Compare commits

..

6 commits

Author SHA1 Message Date
GaspardCulis
845fbaf243 fix(outline): Temporarly switch to local storage to fix uploads 2024-11-03 22:15:19 +01:00
GaspardCulis
c57f4e71b8 fix(outline): Tweak stuff to make uploads work
Currently not working
2024-11-03 22:14:02 +01:00
GaspardCulis
f00747b5f1 fix(garage): Fixed proxy config 2024-11-03 21:41:19 +01:00
GaspardCulis
6fb5d93ee7 feat(services): Added Outline service 2024-11-03 21:06:00 +01:00
GaspardCulis
44acc7a1a4 feat(hypr -> nix): Added common app installs 2024-11-03 21:05:16 +01:00
GaspardCulis
0ef48bdc49 feat(Zephyrus): Steam specialization now uses jovian SteamOS module 2024-11-01 20:36:25 +01:00
11 changed files with 161 additions and 39 deletions

View file

@ -58,6 +58,10 @@
ffmpegthumbnailer
poppler
imagemagick
# Other apps
vlc
qbittorrent
webcord
];
home.pointerCursor = {

View file

@ -436,6 +436,49 @@
"type": "github"
}
},
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729921861,
"narHash": "sha256-lR1FS18NxY8XfYVxFSIAHCeJuTgbGUy7J79Bo0e9ZMA=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "b0d86a65833bed4eda4d36ad54730a967bdca15a",
"type": "github"
},
"original": {
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"jovian",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729697500,
"narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "matrix-name",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1727348695,
@ -498,6 +541,7 @@
"hy3",
"hyprland"
],
"jovian": "jovian",
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}

View file

@ -50,6 +50,12 @@
url = "github:GaspardCulis/anixrun";
inputs.nixpkgs.follows = "nixpkgs";
};
# SteamOS
jovian = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
@ -59,6 +65,7 @@
deploy-rs,
sops-nix,
home-manager,
jovian,
...
} @ inputs: let
system = "x86_64-linux";
@ -71,6 +78,7 @@
./hosts/Zephyrus
disko.nixosModules.disko
home-manager.nixosModules.home-manager
jovian.nixosModules.jovian
];
};

View file

@ -104,28 +104,15 @@
];
group = "steam";
};
programs = {
gamescope = {
enable = true;
capSysNice = true;
env = {
XKB_DEFAULT_LAYOUT = "fr";
};
};
steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
};
services.desktopManager.plasma6.enable = true;
jovian.steam = {
enable = true;
autoStart = true;
user = "steam";
desktopSession = "plasma";
};
hardware.xone.enable = true; # support for the xbox controller USB dongle
services.getty.autologinUser = "steam";
environment = {
loginShellInit = ''
[[ "$(tty)" = "/dev/tty1" ]] && ${(pkgs.writeShellScript "gs.sh" "${builtins.readFile ../../bin/gs.sh}")}
'';
environment.sessionVariables = {
XKB_DEFAULT_LAYOUT = "fr";
};
};

View file

@ -68,6 +68,8 @@
"steam-original"
"steam-run"
"steam-unwrapped"
"steam-jupiter-unwrapped"
"steamdeck-hw-theme"
];
hardware.graphics = {

View file

@ -22,6 +22,15 @@ gitlab:
OTP_KEY: ENC[AES256_GCM,data:BphY+ZO26N82iN1782ephpyqYwTt3UmCawX9/1kwvWEo5OebpUOOOQnR03I=,iv:EaHAW/sb1MGfN9ZFeB8t4xxVUtxb5jM7uL06/eGPxck=,tag:Qg+0oBsc0oB1T8NO2Znw5g==,type:str]
DB_KEY: ENC[AES256_GCM,data:9Yso0CEnpAU/sX2NW8roSz+w/lhfK220f35U8Z3t+GNOi+Zd7Ybb/7kill4=,iv:fsQ86NRJbLYfjFZ/ka6po1o35dagqmiqhfQmUQNzlPg=,tag:LV9Sh+TlYv+kRW0bLWajnw==,type:str]
JWS_KEY: ENC[AES256_GCM,data:7QGTClTixUmLFuPwkdvaVbPfZhVFpjtnW4/T6W0Lpu2j5Xt1jxijgRSHYRo=,iv:9v5TGU8+SlKzAQtfF/3VBQ4D9asyNcOOa4ElEG7OQdE=,tag:MPWKPJtFfIeo38uCVG1H7w==,type:str]
notesnook:
API_SECRET: ENC[AES256_GCM,data:E2wikU7aAXzuZ1m1javW7SbkCxVSii1zLF2AjFCWbVpyRvVN9le764fU29A=,iv:9R/Hzwdr9shQNYxtSJB18CUiaGq/XfMY2mTlTL5aLHs=,tag:ediIkiZRNOK61xGUO8vKwA==,type:str]
S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:Pmzvjon0RH2d78hiO0JEa8Lbad2a+mzX+zs=,iv:IyKuX3lWVqJuovkVNi/5eEZbRSL+jsOG5Kd09mEwr6w=,tag:Z2SfFsLpaPMDphhBp/1b0Q==,type:str]
S3_ACCESS_KEY: ENC[AES256_GCM,data:cFv5P0u1u+eITCjf/le7Pcllqdj3UoUzoN5b3G/4R6aZR08RBKdcvs3mR9gnDHVMlhxogZfzkl4yptHK671cZA==,iv:rE4cbfbdqkYmuap4iYZMnakOveT3jCRUuw6E/Q0RnWg=,tag:eSz4UqduFRW3BnVUJSY3mw==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:efOK1OwlbehUv/a2K0zHTlNjqyVlUWFF,iv:kDA0sS8Rs4zlK+YJhUWiNAw0OsskFyszoSEQ0RiZxy8=,tag:JdclQMpkTc3Ggl8g0Dxdww==,type:str]
outline:
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:BlV4g/ri3BkvjD/2BybGS5H8fqQkGZ8dE+Nm91WV1ia5Qq/QhzED0NsM2sIcow2vKh12Q/T+NyhvkgmdV6xzWKjY7C/WMkt+,iv:lIhD8drsTqlbEKM/2ZlIspabTjy55eHnnh6YjXm996o=,tag:kaTDj28HUjKKqVkOu1XSRA==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:ZkVT5HLT0PB6FsdHBFaasQp86S+UNM91,iv:AG+7F0zMgGHcCEd6KkZu+UPzCfs+CGfe4P54PtZCxr0=,tag:QcG8wBeyRwmeHg+RmF7jqQ==,type:str]
S3_SECRET_KEY: ENC[AES256_GCM,data:G/uX/JggGnMu9JMqXR2AkNjxAmGjjXKJchAOfnYLFWFt/oc8rJaK6TKPmHKF7+dL9Iphfvuu6k8Bs/hkOuhG6w==,iv:ghazTJoiBk1frpJbJrcSm53dU1/xi//+yruAqhm6T8E=,tag:kd3XYWQg5z/pMMmXqAtzGw==,type:str]
penpot:
SECRET_KEY: ENC[AES256_GCM,data:Ebeehmby3FBDOaTxwTWg9vKTsB+w8wpa6FdxcvvRTwDR07A0Ljk4WCaPmbPBArbwB14cMSuGeDGBrvNo1x8N+u3FeMMei+TGvgJGssZynxEN7+g5gTg=,iv:ZAa3n7CCyeeeAIv48JpIZmjFiyHiXLFK+Q0Wqf7utFY=,tag:6JZZ53jEM579vYhQG4X2Fw==,type:str]
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:+GrXq113byY5XqFDE1tF4n5xcrhIjg2KI39xgxY6hEcS3r6KcF6SAFmczoscMFPJccaTv7Pcr7zfzDxGT7zDuNyj324nzvff,iv:onZV3ESU4Kbvp9x9rfXuq17FlhaoE/4ZXIwH4/bOXPc=,tag:I02FFF54NDMyJuicdwy4TA==,type:str]
@ -65,8 +74,8 @@ sops:
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-24T10:04:55Z"
mac: ENC[AES256_GCM,data:fXCKFVev+ALjXdSPDw7QynQvh2ItusAUq/ZHCUv2dTLZcoW1/42hOyRexQPoQTAw+mACB1Sp9IPu5N5Gg3TSoxV6I67q7+S8FZVzfB1a8wMTIDF1vSOp5eHM3g6i8Wjip23V0LqUqjok4tuunDVnkOmp0uD0fLlaIiTpFgS3HJo=,iv:iq8CYdzR2F4knyTBHYIsS/hF+WCYcWXrpBAl2Ow60A0=,tag:hmNaTtIUqHRbU9aFzD6gww==,type:str]
lastmodified: "2024-11-03T19:39:34Z"
mac: ENC[AES256_GCM,data:/LhtjIGX+a2q4gOZ8KpcNX1UFaLCUG1xAM4pGVx5c4YwdbC4UUuKSaeu0WWzaHaVw/1GNgODhXTC7HOcIr7Y4WgbDV79dF7kdotn1dRlIV0LwLJ22MrmUeQpxOR25zvAEshP0ekqNAV1gf8/TqNvHy8jGwThq4F/8J0hKbov3VQ=,iv:c5Vagv78n+T3Kym/h6EJnGbtWhDrFKg8GKhpu7FQYZ4=,tag:LGtkD/4SfCaMo/LfZwvlhQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.9.1

View file

@ -34,6 +34,20 @@ identity_providers:
- 'email'
- 'openid'
- 'profile'
- client_id: 'outline'
client_name: 'Outline'
client_secret: '$pbkdf2-sha512$310000$KykggigTF2ZRKzEdHqPD0A$TV66lPDqlTodPjFGMpxMUaeQPywHliW8yTXfXsMh4EBkYI3cIqmDc.z6Yk/3/So2.HqsRWwfPlEHmBn9Esq/4A'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://outline.gasdev.fr/auth/oidc.callback'
scopes:
- 'openid'
- 'offline_access'
- 'profile'
- 'email'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post'
authentication_backend:

View file

@ -2,6 +2,7 @@
imports = [
./authelia
./garage
./outline
./penpot
./shadowsocks
./uptime-kuma

View file

@ -1,22 +1,25 @@
# TODO: Run as different user
{...}: {
{config, ...}: {
sops.secrets."garage/RPC_SECRET".owner = "root";
services.caddy.virtualHosts."s3.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3900
'';
services.caddy.virtualHosts."s3.gasdev.fr *.s3.gasdev.fr" = {
logFormat = "output file ${config.services.caddy.logDir}/access-s3.gasdev.fr.log";
extraConfig = ''
header {
?Access-Control-Allow-Headers *
?Access-Control-Allow-Methods *
?Access-Control-Allow-Origin *
}
reverse_proxy http://127.0.0.1:3900
'';
};
services.caddy.virtualHosts."*.s3.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3900
'';
services.caddy.virtualHosts."s3web.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3900
'';
services.caddy.virtualHosts."*.s3web.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3902
'';
services.caddy.virtualHosts."s3web.gasdev.fr *.s3web.gasdev.fr" = {
logFormat = "output file ${config.services.caddy.logDir}/access-s3web.gasdev.fr.log";
extraConfig = ''
reverse_proxy http://127.0.0.1:3902
'';
};
virtualisation.oci-containers.containers = {
garage = {

View file

@ -0,0 +1,49 @@
{
config,
lib,
...
}: {
sops.secrets."outline/OIDC_CLIENT_SECRET".owner = "outline";
sops.secrets."outline/SMTP_PASSWORD".owner = "outline";
sops.secrets."outline/S3_SECRET_KEY".owner = "outline";
services.caddy.virtualHosts."outline.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:7143
'';
services.outline = {
enable = true;
port = 7143;
publicUrl = "https://outline.gasdev.fr";
forceHttps = false;
oidcAuthentication = {
authUrl = "https://auth.gasdev.fr/api/oidc/authorization";
userinfoUrl = "https://auth.gasdev.fr/api/oidc/userinfo";
tokenUrl = "https://auth.gasdev.fr/api/oidc/token";
displayName = "Authelia";
clientId = "outline";
clientSecretFile = config.sops.secrets."outline/OIDC_CLIENT_SECRET".path;
scopes = ["openid" "offline_access" "profile" "email"];
};
smtp = {
host = "smtp.mail.ovh.net";
port = 465;
username = "postmaster@gasdev.fr";
passwordFile = config.sops.secrets."outline/SMTP_PASSWORD".path;
fromEmail = "from.outline@gasdev.fr";
replyEmail = "reply.outline@gasdev.fr";
};
storage = {
storageType = "local";
localRootDir = "/var/lib/outline/data";
};
};
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"outline"
];
}

View file

@ -100,6 +100,7 @@
penpot-postgres = {
image = "docker.io/postgres:15";
autoStart = true;
ports = [];
volumes = [
"penpot_postgres:/var/lib/postgresql/data"
];