Jaaj-San/pointfichiers
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Jaaj-San:845fbaf243adea1307ed5520837bb077894e0ee8
Branches Tags
Jaaj-San:main
Jaaj-San:feat/ovh-config
Jaaj-San:feat/nix
..
compare: Jaaj-San:cc00b335a05f4020f4b9e711631efd995ea63bb6
Branches Tags
Jaaj-San:main
Jaaj-San:feat/ovh-config
Jaaj-San:feat/nix

No commits in common. "845fbaf243adea1307ed5520837bb077894e0ee8" and "cc00b335a05f4020f4b9e711631efd995ea63bb6" have entirely different histories.
845fbaf243 ... cc00b335a0

11 changed files with 39 additions and 161 deletions
Show stats Expand all files Collapse all files

4
de/hypr/default.nix
View file

@ -58,10 +58,6 @@
ffmpegthumbnailer
poppler
imagemagick
# Other apps
vlc
qbittorrent
webcord
];
home.pointerCursor = {

44
flake.lock
View file

@ -436,49 +436,6 @@
"type": "github"
}
},
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729921861,
"narHash": "sha256-lR1FS18NxY8XfYVxFSIAHCeJuTgbGUy7J79Bo0e9ZMA=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "b0d86a65833bed4eda4d36ad54730a967bdca15a",
"type": "github"
},
"original": {
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"jovian",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729697500,
"narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "matrix-name",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1727348695,
@ -541,7 +498,6 @@
"hy3",
"hyprland"
],
"jovian": "jovian",
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}

8
flake.nix
View file

@ -50,12 +50,6 @@
url = "github:GaspardCulis/anixrun";
inputs.nixpkgs.follows = "nixpkgs";
};
# SteamOS
jovian = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
@ -65,7 +59,6 @@
deploy-rs,
sops-nix,
home-manager,
jovian,
...
} @ inputs: let
system = "x86_64-linux";
@ -78,7 +71,6 @@
./hosts/Zephyrus
disko.nixosModules.disko
home-manager.nixosModules.home-manager
jovian.nixosModules.jovian
];
};

27
hosts/Zephyrus/default.nix
View file

@ -104,17 +104,30 @@
];
group = "steam";
};
services.desktopManager.plasma6.enable = true;
jovian.steam = {
programs = {
gamescope = {
enable = true;
autoStart = true;
user = "steam";
desktopSession = "plasma";
};
environment.sessionVariables = {
capSysNice = true;
env = {
XKB_DEFAULT_LAYOUT = "fr";
};
};
steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
};
};
hardware.xone.enable = true; # support for the xbox controller USB dongle
services.getty.autologinUser = "steam";
environment = {
loginShellInit = ''
[[ "$(tty)" = "/dev/tty1" ]] && ${(pkgs.writeShellScript "gs.sh" "${builtins.readFile ../../bin/gs.sh}")}
'';
};
};
system.stateVersion = "24.11";
}

2
hosts/Zephyrus/hardware-configuration.nix
View file

@ -68,8 +68,6 @@
"steam-original"
"steam-run"
"steam-unwrapped"
"steam-jupiter-unwrapped"
"steamdeck-hw-theme"
];
hardware.graphics = {

15
secrets/OVHCloud.yaml
View file

@ -22,15 +22,6 @@ gitlab:
OTP_KEY: ENC[AES256_GCM,data:BphY+ZO26N82iN1782ephpyqYwTt3UmCawX9/1kwvWEo5OebpUOOOQnR03I=,iv:EaHAW/sb1MGfN9ZFeB8t4xxVUtxb5jM7uL06/eGPxck=,tag:Qg+0oBsc0oB1T8NO2Znw5g==,type:str]
DB_KEY: ENC[AES256_GCM,data:9Yso0CEnpAU/sX2NW8roSz+w/lhfK220f35U8Z3t+GNOi+Zd7Ybb/7kill4=,iv:fsQ86NRJbLYfjFZ/ka6po1o35dagqmiqhfQmUQNzlPg=,tag:LV9Sh+TlYv+kRW0bLWajnw==,type:str]
JWS_KEY: ENC[AES256_GCM,data:7QGTClTixUmLFuPwkdvaVbPfZhVFpjtnW4/T6W0Lpu2j5Xt1jxijgRSHYRo=,iv:9v5TGU8+SlKzAQtfF/3VBQ4D9asyNcOOa4ElEG7OQdE=,tag:MPWKPJtFfIeo38uCVG1H7w==,type:str]
notesnook:
API_SECRET: ENC[AES256_GCM,data:E2wikU7aAXzuZ1m1javW7SbkCxVSii1zLF2AjFCWbVpyRvVN9le764fU29A=,iv:9R/Hzwdr9shQNYxtSJB18CUiaGq/XfMY2mTlTL5aLHs=,tag:ediIkiZRNOK61xGUO8vKwA==,type:str]
S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:Pmzvjon0RH2d78hiO0JEa8Lbad2a+mzX+zs=,iv:IyKuX3lWVqJuovkVNi/5eEZbRSL+jsOG5Kd09mEwr6w=,tag:Z2SfFsLpaPMDphhBp/1b0Q==,type:str]
S3_ACCESS_KEY: ENC[AES256_GCM,data:cFv5P0u1u+eITCjf/le7Pcllqdj3UoUzoN5b3G/4R6aZR08RBKdcvs3mR9gnDHVMlhxogZfzkl4yptHK671cZA==,iv:rE4cbfbdqkYmuap4iYZMnakOveT3jCRUuw6E/Q0RnWg=,tag:eSz4UqduFRW3BnVUJSY3mw==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:efOK1OwlbehUv/a2K0zHTlNjqyVlUWFF,iv:kDA0sS8Rs4zlK+YJhUWiNAw0OsskFyszoSEQ0RiZxy8=,tag:JdclQMpkTc3Ggl8g0Dxdww==,type:str]
outline:
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:BlV4g/ri3BkvjD/2BybGS5H8fqQkGZ8dE+Nm91WV1ia5Qq/QhzED0NsM2sIcow2vKh12Q/T+NyhvkgmdV6xzWKjY7C/WMkt+,iv:lIhD8drsTqlbEKM/2ZlIspabTjy55eHnnh6YjXm996o=,tag:kaTDj28HUjKKqVkOu1XSRA==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:ZkVT5HLT0PB6FsdHBFaasQp86S+UNM91,iv:AG+7F0zMgGHcCEd6KkZu+UPzCfs+CGfe4P54PtZCxr0=,tag:QcG8wBeyRwmeHg+RmF7jqQ==,type:str]
S3_SECRET_KEY: ENC[AES256_GCM,data:G/uX/JggGnMu9JMqXR2AkNjxAmGjjXKJchAOfnYLFWFt/oc8rJaK6TKPmHKF7+dL9Iphfvuu6k8Bs/hkOuhG6w==,iv:ghazTJoiBk1frpJbJrcSm53dU1/xi//+yruAqhm6T8E=,tag:kd3XYWQg5z/pMMmXqAtzGw==,type:str]
penpot:
SECRET_KEY: ENC[AES256_GCM,data:Ebeehmby3FBDOaTxwTWg9vKTsB+w8wpa6FdxcvvRTwDR07A0Ljk4WCaPmbPBArbwB14cMSuGeDGBrvNo1x8N+u3FeMMei+TGvgJGssZynxEN7+g5gTg=,iv:ZAa3n7CCyeeeAIv48JpIZmjFiyHiXLFK+Q0Wqf7utFY=,tag:6JZZ53jEM579vYhQG4X2Fw==,type:str]
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:+GrXq113byY5XqFDE1tF4n5xcrhIjg2KI39xgxY6hEcS3r6KcF6SAFmczoscMFPJccaTv7Pcr7zfzDxGT7zDuNyj324nzvff,iv:onZV3ESU4Kbvp9x9rfXuq17FlhaoE/4ZXIwH4/bOXPc=,tag:I02FFF54NDMyJuicdwy4TA==,type:str]
@ -74,8 +65,8 @@ sops:
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-03T19:39:34Z"
mac: ENC[AES256_GCM,data:/LhtjIGX+a2q4gOZ8KpcNX1UFaLCUG1xAM4pGVx5c4YwdbC4UUuKSaeu0WWzaHaVw/1GNgODhXTC7HOcIr7Y4WgbDV79dF7kdotn1dRlIV0LwLJ22MrmUeQpxOR25zvAEshP0ekqNAV1gf8/TqNvHy8jGwThq4F/8J0hKbov3VQ=,iv:c5Vagv78n+T3Kym/h6EJnGbtWhDrFKg8GKhpu7FQYZ4=,tag:LGtkD/4SfCaMo/LfZwvlhQ==,type:str]
lastmodified: "2024-10-24T10:04:55Z"
mac: ENC[AES256_GCM,data:fXCKFVev+ALjXdSPDw7QynQvh2ItusAUq/ZHCUv2dTLZcoW1/42hOyRexQPoQTAw+mACB1Sp9IPu5N5Gg3TSoxV6I67q7+S8FZVzfB1a8wMTIDF1vSOp5eHM3g6i8Wjip23V0LqUqjok4tuunDVnkOmp0uD0fLlaIiTpFgS3HJo=,iv:iq8CYdzR2F4knyTBHYIsS/hF+WCYcWXrpBAl2Ow60A0=,tag:hmNaTtIUqHRbU9aFzD6gww==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.0

14
services/authelia/configuration.yml
View file

@ -34,20 +34,6 @@ identity_providers:
- 'email'
- 'openid'
- 'profile'
- client_id: 'outline'
client_name: 'Outline'
client_secret: '$pbkdf2-sha512$310000$KykggigTF2ZRKzEdHqPD0A$TV66lPDqlTodPjFGMpxMUaeQPywHliW8yTXfXsMh4EBkYI3cIqmDc.z6Yk/3/So2.HqsRWwfPlEHmBn9Esq/4A'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://outline.gasdev.fr/auth/oidc.callback'
scopes:
- 'openid'
- 'offline_access'
- 'profile'
- 'email'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post'
authentication_backend:

1
services/default.nix
View file

@ -2,7 +2,6 @@
imports = [
./authelia
./garage
./outline
./penpot
./shadowsocks
./uptime-kuma

25
services/garage/default.nix
View file

@ -1,25 +1,22 @@
# TODO: Run as different user
{config, ...}: {
{...}: {
sops.secrets."garage/RPC_SECRET".owner = "root";
services.caddy.virtualHosts."s3.gasdev.fr *.s3.gasdev.fr" = {
logFormat = "output file ${config.services.caddy.logDir}/access-s3.gasdev.fr.log";
extraConfig = ''
header {
?Access-Control-Allow-Headers *
?Access-Control-Allow-Methods *
?Access-Control-Allow-Origin *
}
services.caddy.virtualHosts."s3.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3900
'';
};
services.caddy.virtualHosts."s3web.gasdev.fr *.s3web.gasdev.fr" = {
logFormat = "output file ${config.services.caddy.logDir}/access-s3web.gasdev.fr.log";
extraConfig = ''
services.caddy.virtualHosts."*.s3.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3900
'';
services.caddy.virtualHosts."s3web.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3900
'';
services.caddy.virtualHosts."*.s3web.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3902
'';
};
virtualisation.oci-containers.containers = {
garage = {

49
services/outline/default.nix
View file

@ -1,49 +0,0 @@
{
config,
lib,
...
}: {
sops.secrets."outline/OIDC_CLIENT_SECRET".owner = "outline";
sops.secrets."outline/SMTP_PASSWORD".owner = "outline";
sops.secrets."outline/S3_SECRET_KEY".owner = "outline";
services.caddy.virtualHosts."outline.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:7143
'';
services.outline = {
enable = true;
port = 7143;
publicUrl = "https://outline.gasdev.fr";
forceHttps = false;
oidcAuthentication = {
authUrl = "https://auth.gasdev.fr/api/oidc/authorization";
userinfoUrl = "https://auth.gasdev.fr/api/oidc/userinfo";
tokenUrl = "https://auth.gasdev.fr/api/oidc/token";
displayName = "Authelia";
clientId = "outline";
clientSecretFile = config.sops.secrets."outline/OIDC_CLIENT_SECRET".path;
scopes = ["openid" "offline_access" "profile" "email"];
};
smtp = {
host = "smtp.mail.ovh.net";
port = 465;
username = "postmaster@gasdev.fr";
passwordFile = config.sops.secrets."outline/SMTP_PASSWORD".path;
fromEmail = "from.outline@gasdev.fr";
replyEmail = "reply.outline@gasdev.fr";
};
storage = {
storageType = "local";
localRootDir = "/var/lib/outline/data";
};
};
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"outline"
];
}

1
services/penpot/default.nix
View file

@ -100,7 +100,6 @@
penpot-postgres = {
image = "docker.io/postgres:15";
autoStart = true;
ports = [];
volumes = [
"penpot_postgres:/var/lib/postgresql/data"
];