diff --git a/flake.lock b/flake.lock index dcd4a81..37b6da6 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1714136352, - "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=", + "lastModified": 1712079060, + "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=", "owner": "ryantm", "repo": "agenix", - "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e", + "rev": "1381a759b205dff7a6818733118d02253340fd5e", "type": "github" }, "original": { @@ -216,11 +216,11 @@ ] }, "locked": { - "lastModified": 1714203603, - "narHash": "sha256-eT7DENhYy7EPLOqHI9zkIMD9RvMCXcqh6gGqOK5BWYQ=", + "lastModified": 1714042918, + "narHash": "sha256-4AItZA3EQIiSNAxliuYEJumw/LaVfrMv84gYyrs0r3U=", "owner": "nix-community", "repo": "home-manager", - "rev": "c1609d584a6b5e9e6a02010f51bd368cb4782f8e", + "rev": "0c5704eceefcb7bb238a958f532a86e3b59d76db", "type": "github" }, "original": { @@ -332,11 +332,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714076141, - "narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=", + "lastModified": 1713895582, + "narHash": "sha256-cfh1hi+6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856", + "rev": "572af610f6151fd41c212f897c71f7056e3fb518", "type": "github" }, "original": { diff --git a/hosts/nuc/modules/seafile/default.nix b/hosts/nuc/modules/seafile/default.nix index 0ec6ef0..fb8dca0 100644 --- a/hosts/nuc/modules/seafile/default.nix +++ b/hosts/nuc/modules/seafile/default.nix @@ -3,38 +3,13 @@ let domain = "seafile.${config.networking.domain}"; in { - age.secrets."seafile/oidc-secret" = { - file = ../../../../secrets/nuc/seafile/oidc-secret.age; - mode = "0440"; - group = "seafile"; - }; services.seafile = { enable = true; - adminEmail = "admin@rfive.de"; + adminEmail = "rouven@rfive.de"; initialAdminPassword = "unused garbage"; ccnetSettings.General.SERVICE_URL = "https://${domain}"; ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp"; seafileSettings.fileserver.port = 8083; - seahubExtraConf = '' - ENABLE_OAUTH = True - OAUTH_ENABLE_INSECURE_TRANSPORT = True - - OAUTH_CLIENT_ID = "seafile" - with open('${config.age.secrets."seafile/oidc-secret".path}') as f: - OAUTH_CLIENT_SECRET = f.readline().rstrip() - OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/' - - OAUTH_PROVIDER_DOMAIN = 'seafile.rfive.de' - OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/auth' - OAUTH_TOKEN_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/token' - OAUTH_USER_INFO_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/userinfo' - OAUTH_SCOPE = [ "openid", "profile", "email"] - OAUTH_ATTRIBUTE_MAP = { - "id": (False, "not used"), - "name": (False, "full name"), - "email": (True, "email"), - } - ''; }; services.nginx.virtualHosts."${domain}" = { locations."/" = { @@ -49,8 +24,5 @@ in locations."/media" = { root = pkgs.seahub; }; - locations."/accounts/login" = { - return = "301 /oauth/login"; - }; }; } diff --git a/secrets.nix b/secrets.nix index 8e11522..f73f67b 100644 --- a/secrets.nix +++ b/secrets.nix @@ -22,7 +22,6 @@ in "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ]; "secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; - "secrets/nuc/seafile/oidc-secret.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; diff --git a/secrets/nuc/seafile/oidc-secret.age b/secrets/nuc/seafile/oidc-secret.age deleted file mode 100644 index 07c0f6c..0000000 Binary files a/secrets/nuc/seafile/oidc-secret.age and /dev/null differ diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 28b340f..f3be671 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -43,7 +43,6 @@ mosh typst hut - wine # programming languages cargo