fix ci

feat(weilite): make immich public
2024-07-30 11:31:27 +08:00 · 2024-07-30 11:27:54 +08:00
6 changed files with 90 additions and 89 deletions
--- a/flake.lock
+++ b/flake.lock
@ -222,11 +222,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1722304333,
+        "lastModified": 1722309060,
-        "narHash": "sha256-fC+PkQuMo1DykB7my6VLPOQi6ugnZuOGdGmAAKCmFVY=",
+        "narHash": "sha256-lJ5auEUvSI0H0GwW5yWLgizvJ2A+N4aL2u2Xqa6JVCc=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "6cfe9fb0882d3d57fd67c783905757bb10b9115e",
+        "rev": "e491266f3f0e1fee7709c4d3d68130b5500dcd46",
        "type": "github"
      },
      "original": {
--- a/machines/massicot/kanidm-provision.nix
+++ b/machines/massicot/kanidm-provision.nix
@ -0,0 +1,78 @@
 {
  enable = true;
  autoRemove = true;
  groups = {
    forgejo-access = {
      members = [ "xin" ];
    };
    gts-users = {
      members = [ "xin" ];
    };
    ocis-users = {
      members = [ "xin" ];
    };
    linux_users = {
      members = [ "xin" ];
    };
    hedgedoc-users = {
      members = [ "xin" ];
    };
    immich-users = {
      members = [ "xin" "zhuo" ];
    };
  };
  persons = {
    xin = {
      displayName = "Xinyang Li";
      mailAddresses = [ "lixinyang411@gmail.com" ];
    };
    zhuo = {
      displayName = "Zhuo";
      mailAddresses = [ "13681104320@163.com" ];
    };
  };
  systems.oauth2 = {
    forgejo = {
      displayName = "ForgeJo";
      originUrl = "https://git.xinyang.life/";
      originLanding = "	https://git.xinyang.life/user/oauth2/kandim";
      allowInsecureClientDisablePkce = true;
      scopeMaps = {
        forgejo-access = [ "openid" "email" "profile" "groups" ];
      };
    };
    gts = {
      displayName = "GoToSocial";
      originUrl = "https://xinyang.life/";
      allowInsecureClientDisablePkce = true;
      scopeMaps = {
        gts-users = [ "openid" "email" "profile" "groups" ];
      };
    };
    owncloud = {
      displayName = "ownCloud";
      originUrl = "https://home.xinyang.life:9201/";
      public = true;
      scopeMaps = {
        ocis-users = [ "openid" "email" "profile" ];
      };
    };
    hedgedoc = {
      displayName = "HedgeDoc";
      originUrl = "https://docs.xinyang.life/";
      allowInsecureClientDisablePkce = true;
      scopeMaps = {
        hedgedoc-users = [ "openid" "email" "profile" ];
      };
    };
    immich-mobile = {
      displayName = "Immich";
      originUrl = "https://immich.xinyang.life:8000/api/oauth/mobile-redirect/";
      allowInsecureClientDisablePkce = true;
      scopeMaps = {
        immich-users = [ "openid" "email" "profile" ];
      };
    };
  };
 }
--- a/machines/massicot/services.nix
+++ b/machines/massicot/services.nix
@ -73,84 +73,7 @@ in
      tls_chain = ''${config.security.acme.certs."auth.xinyang.life".directory}/fullchain.pem'';
      # db_path = "/var/lib/kanidm/kanidm.db";
    };
-    provision = {
+    provision = import ./kanidm-provision.nix;
      enable = true;
      autoRemove = true;
      groups = {
        forgejo-access = {
          members = [ "xin" ];
        };
        gts-users = {
          members = [ "xin" ];
        };
        ocis-users = {
          members = [ "xin" ];
        };
        linux_users = {
          members = [ "xin" ];
        };
        hedgedoc-users = {
          members = [ "xin" ];
        };
        immich-users = {
          members = [ "xin" "zhuo" ];
        };
      };
      persons = {
        xin = {
          displayName = "Xinyang Li";
          mailAddresses = [ "lixinyang411@gmail.com" ];
        };
        zhuo = {
          displayName = "Zhuo";
          mailAddresses = [ "13681104320@163.com" ];
        };
      };
      systems.oauth2 = {
        forgejo = {
          displayName = "ForgeJo";
          originUrl = "https://git.xinyang.life/";
          originLanding = "	https://git.xinyang.life/user/oauth2/kandim";
          allowInsecureClientDisablePkce = true;
          scopeMaps = {
            forgejo-access = [ "openid" "email" "profile" "groups" ];
          };
        };
        gts = {
          displayName = "GoToSocial";
          originUrl = "https://xinyang.life/";
          allowInsecureClientDisablePkce = true;
          scopeMaps = {
            gts-users = [ "openid" "email" "profile" "groups" ];
          };
        };
        owncloud = {
          displayName = "ownCloud";
          originUrl = "https://home.xinyang.life:9201/";
          public = true;
          scopeMaps = {
            ocis-users = [ "openid" "email" "profile" ];
          };
        };
        hedgedoc = {
          displayName = "HedgeDoc";
          originUrl = "https://docs.xinyang.life/";
          allowInsecureClientDisablePkce = true;
          scopeMaps = {
            hedgedoc-users = [ "openid" "email" "profile" ];
          };
        };
        immich-mobile = {
          displayName = "Immich";
          originUrl = "https://immich.xinyang.life:8000/api/oauth/mobile-redirect/";
          allowInsecureClientDisablePkce = true;
          scopeMaps = {
            immich-users = [ "openid" "email" "profile" ];
          };
        };
      };
    };
  };
  services.matrix-conduit = {
    enable = true;
--- a/modules/nixos/hedgedoc.nix
+++ b/modules/nixos/hedgedoc.nix
@ -44,8 +44,8 @@ in
      };
    };
  };
-  config = {
+  config = mkIf cfg.enable {
-    services.hedgedoc = mkIf cfg.enable {
+    services.hedgedoc = {
      enable = true;
      environmentFile = cfg.environmentFile;
      settings = {
@ -71,13 +71,13 @@ in
        defaultPermission = "private";
      };
    };
-    services.caddy = mkIf ( cfg.enable && cfg.enable ) {
+    services.caddy = mkIf cfg.caddy {
      enable = true;
      virtualHosts."https://${cfg.domain}".extraConfig = ''
        reverse_proxy unix/${config.services.hedgedoc.settings.path}
      '';
    };
-    users.users.caddy.extraGroups = mkIf ( cfg.enable && cfg.enable ) [ "hedgedoc" ];
+    users.users.caddy.extraGroups = mkIf cfg.caddy [ "hedgedoc" ];
  };
 }
--- a/modules/nixos/prometheus.nix
+++ b/modules/nixos/prometheus.nix
@ -25,7 +25,7 @@ in
    };
  };
-  config = mkMerge [{
+  config = mkIf cfg.enable (mkMerge [{
    services.caddy.globalConfig = ''
      servers {
        metrics
@ -91,5 +91,5 @@ in
      })
    ];
  }
-  ];
+  ]);
 }
--- a/modules/nixos/restic.nix
+++ b/modules/nixos/restic.nix
@ -16,8 +16,8 @@ in
      };
    };
  };
-  config = {
+  config = lib.mkIf cfg.enable {
-    services.restic.backups = lib.mkIf cfg.enable {
+    services.restic.backups = {
      remotebackup = {
        repositoryFile = cfg.repositoryFile;
        passwordFile = cfg.passwordFile;
Author	SHA1	Message	Date
xinyangli	62fe085b31	fix ci	2024-07-30 11:31:27 +08:00
xinyangli	2d995896c2	feat(weilite): make immich public	2024-07-30 11:27:54 +08:00