feat: several updates
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 2s

This commit is contained in:
Xavier Morel
2026-03-26 00:16:20 +01:00
parent fd778d374e
commit ff508fd669
5 changed files with 54 additions and 33 deletions
+1 -1
View File
@@ -98,7 +98,7 @@ in
idp_id = "authentik"; idp_id = "authentik";
idp_name = "authentik"; idp_name = "authentik";
discover = true; discover = true;
issuer = "https://${auth_host}/application/o/chat/"; issuer = "https://${auth_host}/application/o/matrix/";
client_id = sec.oidc_client_id; client_id = sec.oidc_client_id;
client_secret = sec.oidc_client_secret; client_secret = sec.oidc_client_secret;
scopes = [ scopes = [
+2 -1
View File
@@ -7,10 +7,11 @@
{ {
services.paperless = { services.paperless = {
enable = true; enable = true;
address = "0.0.0.0";
configureTika = true; configureTika = true;
consumptionDirIsPublic = true;
domain = tools.build_hostname "papers"; domain = tools.build_hostname "papers";
environmentFile = config.age.secrets.papers-environment-file.path; environmentFile = config.age.secrets.papers-environment-file.path;
passwordFile = config.age.secrets.papers-password-file.path; passwordFile = config.age.secrets.papers-password-file.path;
port = 80;
}; };
} }
+5 -2
View File
@@ -23,16 +23,19 @@ in
enable = true; enable = true;
providers = [ providers = [
"builtin" "builtin"
"builtin_player" # "builtin_player"
"chromecast" "chromecast"
"deezer" "deezer"
"dlna" "dlna"
"fanarttv"
"filesystem_local" "filesystem_local"
"filesystem_smb" "filesystem_smb"
"hass" "hass"
"hass_players" "hass_players"
"jellyfin" "jellyfin"
"player_group" #"player_group"
"sendspin"
"universal_group"
"ytmusic" "ytmusic"
"squeezelite" "squeezelite"
]; ];
+4 -4
View File
@@ -7,7 +7,7 @@ in
container = { container = {
cores = 1; cores = 1;
memory = 512; memory = 512;
disk = "6G"; disk = "10G";
swap = 512; swap = 512;
}; };
db = { db = {
@@ -15,7 +15,7 @@ in
password = db_pass.papers; password = db_pass.papers;
}; };
system = { system = {
port = 80; # open in firewall + expose on proxy port = 28981;
importConfig = [ importConfig = [
../config/papers-paperless.nix ../config/papers-paperless.nix
]; ];
@@ -24,7 +24,7 @@ in
enable = true; enable = true;
metricsEnable = true; metricsEnable = true;
}; };
private = true; # available only on private lan private = true;
auth = false; # true; # auth overlay auth = true;
}; };
} }
+29 -12
View File
@@ -6,6 +6,7 @@
}: }:
let let
cfg = config.my-lxc; cfg = config.my-lxc;
sec = import ../config/_matrix_secrets.nix;
in in
{ {
authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) ( authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) (
@@ -20,15 +21,8 @@ in
} }
) cfg ) cfg
); );
authentik_application =
# dns_provider = { lib.filterAttrs (_: v: v != { }) (
# name = "dns";
# authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
# invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
# external_host = "https://dns.plg.m0rel.eu/";
# mode = "forward_single";
# };
authentik_application = lib.filterAttrs (_: v: v != { }) (
lib.mapAttrs ( lib.mapAttrs (
containerName: def: containerName: def:
lib.optionalAttrs (def.auth) { lib.optionalAttrs (def.auth) {
@@ -37,8 +31,17 @@ in
protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}"; protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}";
} }
) cfg ) cfg
); )
authentik_outpost_provider_attachment = lib.filterAttrs (_: v: v != { }) ( // {
matrix = {
name = "matrix";
slug = "matrix";
protocol_provider = "\${resource.authentik_provider_oauth2.matrix.id}";
};
};
authentik_outpost_provider_attachment =
lib.filterAttrs (_: v: v != { }) (
lib.mapAttrs ( lib.mapAttrs (
containerName: def: containerName: def:
lib.optionalAttrs (def.auth) { lib.optionalAttrs (def.auth) {
@@ -46,5 +49,19 @@ in
protocol_provider = "\${authentik_provider_proxy.${containerName}.id}"; protocol_provider = "\${authentik_provider_proxy.${containerName}.id}";
} }
) cfg ) cfg
); )
// {
matrix = {
outpost = "\${data.authentik_outpost.embedded.id}";
protocol_provider = "\${authentik_provider_oauth2.matrix.id}";
};
};
authentik_provider_oauth2.matrix = {
name = "matrix";
authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
client_id = sec.oidc_client_id;
client_secret = sec.oidc_client_secret;
};
} }