From e912f7bb7b821ba00c4b112b33bb38192f223645 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sat, 27 Apr 2024 20:59:10 +0200
Subject: [PATCH 1/2] seafile: configure openid-connect

---
 hosts/nuc/modules/seafile/default.nix |  30 +++++++++++++++++++++++++-
 secrets.nix                           |   1 +
 secrets/nuc/seafile/oidc-secret.age   | Bin 0 -> 355 bytes
 3 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 secrets/nuc/seafile/oidc-secret.age

diff --git a/hosts/nuc/modules/seafile/default.nix b/hosts/nuc/modules/seafile/default.nix
index fb8dca0..0ec6ef0 100644
--- a/hosts/nuc/modules/seafile/default.nix
+++ b/hosts/nuc/modules/seafile/default.nix
@@ -3,13 +3,38 @@ let
   domain = "seafile.${config.networking.domain}";
 in
 {
+  age.secrets."seafile/oidc-secret" = {
+    file = ../../../../secrets/nuc/seafile/oidc-secret.age;
+    mode = "0440";
+    group = "seafile";
+  };
   services.seafile = {
     enable = true;
-    adminEmail = "rouven@rfive.de";
+    adminEmail = "admin@rfive.de";
     initialAdminPassword = "unused garbage";
     ccnetSettings.General.SERVICE_URL = "https://${domain}";
     ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
     seafileSettings.fileserver.port = 8083;
+    seahubExtraConf = ''
+      ENABLE_OAUTH = True
+      OAUTH_ENABLE_INSECURE_TRANSPORT = True
+
+      OAUTH_CLIENT_ID = "seafile"
+      with open('${config.age.secrets."seafile/oidc-secret".path}') as f:
+        OAUTH_CLIENT_SECRET = f.readline().rstrip()
+      OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'
+ 
+      OAUTH_PROVIDER_DOMAIN   = 'seafile.rfive.de'
+      OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/auth'
+      OAUTH_TOKEN_URL         = 'https://auth.rfive.de/realms/master/protocol/openid-connect/token'
+      OAUTH_USER_INFO_URL     = 'https://auth.rfive.de/realms/master/protocol/openid-connect/userinfo'
+      OAUTH_SCOPE = [ "openid", "profile", "email"]
+      OAUTH_ATTRIBUTE_MAP = {
+          "id":    (False, "not used"),
+          "name":  (False, "full name"),
+          "email": (True, "email"),
+      }
+    '';
   };
   services.nginx.virtualHosts."${domain}" = {
     locations."/" = {
@@ -24,5 +49,8 @@ in
     locations."/media" = {
       root = pkgs.seahub;
     };
+    locations."/accounts/login" = {
+      return = "301 /oauth/login";
+    };
   };
 }
diff --git a/secrets.nix b/secrets.nix
index f73f67b..8e11522 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -22,6 +22,7 @@ in
   "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
+  "secrets/nuc/seafile/oidc-secret.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];
 
diff --git a/secrets/nuc/seafile/oidc-secret.age b/secrets/nuc/seafile/oidc-secret.age
new file mode 100644
index 0000000000000000000000000000000000000000..07c0f6c537b97d0f92f609ac82793c3b75418881
GIT binary patch
literal 355
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH4Nr3P2vi8r&Nav>
zDG2fLiuChytO_YKO)bf=OssIs$}5N{hzR!Zu5fnBNy{^GO6CgI_IIqz3n=t4_lSz}
zb#u=1$p~_<NHi(&PqQ>H3H3<x^A0!hN)J!ZC`Y%=C?qH)B3+>}FWogbHzy;=Bf`kj
zrAphpJkmYPH>%Rzz^EuVJHjcrs3<ccBRAbRJ&-HN(lgQ1$vD%{#lW+u!YInJI6W~c
z*DTq>zbvabG9)zLF-PCq(<#!+Cz(rES69K@+0WU>!>6JwEypy<!^qIb*CV_lHzKGq
z(ygqx+|V*P(?2lZCparB$AIgV_VU(E6O0qSbI2~6Jav~5!)(q^`PMBlp~qINDZc*e
oNP>b<l6U!o!!K9AK7OdEVQ=J~`;z>&m-VmQ`NR9%q5I@p0G|nfrT_o{

literal 0
HcmV?d00001


From f88f61b0207e3dd5d67aeb33a2340c5c4d81027e Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sat, 27 Apr 2024 21:00:45 +0200
Subject: [PATCH 2/2] thinkpad: add wine

---
 flake.lock                        | 18 +++++++++---------
 users/rouven/modules/packages.nix |  1 +
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index 37b6da6..dcd4a81 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1712079060,
-        "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
+        "lastModified": 1714136352,
+        "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "1381a759b205dff7a6818733118d02253340fd5e",
+        "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e",
         "type": "github"
       },
       "original": {
@@ -216,11 +216,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714042918,
-        "narHash": "sha256-4AItZA3EQIiSNAxliuYEJumw/LaVfrMv84gYyrs0r3U=",
+        "lastModified": 1714203603,
+        "narHash": "sha256-eT7DENhYy7EPLOqHI9zkIMD9RvMCXcqh6gGqOK5BWYQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0c5704eceefcb7bb238a958f532a86e3b59d76db",
+        "rev": "c1609d584a6b5e9e6a02010f51bd368cb4782f8e",
         "type": "github"
       },
       "original": {
@@ -332,11 +332,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1713895582,
-        "narHash": "sha256-cfh1hi+6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U=",
+        "lastModified": 1714076141,
+        "narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "572af610f6151fd41c212f897c71f7056e3fb518",
+        "rev": "7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856",
         "type": "github"
       },
       "original": {
diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix
index f3be671..28b340f 100644
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@@ -43,6 +43,7 @@
     mosh
     typst
     hut
+    wine
 
     # programming languages
     cargo