Compare commits
6 commits
cc00b335a0
...
845fbaf243
Author | SHA1 | Date | |
---|---|---|---|
|
845fbaf243 | ||
|
c57f4e71b8 | ||
|
f00747b5f1 | ||
|
6fb5d93ee7 | ||
|
44acc7a1a4 | ||
|
0ef48bdc49 |
11 changed files with 161 additions and 39 deletions
|
@ -58,6 +58,10 @@
|
||||||
ffmpegthumbnailer
|
ffmpegthumbnailer
|
||||||
poppler
|
poppler
|
||||||
imagemagick
|
imagemagick
|
||||||
|
# Other apps
|
||||||
|
vlc
|
||||||
|
qbittorrent
|
||||||
|
webcord
|
||||||
];
|
];
|
||||||
|
|
||||||
home.pointerCursor = {
|
home.pointerCursor = {
|
||||||
|
|
44
flake.lock
44
flake.lock
|
@ -436,6 +436,49 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"jovian": {
|
||||||
|
"inputs": {
|
||||||
|
"nix-github-actions": "nix-github-actions",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1729921861,
|
||||||
|
"narHash": "sha256-lR1FS18NxY8XfYVxFSIAHCeJuTgbGUy7J79Bo0e9ZMA=",
|
||||||
|
"owner": "Jovian-Experiments",
|
||||||
|
"repo": "Jovian-NixOS",
|
||||||
|
"rev": "b0d86a65833bed4eda4d36ad54730a967bdca15a",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Jovian-Experiments",
|
||||||
|
"repo": "Jovian-NixOS",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nix-github-actions": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"jovian",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1729697500,
|
||||||
|
"narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
|
||||||
|
"owner": "zhaofengli",
|
||||||
|
"repo": "nix-github-actions",
|
||||||
|
"rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "zhaofengli",
|
||||||
|
"ref": "matrix-name",
|
||||||
|
"repo": "nix-github-actions",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727348695,
|
"lastModified": 1727348695,
|
||||||
|
@ -498,6 +541,7 @@
|
||||||
"hy3",
|
"hy3",
|
||||||
"hyprland"
|
"hyprland"
|
||||||
],
|
],
|
||||||
|
"jovian": "jovian",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_2",
|
||||||
"sops-nix": "sops-nix"
|
"sops-nix": "sops-nix"
|
||||||
}
|
}
|
||||||
|
|
|
@ -50,6 +50,12 @@
|
||||||
url = "github:GaspardCulis/anixrun";
|
url = "github:GaspardCulis/anixrun";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# SteamOS
|
||||||
|
jovian = {
|
||||||
|
url = "github:Jovian-Experiments/Jovian-NixOS";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs = {
|
||||||
|
@ -59,6 +65,7 @@
|
||||||
deploy-rs,
|
deploy-rs,
|
||||||
sops-nix,
|
sops-nix,
|
||||||
home-manager,
|
home-manager,
|
||||||
|
jovian,
|
||||||
...
|
...
|
||||||
} @ inputs: let
|
} @ inputs: let
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
@ -71,6 +78,7 @@
|
||||||
./hosts/Zephyrus
|
./hosts/Zephyrus
|
||||||
disko.nixosModules.disko
|
disko.nixosModules.disko
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
|
jovian.nixosModules.jovian
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -104,28 +104,15 @@
|
||||||
];
|
];
|
||||||
group = "steam";
|
group = "steam";
|
||||||
};
|
};
|
||||||
programs = {
|
services.desktopManager.plasma6.enable = true;
|
||||||
gamescope = {
|
jovian.steam = {
|
||||||
enable = true;
|
enable = true;
|
||||||
capSysNice = true;
|
autoStart = true;
|
||||||
env = {
|
user = "steam";
|
||||||
XKB_DEFAULT_LAYOUT = "fr";
|
desktopSession = "plasma";
|
||||||
};
|
|
||||||
};
|
|
||||||
steam = {
|
|
||||||
enable = true;
|
|
||||||
gamescopeSession.enable = true;
|
|
||||||
remotePlay.openFirewall = true;
|
|
||||||
dedicatedServer.openFirewall = true;
|
|
||||||
localNetworkGameTransfers.openFirewall = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
hardware.xone.enable = true; # support for the xbox controller USB dongle
|
environment.sessionVariables = {
|
||||||
services.getty.autologinUser = "steam";
|
XKB_DEFAULT_LAYOUT = "fr";
|
||||||
environment = {
|
|
||||||
loginShellInit = ''
|
|
||||||
[[ "$(tty)" = "/dev/tty1" ]] && ${(pkgs.writeShellScript "gs.sh" "${builtins.readFile ../../bin/gs.sh}")}
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -68,6 +68,8 @@
|
||||||
"steam-original"
|
"steam-original"
|
||||||
"steam-run"
|
"steam-run"
|
||||||
"steam-unwrapped"
|
"steam-unwrapped"
|
||||||
|
"steam-jupiter-unwrapped"
|
||||||
|
"steamdeck-hw-theme"
|
||||||
];
|
];
|
||||||
|
|
||||||
hardware.graphics = {
|
hardware.graphics = {
|
||||||
|
|
|
@ -22,6 +22,15 @@ gitlab:
|
||||||
OTP_KEY: ENC[AES256_GCM,data:BphY+ZO26N82iN1782ephpyqYwTt3UmCawX9/1kwvWEo5OebpUOOOQnR03I=,iv:EaHAW/sb1MGfN9ZFeB8t4xxVUtxb5jM7uL06/eGPxck=,tag:Qg+0oBsc0oB1T8NO2Znw5g==,type:str]
|
OTP_KEY: ENC[AES256_GCM,data:BphY+ZO26N82iN1782ephpyqYwTt3UmCawX9/1kwvWEo5OebpUOOOQnR03I=,iv:EaHAW/sb1MGfN9ZFeB8t4xxVUtxb5jM7uL06/eGPxck=,tag:Qg+0oBsc0oB1T8NO2Znw5g==,type:str]
|
||||||
DB_KEY: ENC[AES256_GCM,data:9Yso0CEnpAU/sX2NW8roSz+w/lhfK220f35U8Z3t+GNOi+Zd7Ybb/7kill4=,iv:fsQ86NRJbLYfjFZ/ka6po1o35dagqmiqhfQmUQNzlPg=,tag:LV9Sh+TlYv+kRW0bLWajnw==,type:str]
|
DB_KEY: ENC[AES256_GCM,data:9Yso0CEnpAU/sX2NW8roSz+w/lhfK220f35U8Z3t+GNOi+Zd7Ybb/7kill4=,iv:fsQ86NRJbLYfjFZ/ka6po1o35dagqmiqhfQmUQNzlPg=,tag:LV9Sh+TlYv+kRW0bLWajnw==,type:str]
|
||||||
JWS_KEY: ENC[AES256_GCM,data:7QGTClTixUmLFuPwkdvaVbPfZhVFpjtnW4/T6W0Lpu2j5Xt1jxijgRSHYRo=,iv:9v5TGU8+SlKzAQtfF/3VBQ4D9asyNcOOa4ElEG7OQdE=,tag:MPWKPJtFfIeo38uCVG1H7w==,type:str]
|
JWS_KEY: ENC[AES256_GCM,data:7QGTClTixUmLFuPwkdvaVbPfZhVFpjtnW4/T6W0Lpu2j5Xt1jxijgRSHYRo=,iv:9v5TGU8+SlKzAQtfF/3VBQ4D9asyNcOOa4ElEG7OQdE=,tag:MPWKPJtFfIeo38uCVG1H7w==,type:str]
|
||||||
|
notesnook:
|
||||||
|
API_SECRET: ENC[AES256_GCM,data:E2wikU7aAXzuZ1m1javW7SbkCxVSii1zLF2AjFCWbVpyRvVN9le764fU29A=,iv:9R/Hzwdr9shQNYxtSJB18CUiaGq/XfMY2mTlTL5aLHs=,tag:ediIkiZRNOK61xGUO8vKwA==,type:str]
|
||||||
|
S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:Pmzvjon0RH2d78hiO0JEa8Lbad2a+mzX+zs=,iv:IyKuX3lWVqJuovkVNi/5eEZbRSL+jsOG5Kd09mEwr6w=,tag:Z2SfFsLpaPMDphhBp/1b0Q==,type:str]
|
||||||
|
S3_ACCESS_KEY: ENC[AES256_GCM,data:cFv5P0u1u+eITCjf/le7Pcllqdj3UoUzoN5b3G/4R6aZR08RBKdcvs3mR9gnDHVMlhxogZfzkl4yptHK671cZA==,iv:rE4cbfbdqkYmuap4iYZMnakOveT3jCRUuw6E/Q0RnWg=,tag:eSz4UqduFRW3BnVUJSY3mw==,type:str]
|
||||||
|
SMTP_PASSWORD: ENC[AES256_GCM,data:efOK1OwlbehUv/a2K0zHTlNjqyVlUWFF,iv:kDA0sS8Rs4zlK+YJhUWiNAw0OsskFyszoSEQ0RiZxy8=,tag:JdclQMpkTc3Ggl8g0Dxdww==,type:str]
|
||||||
|
outline:
|
||||||
|
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:BlV4g/ri3BkvjD/2BybGS5H8fqQkGZ8dE+Nm91WV1ia5Qq/QhzED0NsM2sIcow2vKh12Q/T+NyhvkgmdV6xzWKjY7C/WMkt+,iv:lIhD8drsTqlbEKM/2ZlIspabTjy55eHnnh6YjXm996o=,tag:kaTDj28HUjKKqVkOu1XSRA==,type:str]
|
||||||
|
SMTP_PASSWORD: ENC[AES256_GCM,data:ZkVT5HLT0PB6FsdHBFaasQp86S+UNM91,iv:AG+7F0zMgGHcCEd6KkZu+UPzCfs+CGfe4P54PtZCxr0=,tag:QcG8wBeyRwmeHg+RmF7jqQ==,type:str]
|
||||||
|
S3_SECRET_KEY: ENC[AES256_GCM,data:G/uX/JggGnMu9JMqXR2AkNjxAmGjjXKJchAOfnYLFWFt/oc8rJaK6TKPmHKF7+dL9Iphfvuu6k8Bs/hkOuhG6w==,iv:ghazTJoiBk1frpJbJrcSm53dU1/xi//+yruAqhm6T8E=,tag:kd3XYWQg5z/pMMmXqAtzGw==,type:str]
|
||||||
penpot:
|
penpot:
|
||||||
SECRET_KEY: ENC[AES256_GCM,data:Ebeehmby3FBDOaTxwTWg9vKTsB+w8wpa6FdxcvvRTwDR07A0Ljk4WCaPmbPBArbwB14cMSuGeDGBrvNo1x8N+u3FeMMei+TGvgJGssZynxEN7+g5gTg=,iv:ZAa3n7CCyeeeAIv48JpIZmjFiyHiXLFK+Q0Wqf7utFY=,tag:6JZZ53jEM579vYhQG4X2Fw==,type:str]
|
SECRET_KEY: ENC[AES256_GCM,data:Ebeehmby3FBDOaTxwTWg9vKTsB+w8wpa6FdxcvvRTwDR07A0Ljk4WCaPmbPBArbwB14cMSuGeDGBrvNo1x8N+u3FeMMei+TGvgJGssZynxEN7+g5gTg=,iv:ZAa3n7CCyeeeAIv48JpIZmjFiyHiXLFK+Q0Wqf7utFY=,tag:6JZZ53jEM579vYhQG4X2Fw==,type:str]
|
||||||
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:+GrXq113byY5XqFDE1tF4n5xcrhIjg2KI39xgxY6hEcS3r6KcF6SAFmczoscMFPJccaTv7Pcr7zfzDxGT7zDuNyj324nzvff,iv:onZV3ESU4Kbvp9x9rfXuq17FlhaoE/4ZXIwH4/bOXPc=,tag:I02FFF54NDMyJuicdwy4TA==,type:str]
|
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:+GrXq113byY5XqFDE1tF4n5xcrhIjg2KI39xgxY6hEcS3r6KcF6SAFmczoscMFPJccaTv7Pcr7zfzDxGT7zDuNyj324nzvff,iv:onZV3ESU4Kbvp9x9rfXuq17FlhaoE/4ZXIwH4/bOXPc=,tag:I02FFF54NDMyJuicdwy4TA==,type:str]
|
||||||
|
@ -65,8 +74,8 @@ sops:
|
||||||
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
|
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
|
||||||
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
|
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-10-24T10:04:55Z"
|
lastmodified: "2024-11-03T19:39:34Z"
|
||||||
mac: ENC[AES256_GCM,data:fXCKFVev+ALjXdSPDw7QynQvh2ItusAUq/ZHCUv2dTLZcoW1/42hOyRexQPoQTAw+mACB1Sp9IPu5N5Gg3TSoxV6I67q7+S8FZVzfB1a8wMTIDF1vSOp5eHM3g6i8Wjip23V0LqUqjok4tuunDVnkOmp0uD0fLlaIiTpFgS3HJo=,iv:iq8CYdzR2F4knyTBHYIsS/hF+WCYcWXrpBAl2Ow60A0=,tag:hmNaTtIUqHRbU9aFzD6gww==,type:str]
|
mac: ENC[AES256_GCM,data:/LhtjIGX+a2q4gOZ8KpcNX1UFaLCUG1xAM4pGVx5c4YwdbC4UUuKSaeu0WWzaHaVw/1GNgODhXTC7HOcIr7Y4WgbDV79dF7kdotn1dRlIV0LwLJ22MrmUeQpxOR25zvAEshP0ekqNAV1gf8/TqNvHy8jGwThq4F/8J0hKbov3VQ=,iv:c5Vagv78n+T3Kym/h6EJnGbtWhDrFKg8GKhpu7FQYZ4=,tag:LGtkD/4SfCaMo/LfZwvlhQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.1
|
||||||
|
|
|
@ -34,6 +34,20 @@ identity_providers:
|
||||||
- 'email'
|
- 'email'
|
||||||
- 'openid'
|
- 'openid'
|
||||||
- 'profile'
|
- 'profile'
|
||||||
|
- client_id: 'outline'
|
||||||
|
client_name: 'Outline'
|
||||||
|
client_secret: '$pbkdf2-sha512$310000$KykggigTF2ZRKzEdHqPD0A$TV66lPDqlTodPjFGMpxMUaeQPywHliW8yTXfXsMh4EBkYI3cIqmDc.z6Yk/3/So2.HqsRWwfPlEHmBn9Esq/4A'
|
||||||
|
public: false
|
||||||
|
authorization_policy: 'one_factor'
|
||||||
|
redirect_uris:
|
||||||
|
- 'https://outline.gasdev.fr/auth/oidc.callback'
|
||||||
|
scopes:
|
||||||
|
- 'openid'
|
||||||
|
- 'offline_access'
|
||||||
|
- 'profile'
|
||||||
|
- 'email'
|
||||||
|
userinfo_signed_response_alg: 'none'
|
||||||
|
token_endpoint_auth_method: 'client_secret_post'
|
||||||
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./authelia
|
./authelia
|
||||||
./garage
|
./garage
|
||||||
|
./outline
|
||||||
./penpot
|
./penpot
|
||||||
./shadowsocks
|
./shadowsocks
|
||||||
./uptime-kuma
|
./uptime-kuma
|
||||||
|
|
|
@ -1,22 +1,25 @@
|
||||||
# TODO: Run as different user
|
# TODO: Run as different user
|
||||||
{...}: {
|
{config, ...}: {
|
||||||
sops.secrets."garage/RPC_SECRET".owner = "root";
|
sops.secrets."garage/RPC_SECRET".owner = "root";
|
||||||
|
|
||||||
services.caddy.virtualHosts."s3.gasdev.fr".extraConfig = ''
|
services.caddy.virtualHosts."s3.gasdev.fr *.s3.gasdev.fr" = {
|
||||||
reverse_proxy http://127.0.0.1:3900
|
logFormat = "output file ${config.services.caddy.logDir}/access-s3.gasdev.fr.log";
|
||||||
'';
|
extraConfig = ''
|
||||||
|
header {
|
||||||
|
?Access-Control-Allow-Headers *
|
||||||
|
?Access-Control-Allow-Methods *
|
||||||
|
?Access-Control-Allow-Origin *
|
||||||
|
}
|
||||||
|
reverse_proxy http://127.0.0.1:3900
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
services.caddy.virtualHosts."*.s3.gasdev.fr".extraConfig = ''
|
services.caddy.virtualHosts."s3web.gasdev.fr *.s3web.gasdev.fr" = {
|
||||||
reverse_proxy http://127.0.0.1:3900
|
logFormat = "output file ${config.services.caddy.logDir}/access-s3web.gasdev.fr.log";
|
||||||
'';
|
extraConfig = ''
|
||||||
|
reverse_proxy http://127.0.0.1:3902
|
||||||
services.caddy.virtualHosts."s3web.gasdev.fr".extraConfig = ''
|
'';
|
||||||
reverse_proxy http://127.0.0.1:3900
|
};
|
||||||
'';
|
|
||||||
|
|
||||||
services.caddy.virtualHosts."*.s3web.gasdev.fr".extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:3902
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers = {
|
virtualisation.oci-containers.containers = {
|
||||||
garage = {
|
garage = {
|
||||||
|
|
49
services/outline/default.nix
Normal file
49
services/outline/default.nix
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
sops.secrets."outline/OIDC_CLIENT_SECRET".owner = "outline";
|
||||||
|
sops.secrets."outline/SMTP_PASSWORD".owner = "outline";
|
||||||
|
sops.secrets."outline/S3_SECRET_KEY".owner = "outline";
|
||||||
|
|
||||||
|
services.caddy.virtualHosts."outline.gasdev.fr".extraConfig = ''
|
||||||
|
reverse_proxy http://127.0.0.1:7143
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.outline = {
|
||||||
|
enable = true;
|
||||||
|
port = 7143;
|
||||||
|
publicUrl = "https://outline.gasdev.fr";
|
||||||
|
forceHttps = false;
|
||||||
|
|
||||||
|
oidcAuthentication = {
|
||||||
|
authUrl = "https://auth.gasdev.fr/api/oidc/authorization";
|
||||||
|
userinfoUrl = "https://auth.gasdev.fr/api/oidc/userinfo";
|
||||||
|
tokenUrl = "https://auth.gasdev.fr/api/oidc/token";
|
||||||
|
displayName = "Authelia";
|
||||||
|
clientId = "outline";
|
||||||
|
clientSecretFile = config.sops.secrets."outline/OIDC_CLIENT_SECRET".path;
|
||||||
|
scopes = ["openid" "offline_access" "profile" "email"];
|
||||||
|
};
|
||||||
|
|
||||||
|
smtp = {
|
||||||
|
host = "smtp.mail.ovh.net";
|
||||||
|
port = 465;
|
||||||
|
username = "postmaster@gasdev.fr";
|
||||||
|
passwordFile = config.sops.secrets."outline/SMTP_PASSWORD".path;
|
||||||
|
fromEmail = "from.outline@gasdev.fr";
|
||||||
|
replyEmail = "reply.outline@gasdev.fr";
|
||||||
|
};
|
||||||
|
|
||||||
|
storage = {
|
||||||
|
storageType = "local";
|
||||||
|
localRootDir = "/var/lib/outline/data";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfreePredicate = pkg:
|
||||||
|
builtins.elem (lib.getName pkg) [
|
||||||
|
"outline"
|
||||||
|
];
|
||||||
|
}
|
|
@ -100,6 +100,7 @@
|
||||||
penpot-postgres = {
|
penpot-postgres = {
|
||||||
image = "docker.io/postgres:15";
|
image = "docker.io/postgres:15";
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
ports = [];
|
||||||
volumes = [
|
volumes = [
|
||||||
"penpot_postgres:/var/lib/postgresql/data"
|
"penpot_postgres:/var/lib/postgresql/data"
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in a new issue