From f20a32ab6ca73b23f1784aef02f48e0fb6ec353b Mon Sep 17 00:00:00 2001
From: Patrick <patrick@failmail.dev>
Date: Mon, 4 Mar 2024 21:10:01 +0100
Subject: [PATCH] feat: working authelia with gitea

---
 hosts/elisabeth/default.nix                   |  6 +++--
 hosts/elisabeth/secrets/yourspotify/host.pub  |  1 +
 .../secrets/yourspotify/yourspotify.age       |  0
 modules/services/authelia.nix                 |  7 ++++++
 modules/services/gitea.nix                    | 12 ++++++----
 modules/services/yourspotify.nix              |  2 +-
 pkgs/your_spotify.nix                         | 22 ++++++++-----------
 pkgs/your_spotify_client.nix                  | 15 +++++--------
 8 files changed, 36 insertions(+), 29 deletions(-)
 rename secrets/your_spotify.age => hosts/elisabeth/secrets/yourspotify/yourspotify.age (100%)

diff --git a/hosts/elisabeth/default.nix b/hosts/elisabeth/default.nix
index 7af29ee..b1048cf 100644
--- a/hosts/elisabeth/default.nix
+++ b/hosts/elisabeth/default.nix
@@ -26,7 +26,9 @@
       ./guests.nix
     ];
   services.xserver = {
-    layout = "de";
-    xkbVariant = "bone";
+    xkb = {
+      layout = "de";
+      variant = "bone";
+    };
   };
 }
diff --git a/hosts/elisabeth/secrets/yourspotify/host.pub b/hosts/elisabeth/secrets/yourspotify/host.pub
index e69de29..6f6fd5b 100644
--- a/hosts/elisabeth/secrets/yourspotify/host.pub
+++ b/hosts/elisabeth/secrets/yourspotify/host.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDfJQBQg5BlE03TZw3MLGGPK/YjYqR59OpYOEsvJX3u3
diff --git a/secrets/your_spotify.age b/hosts/elisabeth/secrets/yourspotify/yourspotify.age
similarity index 100%
rename from secrets/your_spotify.age
rename to hosts/elisabeth/secrets/yourspotify/yourspotify.age
diff --git a/modules/services/authelia.nix b/modules/services/authelia.nix
index 426d42d..9a21b4c 100644
--- a/modules/services/authelia.nix
+++ b/modules/services/authelia.nix
@@ -74,6 +74,13 @@ in {
               email = "patrick@${config.secrets.secrets.global.domains.mail_public}";
               groups = ["admin" "forgejo_admin"];
             };
+            users.test = {
+              disabled = false;
+              displayname = "Test";
+              password = "$argon2id$v=19$m=4096,t=3,p=1$cmJuaWJldGRheA$kG4NCJRryXTCe/8Jc2/BBnEmlWSRwq4pZG7LH7fKs/o";
+              email = "test@${config.secrets.secrets.global.domains.mail_public}";
+              groups = [];
+            };
           });
         };
       };
diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix
index bd739cb..c7b0903 100644
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@@ -84,10 +84,8 @@ in {
         SEND_AS_PLAIN_TEXT = true;
       };
       oauth2_client = {
-        ACCOUNT_LINKING = "auto";
-        USERNAME = "userid";
+        ACCOUNT_LINKING = "login";
         ENABLE_AUTO_REGISTRATION = true;
-        OPENID_CONNECT_SCOPES = "email profile";
         REGISTER_EMAIL_CONFIRM = false;
         UPDATE_AVATAR = true;
       };
@@ -110,7 +108,7 @@ in {
       };
       service = {
         DISABLE_REGISTRATION = false;
-        SHOW_REGISTRATION_BUTTON = false;
+        SHOW_REGISTRATION_BUTTON = true;
         REGISTER_EMAIL_CONFIRM = false;
         ENABLE_NOTIFY_MAIL = true;
         DEFAULT_KEEP_EMAIL_PRIVATE = true;
@@ -145,6 +143,12 @@ in {
         "https://auth.${config.secrets.secrets.global.domains.web}/.well-known/openid-configuration"
         "--required-claim-name"
         "groups"
+        "--scopes"
+        "email"
+        "--scopes"
+        "profile"
+        "--scopes"
+        "groups"
         "--group-claim-name"
         "groups"
         "--admin-group"
diff --git a/modules/services/yourspotify.nix b/modules/services/yourspotify.nix
index 9ecefee..0258df0 100644
--- a/modules/services/yourspotify.nix
+++ b/modules/services/yourspotify.nix
@@ -3,7 +3,7 @@
   age.secrets.spotify = {
     owner = "your_spotify";
     mode = "440";
-    rekeyFile = ../../secrets/your_spotify.age;
+    rekeyFile = "${config.node.secretsDir}/yourspotify.age";
   };
   services.your_spotify = {
     #enable = true;
diff --git a/pkgs/your_spotify.nix b/pkgs/your_spotify.nix
index 96035c2..b70d5d8 100644
--- a/pkgs/your_spotify.nix
+++ b/pkgs/your_spotify.nix
@@ -7,30 +7,26 @@
   lib,
   callPackage,
 }: let
-  version = "1.7.3";
-  src_o = fetchFromGitHub {
+  version = "1.8.0";
+  src = fetchFromGitHub {
     owner = "Yooooomi";
     repo = "your_spotify";
     rev = "refs/tags/${version}";
-    hash = "sha256-/0xKktywwGcqsuwLytWBJ3O6ADHg1nP6BdMRlkW5ErY=";
+    hash = "sha256-umm7J5ADY2fl+tjs6Qeda5MX2P55u0eCqwW+DWLK8Kc=";
   };
-  client = callPackage ./your_spotify_client.nix {inherit src_o version;};
+  client = callPackage ./your_spotify_client.nix {inherit src version;};
 in
   mkYarnPackage rec {
-    inherit version;
+    inherit version src;
     pname = "your_spotify";
-    src = "${src_o}/server";
     offlineCache = fetchYarnDeps {
       yarnLock = src + "/yarn.lock";
-      hash = "sha256-3ZK+p3RoHHjPu53MLGSho7lEroZ77vUrZ2CjDwIUQTs=";
+      hash = "sha256-pj6owoEPx9gdtFvXF8E89A+Thhe/7m0+OJU6Ttc6ooA=";
     };
-    postPatch = ''
-      substituteInPlace tsconfig.json --replace-quiet '"extends": "../tsconfig.json",' ""
-    '';
     buildPhase = ''
       runHook preBuild
-      pushd ./deps/server
-      yarn --offline run build
+      pushd ./deps/@your_spotify/root/apps/server/
+      yarn --offline --production
       popd
       runHook postBuild
     '';
@@ -38,7 +34,7 @@ in
     installPhase = ''
       mkdir -p $out
       cp -r $node_modules $out/node_modules
-      cp -r ./deps/server/{lib,package.json} $out
+      cp -r ./deps/your_spotify/apps/server/{lib,package.json} $out
       mkdir -p $out/bin
       makeWrapper ${lib.escapeShellArg (lib.getExe nodejs)} "$out/bin/your_spotify_migrate" \
         --add-flags "$out/lib/migrations.js"
diff --git a/pkgs/your_spotify_client.nix b/pkgs/your_spotify_client.nix
index c4fb8fc..aacd8ab 100644
--- a/pkgs/your_spotify_client.nix
+++ b/pkgs/your_spotify_client.nix
@@ -3,23 +3,20 @@
   makeWrapper,
   fetchYarnDeps,
   apiEndpoint ? "localhost:8080",
-  src_o,
+  src,
   version,
 }:
 mkYarnPackage rec {
-  inherit version;
+  inherit version src;
   pname = "your_spotify_client";
-  src = "${src_o}/client";
   offlineCache = fetchYarnDeps {
     yarnLock = src + "/yarn.lock";
-    hash = "sha256-9UfRVv7M9311lesnr19oThYnzB9cK23XNZejJY/Fd24=";
+    hash = "sha256-pj6owoEPx9gdtFvXF8E89A+Thhe/7m0+OJU6Ttc6ooA=";
   };
-  postPatch = ''
-    substituteInPlace tsconfig.json --replace-quiet '"extends": "../tsconfig.json",' ""
-  '';
   buildPhase = ''
     runHook preBuild
-    pushd ./deps/client_ts
+    pushd ./deps/@your_spotify/root/apps/client/
+    pwd
     yarn --offline run build
     popd
     runHook postBuild
@@ -27,7 +24,7 @@ mkYarnPackage rec {
   nativeBuildInputs = [makeWrapper];
   installPhase = ''
     mkdir -p $out
-    cp -r ./deps/client_ts/build/* $out
+    cp -r ./deps/your_spotify/apps/client/build/* $out
     substituteInPlace $out/variables-template.js --replace-quiet '__API_ENDPOINT__' "${apiEndpoint}"
     mv $out/variables-template.js $out/variables.js
   '';