feat: several updates
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 2s

This commit is contained in:
Xavier Morel
2026-03-26 00:16:20 +01:00
parent fd778d374e
commit ff508fd669
5 changed files with 54 additions and 33 deletions
+1 -1
View File
@@ -98,7 +98,7 @@ in
idp_id = "authentik";
idp_name = "authentik";
discover = true;
issuer = "https://${auth_host}/application/o/chat/";
issuer = "https://${auth_host}/application/o/matrix/";
client_id = sec.oidc_client_id;
client_secret = sec.oidc_client_secret;
scopes = [
+2 -1
View File
@@ -7,10 +7,11 @@
{
services.paperless = {
enable = true;
address = "0.0.0.0";
configureTika = true;
consumptionDirIsPublic = true;
domain = tools.build_hostname "papers";
environmentFile = config.age.secrets.papers-environment-file.path;
passwordFile = config.age.secrets.papers-password-file.path;
port = 80;
};
}
+5 -2
View File
@@ -23,16 +23,19 @@ in
enable = true;
providers = [
"builtin"
"builtin_player"
# "builtin_player"
"chromecast"
"deezer"
"dlna"
"fanarttv"
"filesystem_local"
"filesystem_smb"
"hass"
"hass_players"
"jellyfin"
"player_group"
#"player_group"
"sendspin"
"universal_group"
"ytmusic"
"squeezelite"
];
+4 -4
View File
@@ -7,7 +7,7 @@ in
container = {
cores = 1;
memory = 512;
disk = "6G";
disk = "10G";
swap = 512;
};
db = {
@@ -15,7 +15,7 @@ in
password = db_pass.papers;
};
system = {
port = 80; # open in firewall + expose on proxy
port = 28981;
importConfig = [
../config/papers-paperless.nix
];
@@ -24,7 +24,7 @@ in
enable = true;
metricsEnable = true;
};
private = true; # available only on private lan
auth = false; # true; # auth overlay
private = true;
auth = true;
};
}
+29 -12
View File
@@ -6,6 +6,7 @@
}:
let
cfg = config.my-lxc;
sec = import ../config/_matrix_secrets.nix;
in
{
authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) (
@@ -20,15 +21,8 @@ in
}
) cfg
);
# dns_provider = {
# name = "dns";
# authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
# invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
# external_host = "https://dns.plg.m0rel.eu/";
# mode = "forward_single";
# };
authentik_application = lib.filterAttrs (_: v: v != { }) (
authentik_application =
lib.filterAttrs (_: v: v != { }) (
lib.mapAttrs (
containerName: def:
lib.optionalAttrs (def.auth) {
@@ -37,8 +31,17 @@ in
protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}";
}
) cfg
);
authentik_outpost_provider_attachment = lib.filterAttrs (_: v: v != { }) (
)
// {
matrix = {
name = "matrix";
slug = "matrix";
protocol_provider = "\${resource.authentik_provider_oauth2.matrix.id}";
};
};
authentik_outpost_provider_attachment =
lib.filterAttrs (_: v: v != { }) (
lib.mapAttrs (
containerName: def:
lib.optionalAttrs (def.auth) {
@@ -46,5 +49,19 @@ in
protocol_provider = "\${authentik_provider_proxy.${containerName}.id}";
}
) cfg
);
)
// {
matrix = {
outpost = "\${data.authentik_outpost.embedded.id}";
protocol_provider = "\${authentik_provider_oauth2.matrix.id}";
};
};
authentik_provider_oauth2.matrix = {
name = "matrix";
authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
client_id = sec.oidc_client_id;
client_secret = sec.oidc_client_secret;
};
}