From eaea88435115624f00883b9a165e68ed208199e7 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 4 Mar 2023 01:19:44 +0100 Subject: [PATCH 1/3] Bump flake.lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index fd0544e0..be841688 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ ] }, "locked": { - "lastModified": 1677247280, - "narHash": "sha256-sa+8MtoAOSLsWP9vf0qiJUyMovIEYgDzHE8TkoK04Hk=", + "lastModified": 1677969766, + "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=", "owner": "ryantm", "repo": "agenix", - "rev": "833f87c8ff574a29aea3e091045cbaed3cf86bc1", + "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e", "type": "github" }, "original": { @@ -260,11 +260,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1677284824, - "narHash": "sha256-I3gDxmGjyXdtOR5S8sIeCO8pT+5OR69f/g5EVoQUdsY=", + "lastModified": 1677757546, + "narHash": "sha256-tA1ukoluctzLVyWRaKtD4KlTwgXbUsGB5vcyni1OJ9I=", "owner": "nix-community", "repo": "home-manager", - "rev": "29280978234b73423f4eb708cbb999295f76b42a", + "rev": "86bb69b0b1e10d99a30c4352f230f03106dd0f8a", "type": "github" }, "original": { @@ -299,11 +299,11 @@ }, "latest": { "locked": { - "lastModified": 1677063315, - "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", + "lastModified": 1677932085, + "narHash": "sha256-+AB4dYllWig8iO6vAiGGYl0NEgmMgGHpy9gzWJ3322g=", "owner": "nixos", "repo": "nixpkgs", - "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", + "rev": "3c5319ad3aa51551182ac82ea17ab1c6b0f0df89", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixos": { "locked": { - "lastModified": 1677179781, - "narHash": "sha256-+peLp16ruWLuTFHo0ZUbLlS1/meS/+RsWQQ9bUAzOh8=", + "lastModified": 1677779205, + "narHash": "sha256-6DBjL9wjq86p2GczmwnHtFRnWPBPItc67gapWENBgX8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "50c23cd4ff6c8344e0b4d438b027b3afabfe58dd", + "rev": "96e18717904dfedcd884541e5a92bf9ff632cf39", "type": "github" }, "original": { @@ -331,11 +331,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1677232326, - "narHash": "sha256-rAk2/80kLvA3yIMmSV86T1B4kNvwCFMSQ1FxXndaUB0=", + "lastModified": 1677949148, + "narHash": "sha256-dEdcn+UYs8TUK3VTNCQk9TsJapJLEq50A4q7eC3/PTU=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "2d44015779cced4eec9df5b8dab238b9f6312cb2", + "rev": "d63e86cbed3d399c4162594943bd8c1d8392e550", "type": "github" }, "original": { -- 2.44.1 From d1175e82b4d2ccdf04677f913abb2f1d330c7a21 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 4 Mar 2023 02:24:52 +0100 Subject: [PATCH 2/3] Add Tailscale custom OIDC webfinger See: https://tailscale.com/kb/1240/sso-custom-oidc/#webfinger-setup --- hosts/flora-6/caddy.nix | 59 ++++++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/hosts/flora-6/caddy.nix b/hosts/flora-6/caddy.nix index d8662364..de7e4409 100644 --- a/hosts/flora-6/caddy.nix +++ b/hosts/flora-6/caddy.nix @@ -21,30 +21,45 @@ output discard ''; extraConfig = '' - # PubSolarOS images - handle /os/download/* { - root * /srv/www - file_server /os/download/* browse - } - # serve base domain pub.solar for mastodon.pub.solar - # https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/ - handle /.well-known/host-meta { - redir https://mastodon.pub.solar{uri} - } + # PubSolarOS images + handle /os/download/* { + root * /srv/www + file_server /os/download/* browse + } + # serve base domain pub.solar for mastodon.pub.solar + # https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/ + handle /.well-known/host-meta { + redir https://mastodon.pub.solar{uri} + } - # redirect to statutes - redir /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy temporary + # Tailscale OIDC requirement + handle /.well-known/webfinger { + respond 200 { + body `{ + "subject": "acct:admins@pub.solar", + "links": [ + { + "rel": "http://openid.net/specs/connect/1.0/issuer", + "href": "https://auth.pub.solar/realms/pub.solar" + } + ] + }` + } + } - # pub.solar website - handle { - root * /srv/www/pub.solar - try_files {path}.html {path} - file_server - } - # minimal error handling, respond with status code and text - handle_errors { - respond "{http.error.status_code} {http.error.status_text}" - } + # redirect to statutes + redir /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy temporary + + # pub.solar website + handle { + root * /srv/www/pub.solar + try_files {path}.html {path} + file_server + } + # minimal error handling, respond with status code and text + handle_errors { + respond "{http.error.status_code} {http.error.status_text}" + } ''; }; "www.pub.solar" = { -- 2.44.1 From df79b8a3c9ee69abfda7169f5526e71cd87ade9f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 5 Mar 2023 15:22:57 +0100 Subject: [PATCH 3/3] caddy: fix formatting --- hosts/flora-6/caddy.nix | 72 ++++++++++++++++++++--------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/hosts/flora-6/caddy.nix b/hosts/flora-6/caddy.nix index de7e4409..06722b48 100644 --- a/hosts/flora-6/caddy.nix +++ b/hosts/flora-6/caddy.nix @@ -21,45 +21,45 @@ output discard ''; extraConfig = '' - # PubSolarOS images - handle /os/download/* { - root * /srv/www - file_server /os/download/* browse - } - # serve base domain pub.solar for mastodon.pub.solar - # https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/ - handle /.well-known/host-meta { - redir https://mastodon.pub.solar{uri} - } + # PubSolarOS images + handle /os/download/* { + root * /srv/www + file_server /os/download/* browse + } + # serve base domain pub.solar for mastodon.pub.solar + # https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/ + handle /.well-known/host-meta { + redir https://mastodon.pub.solar{uri} + } - # Tailscale OIDC requirement - handle /.well-known/webfinger { - respond 200 { - body `{ - "subject": "acct:admins@pub.solar", - "links": [ - { - "rel": "http://openid.net/specs/connect/1.0/issuer", - "href": "https://auth.pub.solar/realms/pub.solar" - } - ] - }` - } - } + # Tailscale OIDC requirement + handle /.well-known/webfinger { + respond 200 { + body `{ + "subject": "acct:admins@pub.solar", + "links": [ + { + "rel": "http://openid.net/specs/connect/1.0/issuer", + "href": "https://auth.pub.solar/realms/pub.solar" + } + ] + }` + } + } - # redirect to statutes - redir /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy temporary + # redirect to statutes + redir /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy temporary - # pub.solar website - handle { - root * /srv/www/pub.solar - try_files {path}.html {path} - file_server - } - # minimal error handling, respond with status code and text - handle_errors { - respond "{http.error.status_code} {http.error.status_text}" - } + # pub.solar website + handle { + root * /srv/www/pub.solar + try_files {path}.html {path} + file_server + } + # minimal error handling, respond with status code and text + handle_errors { + respond "{http.error.status_code} {http.error.status_text}" + } ''; }; "www.pub.solar" = { -- 2.44.1