2024-11-15 13:23:11 +01:00
6 changed files with 16 additions and 40 deletions
--- a/flake.lock
+++ b/flake.lock
@ -216,11 +216,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1714430505,
+        "lastModified": 1714203603,
-        "narHash": "sha256-SSJQ/KOy8uISnoZgqDoRha7g7PFLSFP/BtMWm0wUz8Q=",
+        "narHash": "sha256-eT7DENhYy7EPLOqHI9zkIMD9RvMCXcqh6gGqOK5BWYQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "f8e6694edabe4aaa7a85aac47b43ea5d978b116d",
+        "rev": "c1609d584a6b5e9e6a02010f51bd368cb4782f8e",
        "type": "github"
      },
      "original": {
@ -317,11 +317,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1714273701,
+        "lastModified": 1713869268,
-        "narHash": "sha256-bmoeZ5zMSSO/e8P51yjrzaxA9uzA3SZAEFvih6S3LFo=",
+        "narHash": "sha256-o3CMQeu/S8/4zU0pMtYg51rd1FWdJsI2Xohzng1Ysdg=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "941c4973c824509e0356be455d89613611f76c8a",
+        "rev": "dcb6ac44922858ce3a5b46f77a36d6030181460c",
        "type": "github"
      },
      "original": {
@ -332,11 +332,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1714253743,
+        "lastModified": 1714076141,
-        "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
+        "narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994",
+        "rev": "7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -67,7 +67,6 @@
        # thinkpad = self.nixosConfigurations.thinkpad.config.system.build.toplevel;
        jmri = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/jmri { };
        adguardian-term = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/adguardian-term { };
        matrix-authentication-service = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/matrix-authentication-service { };
        pww = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/pww { };
        gnome-break-timer = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/gnome-break-timer { };
        hashcash-milter = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/hashcash-milter { };
--- a/hosts/nuc/modules/seafile/default.nix
+++ b/hosts/nuc/modules/seafile/default.nix
@ -3,6 +3,11 @@ let
  domain = "seafile.${config.networking.domain}";
 in
 {
  age.secrets."seafile/oidc-secret" = {
    file = ../../../../secrets/nuc/seafile/oidc-secret.age;
    mode = "0440";
    group = "seafile";
  };
  services.seafile = {
    enable = true;
    adminEmail = "admin@rfive.de";
@ -15,7 +20,7 @@ in
      OAUTH_ENABLE_INSECURE_TRANSPORT = True
      OAUTH_CLIENT_ID = "seafile"
-      with open('/var/lib/seafile/.oidcSecret') as f:
+      with open('${config.age.secrets."seafile/oidc-secret".path}') as f:
        OAUTH_CLIENT_SECRET = f.readline().rstrip()
      OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'
--- a/pkgs/matrix-authentication-service/default.nix
+++ b/pkgs/matrix-authentication-service/default.nix
@ -1,29 +0,0 @@
 { lib, rustPlatform, fetchFromGitHub }:
 rustPlatform.buildRustPackage rec {
  pname = "matrix-authentication-service";
  version = "0.9.0";
  src = fetchFromGitHub {
    owner = "matrix-org";
    repo = pname;
    rev = "v${version}";
    hash = "sha256-e5JlkcSJ44iE+pVnGQpGiSNahxUcIFeaPyOjp9E3eD0=";
  };
  cargoLock = {
    lockFile = "${src}/Cargo.lock";
    outputHashes = {
      "opa-wasm-0.1.0" = "sha256-f3IIln7BbN7NJiCVMgfoell/plzlqkSm4YYK7mqzKgw=";
    };
  };
  meta = with lib;
    {
      description = "O.uth2.0 + OpenID Provider for Matrix Homeservers";
      homepage = "https://github.com/matrix-org/matrix-authentication-service/blob/main/LICENSE";
      license = with licenses; [ asl20 ];
      maintainers = with maintainers; [ therealr5 ];
      mainProgram = "mas-cli";
    };
 }
--- a/secrets.nix
+++ b/secrets.nix
@ -22,6 +22,7 @@ in
  "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/seafile/oidc-secret.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];
--- a/secrets/nuc/seafile/oidc-secret.age
+++ b/secrets/nuc/seafile/oidc-secret.age