", "rev": "754ed625186e67f588d6dd664afbbfda8128a7e3",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
modules/desktop/packages.nix
View file

@ -4,11 +4,12 @@
tuba tuba
gimp gimp
deno deno
ptyxis
heroic heroic
aspell aspell
ptyxis
muzika muzika
foliate foliate
fractal
gapless gapless
inkscape inkscape
r2modman r2modman
@ -18,7 +19,6 @@
wl-clipboard wl-clipboard
prismlauncher prismlauncher
authenticator authenticator
cinny-desktop
# nexusmods-app-unfree # nexusmods-app-unfree
hunspellDicts.en_CA-large hunspellDicts.en_CA-large
]; ];

9
secrets/cookieSecret.age
View file

@ -1,9 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBXVC9Y
ejZDRVFXa0dHeXpaVTFPaTlRUkNkR29WTkpuRGhSS2RCZmlMN0E0CkU4WFQwN0RL
Z2VMM29waDRDMi95bVpHNnk0ZVB4RlZLOUxzUlJHSE9JdlUKLT4gPC1ncmVhc2Ug
SzZzN3tJPyBmVVdJWApudwotLS0gTnZYRGdzQmpYM2VhZW1tWFo3V21LKzVSRXBV
cXZSYkQwVEhLOGlWcnJKawomBD/OVJ+bpe4aczYDXDRMYNdLrVbOVBTjUajac4rZ
kzd+VOjYYk319QbmrsPGX3D6I15YcCGdY+tfXjiO5UnTm+wUx5IqiSxCBMQVgDAC
h3X5aRXBELvC8iwoR/gy
-----END AGE ENCRYPTED FILE-----

19
secrets/oidcJwtSecret.age
View file

@ -1,11 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBxL1BV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBOUTRE
NHlkckQvbnhKNVRodU0yQ0p6LzZKS1E3UHJoSDZvay9iVWZqaVMwCjJKMDZkN0No WFRYRXFXQ2h4U0xoVmt1MXF5WVhNcHJLTDZyOHdKUEVncWRwN0ZVCkhBUVp2TFlG
alJ4Z1pOTHpvQ2cyMHB2OGloWW14ZnFOWktoUnJvRWs1QncKLT4gQS1ncmVhc2Ug OTBocE1xM0ZhblhCaUhFVTdpSUwrcmlmWmRiR3llbDE5SWMKLT4gPUgtZ3JlYXNl
WHAKQ0ZYaHZoZjVWbm1qV00vR0pUcElLam55WlVibUk0ekpTZHZDaTJrbm5WVGFw IEkvR3AgQHlCQDJgWSA3ZjtnKUhJCjdmalZjNWpvendTNWdqYTh6TU5QOS9IT3g5
QWlWWmI0Z3VXMGtJVTBIdEh4Twp5cVdiTXFZZkRWaVQvL000ZnE3cFByT2xlOUQx QWFuN0pGQWVqMUlLSTRhdlRaWjY5bEg0SnNqSDdpazc2U1BBMzUKK1g0bFJIZWhI
M3J3Ci0tLSBobVB5TVYvVGl5ZGM5VTkwckNDcFkwa20yMFJ4NFM5V1lrbHNub3dE aWI5QlRScGFHOEhZRHpaV291ajg3YWpzUFh3djFZVHc0RQotLS0gUWJYQW1VaEFV
OG13CvoG3JJMeKhyYscnS7TVzdP22vTVt3KA4+weyMLeM0bPIG8Zy4pMcNonsxCD Y3grQ3kzSUY0SWk2UWo1WUM5M2tUV2lhQTY5T1hIQUxqRQqmwjz0Y6d7mAuEWPO3
MnAi7NFjYWx1mdWWC69JX/QbLmBab/gnzsgn1L+lw/7V6VSYg2gm9U5ekvTWCU8e UGfQsIaGnQ2JAHuwtR3J8LtFmI9hyNdU4lpfs611QMX+7Calx707XEG5xrKWtT6F
riBaAGo= tQRWIvAGu2FVzxow8deDAlWVs8lNnr8url4N4Ii5XMkLFyW0BTgZ5t8cSy6tKvW6
SN8o
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

11
secrets/oidcJwtSecretEnv.age
View file

@ -1,11 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBYdDJD
NWJNcVUvd0JmTDhVZEVzck12ek1iTlpCREVPYVZ6Y0lhM1VBZmxBCkFwZmU2R3BG
Y0VIcllFUlU1VjZVNDB1eFZ2eFBpMDBLWUVSODlrU0R2VnMKLT4gUlpkLWdyZWFz
ZSAvdF89IEo5LQpVNVcwc2JmZWdUalJrWVNEQXAzQkh1UFJGTzdDeU5HdDdrTnZu
VXFvQ2dnemN0eDFGNnpsU21jMlBrZFNyL0o0CmpYTHFuS2VpdHcKLS0tIE9FZHo5
dlZtOXNVaUIrUVlxM0lWcGFzc1k3MVhTam9vbzF1ZnExVzd4Qm8KGMrtis7WGy6p
IToPtJLsWzxnQKeD4MMLNfH6PTI0CbPqwBwdjEGjWe6CBENbxsgLL/Ggs3JIDjHI
aYXh7La2fwl1TkVGhOshspT0a7gdRhWJexdVHEUy/qNQyqrpl41r0UW4ZMXwF6bm
ztXlKgSjV8SuFKNzpyMPUEtO7CFkLLPlwxor6CI=
-----END AGE ENCRYPTED FILE-----

15
secrets/searxngSecret.age
View file

@ -1,10 +1,9 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSB5a0NN YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBxZjYy
bUFxRXJ6TnJlTTM5d1JJbG9DSjNNc1hLRWVTTDZNU21tMEVQNlhFCnpjeGtVRFo4 dkxESEMxdUswVDNXZFZ2b1RubTIraFJ6bU9oUXFPNmoxVG41SkRjCkR1cHZBcS9B
WGNPaml5Ym00dXBlemVXaTdGSm9zVjNHZGVVMnE1WFpCQmMKLT4gT1QrLWdyZWFz OUdyZXNmS3hHcVBQb0tPMHM4K1lOZXY1SEgwdGNPZHA0ckkKLT4gfTxQVS0tZ3Jl
ZSA3JTA5fTFTIC1KL3JuNwpRYndkeUhvMTF6VjdPTWpDbUNqaEZiYUd6aEdlZlNO YXNlIGotIHBJfGoydApIbERyaXdVZ0xYc3ZCaXE2d3VYWlFoSkF2TmZDR0VuOHpK
dWtnVjYvMFRnWDBicWJDVTAzZXRPeVdnZVVxekFadlNFCmlsajgyeTgvU0hCMlh6 dU5QaFUvclRvMU9BCi0tLSBNV2tTRm1Yb1BMUE1qd1o3ZXRoblpEMFVKd1dCeHJC
ZU1yTXMKLS0tIC8yL3BMdUNXc3VIc0JCMDFlaTg1ZTRNR3FENEZ6ZjF4Ym5idHpu bGVYZFMrblQ1TC9RCkgi4Jlqkr7NYUx5CBZSFbcWUxNqrx59p5zFpshzNFwJic3B
eitWaEkKgTzeyWefh3JvEbGyw4HTzj+IJplwk9uOuSnXyJhB3XbfChdQsNyQ92K0 syvn9t+u22kDcP8QcsfAHrY9WbwOCR4iDJ1z
XQo4yefB1+QKXWYX2/gJNVcKAbhcs/EF+XI6qg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----