feat: working authelia with gitea
This commit is contained in:
parent
bf62c91c80
commit
f20a32ab6c
GPG key ID:
451F95EFB8BECD0F
|
|
@ -26,7 +26,9 @@
|
||||||
./guests.nix
|
./guests.nix
|
||||||
];
|
];
|
||||||
services.xserver = {
|
services.xserver = {
|
||||||
|
xkb = {
|
||||||
layout = "de";
|
layout = "de";
|
||||||
xkbVariant = "bone";
|
variant = "bone";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDfJQBQg5BlE03TZw3MLGGPK/YjYqR59OpYOEsvJX3u3
|
||||||
|
|
@ -74,6 +74,13 @@ in {
|
||||||
email = "patrick@${config.secrets.secrets.global.domains.mail_public}";
|
email = "patrick@${config.secrets.secrets.global.domains.mail_public}";
|
||||||
groups = ["admin" "forgejo_admin"];
|
groups = ["admin" "forgejo_admin"];
|
||||||
};
|
};
|
||||||
|
users.test = {
|
||||||
|
disabled = false;
|
||||||
|
displayname = "Test";
|
||||||
|
password = "$argon2id$v=19$m=4096,t=3,p=1$cmJuaWJldGRheA$kG4NCJRryXTCe/8Jc2/BBnEmlWSRwq4pZG7LH7fKs/o";
|
||||||
|
email = "test@${config.secrets.secrets.global.domains.mail_public}";
|
||||||
|
groups = [];
|
||||||
|
};
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -84,10 +84,8 @@ in {
|
||||||
SEND_AS_PLAIN_TEXT = true;
|
SEND_AS_PLAIN_TEXT = true;
|
||||||
};
|
};
|
||||||
oauth2_client = {
|
oauth2_client = {
|
||||||
ACCOUNT_LINKING = "auto";
|
ACCOUNT_LINKING = "login";
|
||||||
USERNAME = "userid";
|
|
||||||
ENABLE_AUTO_REGISTRATION = true;
|
ENABLE_AUTO_REGISTRATION = true;
|
||||||
OPENID_CONNECT_SCOPES = "email profile";
|
|
||||||
REGISTER_EMAIL_CONFIRM = false;
|
REGISTER_EMAIL_CONFIRM = false;
|
||||||
UPDATE_AVATAR = true;
|
UPDATE_AVATAR = true;
|
||||||
};
|
};
|
||||||
|
|
@ -110,7 +108,7 @@ in {
|
||||||
};
|
};
|
||||||
service = {
|
service = {
|
||||||
DISABLE_REGISTRATION = false;
|
DISABLE_REGISTRATION = false;
|
||||||
SHOW_REGISTRATION_BUTTON = false;
|
SHOW_REGISTRATION_BUTTON = true;
|
||||||
REGISTER_EMAIL_CONFIRM = false;
|
REGISTER_EMAIL_CONFIRM = false;
|
||||||
ENABLE_NOTIFY_MAIL = true;
|
ENABLE_NOTIFY_MAIL = true;
|
||||||
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
||||||
|
|
@ -145,6 +143,12 @@ in {
|
||||||
"https://auth.${config.secrets.secrets.global.domains.web}/.well-known/openid-configuration"
|
"https://auth.${config.secrets.secrets.global.domains.web}/.well-known/openid-configuration"
|
||||||
"--required-claim-name"
|
"--required-claim-name"
|
||||||
"groups"
|
"groups"
|
||||||
|
"--scopes"
|
||||||
|
"email"
|
||||||
|
"--scopes"
|
||||||
|
"profile"
|
||||||
|
"--scopes"
|
||||||
|
"groups"
|
||||||
"--group-claim-name"
|
"--group-claim-name"
|
||||||
"groups"
|
"groups"
|
||||||
"--admin-group"
|
"--admin-group"
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
age.secrets.spotify = {
|
age.secrets.spotify = {
|
||||||
owner = "your_spotify";
|
owner = "your_spotify";
|
||||||
mode = "440";
|
mode = "440";
|
||||||
rekeyFile = ../../secrets/your_spotify.age;
|
rekeyFile = "${config.node.secretsDir}/yourspotify.age";
|
||||||
};
|
};
|
||||||
services.your_spotify = {
|
services.your_spotify = {
|
||||||
#enable = true;
|
#enable = true;
|
||||||
|
|
|
||||||
|
|
@ -7,30 +7,26 @@
|
||||||
lib,
|
lib,
|
||||||
callPackage,
|
callPackage,
|
||||||
}: let
|
}: let
|
||||||
version = "1.7.3";
|
version = "1.8.0";
|
||||||
src_o = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "Yooooomi";
|
owner = "Yooooomi";
|
||||||
repo = "your_spotify";
|
repo = "your_spotify";
|
||||||
rev = "refs/tags/${version}";
|
rev = "refs/tags/${version}";
|
||||||
hash = "sha256-/0xKktywwGcqsuwLytWBJ3O6ADHg1nP6BdMRlkW5ErY=";
|
hash = "sha256-umm7J5ADY2fl+tjs6Qeda5MX2P55u0eCqwW+DWLK8Kc=";
|
||||||
};
|
};
|
||||||
client = callPackage ./your_spotify_client.nix {inherit src_o version;};
|
client = callPackage ./your_spotify_client.nix {inherit src version;};
|
||||||
in
|
in
|
||||||
mkYarnPackage rec {
|
mkYarnPackage rec {
|
||||||
inherit version;
|
inherit version src;
|
||||||
pname = "your_spotify";
|
pname = "your_spotify";
|
||||||
src = "${src_o}/server";
|
|
||||||
offlineCache = fetchYarnDeps {
|
offlineCache = fetchYarnDeps {
|
||||||
yarnLock = src + "/yarn.lock";
|
yarnLock = src + "/yarn.lock";
|
||||||
hash = "sha256-3ZK+p3RoHHjPu53MLGSho7lEroZ77vUrZ2CjDwIUQTs=";
|
hash = "sha256-pj6owoEPx9gdtFvXF8E89A+Thhe/7m0+OJU6Ttc6ooA=";
|
||||||
};
|
};
|
||||||
postPatch = ''
|
|
||||||
substituteInPlace tsconfig.json --replace-quiet '"extends": "../tsconfig.json",' ""
|
|
||||||
'';
|
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
runHook preBuild
|
runHook preBuild
|
||||||
pushd ./deps/server
|
pushd ./deps/@your_spotify/root/apps/server/
|
||||||
yarn --offline run build
|
yarn --offline --production
|
||||||
popd
|
popd
|
||||||
runHook postBuild
|
runHook postBuild
|
||||||
'';
|
'';
|
||||||
|
|
@ -38,7 +34,7 @@ in
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
mkdir -p $out
|
mkdir -p $out
|
||||||
cp -r $node_modules $out/node_modules
|
cp -r $node_modules $out/node_modules
|
||||||
cp -r ./deps/server/{lib,package.json} $out
|
cp -r ./deps/your_spotify/apps/server/{lib,package.json} $out
|
||||||
mkdir -p $out/bin
|
mkdir -p $out/bin
|
||||||
makeWrapper ${lib.escapeShellArg (lib.getExe nodejs)} "$out/bin/your_spotify_migrate" \
|
makeWrapper ${lib.escapeShellArg (lib.getExe nodejs)} "$out/bin/your_spotify_migrate" \
|
||||||
--add-flags "$out/lib/migrations.js"
|
--add-flags "$out/lib/migrations.js"
|
||||||
|
|
|
||||||
|
|
@ -3,23 +3,20 @@
|
||||||
makeWrapper,
|
makeWrapper,
|
||||||
fetchYarnDeps,
|
fetchYarnDeps,
|
||||||
apiEndpoint ? "localhost:8080",
|
apiEndpoint ? "localhost:8080",
|
||||||
src_o,
|
src,
|
||||||
version,
|
version,
|
||||||
}:
|
}:
|
||||||
mkYarnPackage rec {
|
mkYarnPackage rec {
|
||||||
inherit version;
|
inherit version src;
|
||||||
pname = "your_spotify_client";
|
pname = "your_spotify_client";
|
||||||
src = "${src_o}/client";
|
|
||||||
offlineCache = fetchYarnDeps {
|
offlineCache = fetchYarnDeps {
|
||||||
yarnLock = src + "/yarn.lock";
|
yarnLock = src + "/yarn.lock";
|
||||||
hash = "sha256-9UfRVv7M9311lesnr19oThYnzB9cK23XNZejJY/Fd24=";
|
hash = "sha256-pj6owoEPx9gdtFvXF8E89A+Thhe/7m0+OJU6Ttc6ooA=";
|
||||||
};
|
};
|
||||||
postPatch = ''
|
|
||||||
substituteInPlace tsconfig.json --replace-quiet '"extends": "../tsconfig.json",' ""
|
|
||||||
'';
|
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
runHook preBuild
|
runHook preBuild
|
||||||
pushd ./deps/client_ts
|
pushd ./deps/@your_spotify/root/apps/client/
|
||||||
|
pwd
|
||||||
yarn --offline run build
|
yarn --offline run build
|
||||||
popd
|
popd
|
||||||
runHook postBuild
|
runHook postBuild
|
||||||
|
|
@ -27,7 +24,7 @@ mkYarnPackage rec {
|
||||||
nativeBuildInputs = [makeWrapper];
|
nativeBuildInputs = [makeWrapper];
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
mkdir -p $out
|
mkdir -p $out
|
||||||
cp -r ./deps/client_ts/build/* $out
|
cp -r ./deps/your_spotify/apps/client/build/* $out
|
||||||
substituteInPlace $out/variables-template.js --replace-quiet '__API_ENDPOINT__' "${apiEndpoint}"
|
substituteInPlace $out/variables-template.js --replace-quiet '__API_ENDPOINT__' "${apiEndpoint}"
|
||||||
mv $out/variables-template.js $out/variables.js
|
mv $out/variables-template.js $out/variables.js
|
||||||
'';
|
'';
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue