+1

hosts/nixos/eiri/configuration.nix

reviewed

··· 36 36 restic 37 37 vaultwarden 38 38 pocket-id 39 39 + tinyauth 39 40 outline 40 41 memos 41 42 # pds

+20 -5

hosts/nixos/knights/configuration.nix

reviewed

··· 296 296 297 297 virtualHosts = 298 298 let 299 299 - inherit (allSecrets.global) domain00 domain0; 299 299 + inherit (allSecrets.global) domain00 domain01 domain0; 300 300 in 301 301 { 302 302 - # "it.74k1.sh" = { 302 302 + # "it.${domain01}" = { 303 303 # addSSL = true; 304 304 # enableACME = true; 305 305 # locations."/" = { 306 306 # proxyPass = "http://10.100.0.1:80"; # nginx based on url 307 307 # }; 308 308 # }; 309 309 - # "send.74k1.sh" = { 309 309 + # "send.${domain01}" = { 310 310 # addSSL = true; 311 311 # enableACME = true; 312 312 # locations."/" = { ··· 314 314 # proxyWebsockets = true; 315 315 # }; 316 316 # }; 317 317 - "umami.74k1.sh" = { 317 317 + "auth.${domain01}" = { 318 318 + addSSL = true; 319 319 + enableACME = true; 320 320 + locations."/" = { 321 321 + proxyPass = "http://10.100.0.1:3030"; 322 322 + # proxyWebsockets = true; 323 323 + # recommendedProxySettings = true; 324 324 + extraConfig = /* nginx */ '' 325 325 + proxy_set_header Host $host; 326 326 + proxy_set_header X-Real-IP $remote_addr; 327 327 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 328 328 + proxy_set_header X-Forwarded-Proto $scheme; 329 329 + ''; 330 330 + }; 331 331 + }; 332 332 + "umami.${domain01}" = { 318 333 addSSL = true; 319 334 enableACME = true; 320 335 locations."/" = { ··· 330 345 }; 331 346 "auth.${domain00}" = { 332 347 addSSL = true; 333 333 - useACMEHost = "${allSecrets.global.domain00}"; 348 348 + useACMEHost = "${domain00}"; 334 349 # enableACME = true; 335 350 locations."/" = { 336 351 proxyPass = "http://10.100.0.1:1411";

+46

modules/nixos/daemons/tinyauth/default.nix

reviewed

··· 1 1 + { 2 2 + allSecrets, 3 3 + config, 4 4 + inputs, 5 5 + lib, 6 6 + outputs, 7 7 + pkgs, 8 8 + ... 9 9 + }: 10 10 + { 11 11 + age.secrets."tinyauth_env" = { 12 12 + rekeyFile = "${inputs.self}/secrets/tinyauth_env"; 13 13 + # mode = "770"; 14 14 + # owner = "syncthing"; 15 15 + # group = "syncthing"; 16 16 + }; 17 17 + 18 18 + services.tinyauth = { 19 19 + enable = true; 20 20 + package = pkgs.master.tinyauth; 21 21 + 22 22 + 23 23 + # TINYAUTH_OAUTH_PROVIDERS_POCKETID_CLIENTID 24 24 + # TINYAUTH_OAUTH_PROVIDERS_POCKETID_CLIENTSECRET 25 25 + environmentFile = config.age.secrets."tinyauth_env".path; 26 26 + 27 27 + settings = { 28 28 + APPURL = "https://auth.${allSecrets.global.domain01}"; 29 29 + SERVER_PORT = 3030; 30 30 + SERVER_ADDRESS = "0.0.0.0"; 31 31 + # OAUTH_AUTOREDIRECT = "pocketid"; 32 32 + 33 33 + OAUTH_PROVIDERS_POCKETID_AUTHURL = allSecrets.global.oidc.authUrl; 34 34 + OAUTH_PROVIDERS_POCKETID_TOKENURL = allSecrets.global.oidc.tokenUrl; 35 35 + OAUTH_PROVIDERS_POCKETID_USERINFOURL = allSecrets.global.oidc.userinfoUrl; 36 36 + OAUTH_PROVIDERS_POCKETID_REDIRECTURL = "https://auth.${allSecrets.global.domain01}/api/oauth/callback/pocketid"; 37 37 + OAUTH_PROVIDERS_POCKETID_SCOPES = "openid email profile groups"; 38 38 + OAUTH_PROVIDERS_POCKETID_NAME = "Pocket ID"; 39 39 + 40 40 + # app specific 41 41 + # where [NAME] is: "https://[NAME].example.com/" 42 42 + # APPS_[NAME]_OAUTH_GROUPS 43 43 + APPS_SCROBBLE_OAUTH_GROUPS = "tinyauth_scrobble_user"; 44 44 + }; 45 45 + }; 46 46 + }

+2 -1

modules/nixos/default.nix

reviewed

··· 19 19 locale = import ./profile/locale; 20 20 loki = import ./daemons/loki; 21 21 memos = import ./daemons/memos; 22 22 - murmur = import ./daemons/murmur; 23 22 miniflux = import ./daemons/miniflux; 23 23 + murmur = import ./daemons/murmur; 24 24 n8n = import ./daemons/n8n; 25 25 navidrome = import ./daemons/navidrome; 26 26 nextcloud = import ./daemons/nextcloud; ··· 47 47 substituters = import ./nix/substituters; 48 48 syncthing = import ./daemons/syncthing; 49 49 taki = import ./profile/taki; 50 50 + tinyauth = import ./daemons/tinyauth; 50 51 transmission = import ./daemons/transmission; 51 52 umami = import ./daemons/umami; 52 53 vaultwarden = import ./daemons/vaultwarden;

secrets/rekeyed/eiri/050a53fc6f9c71d3d395062bbf386b6c-tinyauth_env.age

reviewed

This is a binary file and will not be displayed.

+11

secrets/tinyauth_env

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> piv-p256 RRcsTA A1a889JVq172A466gpORCinjpN+0N4fErpn0PpDAcKDP 3 3 + hnYq1kwcckYkefNkKZfSJ0wkDVLAouLe3B7dmpsJ94E 4 4 + -> piv-p256 IBLnbw Aua1RGwXFPeIEVnqQZBwWVO/w7ANA1W/3uDjSQh3rDOS 5 5 + mJc6E1rPZjpr58cIsuZUnH4vMFomsUw9aDTs9KAHAQw 6 6 + -> um\T-grease 7 7 + qybFFCEuQPtdw2hxrwp+7/XzaV1ER5GzLNY5W2Ufq8joWn7tNAadKtNC 8 8 + --- Lj6reQdD2Xr+a6H1sKKIQgXuwjbMMhqTWQBTf8gj3WQ 9 9 + �˴���Vzղ��P}�e+��n�_�G�%����tK�[!�WPA1N���V�c���4�B:�^󬆐CF�|�~G>�oS��r'b����A�t��y�f�0��{�( :�$���+N�)�&\�r1F��V8� 10 10 + �]���ǭ[Þ�����`� 11 11 + û��z��?Ɋ�hy4?��(��Ni�A��