zipline: remove
for real now, i have decided to just use nextcloud (this also means no more pgsql unless i want it)
This commit is contained in:
parent
e5ed8478a5
commit
03b76a5e04
5 changed files with 2 additions and 80 deletions
|
|
@ -14,6 +14,5 @@
|
|||
./uptime-kuma.nix
|
||||
./vaultwarden.nix
|
||||
./zed.nix
|
||||
./zipline.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,10 +16,6 @@
|
|||
owner = "kanidm";
|
||||
group = "kanidm";
|
||||
};
|
||||
"kanidm/oauth2/zipline" = {
|
||||
owner = "kanidm";
|
||||
group = "kanidm";
|
||||
};
|
||||
};
|
||||
|
||||
users.groups.tls-kanidm.members = [ "caddy" "kanidm" ];
|
||||
|
|
@ -79,7 +75,6 @@
|
|||
"grafana_users"
|
||||
"jellyfin_users"
|
||||
"nextcloud_users"
|
||||
"zipline_users"
|
||||
|
||||
"grafana_admins"
|
||||
"jellyfin_admins"
|
||||
|
|
@ -90,7 +85,6 @@
|
|||
grafana_users = {};
|
||||
jellyfin_users = {};
|
||||
nextcloud_users = {};
|
||||
zipline_users = {};
|
||||
|
||||
grafana_admins.members = [ "grafana_users" ];
|
||||
jellyfin_admins.members = [ "jellyfin_users" ];
|
||||
|
|
@ -128,17 +122,6 @@
|
|||
basicSecretFile = config.sops.secrets."kanidm/oauth2/nextcloud".path;
|
||||
scopeMaps.nextcloud_users = [ "openid" "profile" ];
|
||||
};
|
||||
|
||||
zipline = {
|
||||
displayName = "Zipline";
|
||||
originUrl = "https://zipline.wo2wz.fyi/api/auth/oauth/oidc";
|
||||
originLanding = "https://zipline.wo2wz.fyi";
|
||||
|
||||
preferShortUsername = true;
|
||||
allowInsecureClientDisablePkce = true;
|
||||
basicSecretFile = config.sops.secrets."kanidm/oauth2/zipline".path;
|
||||
scopeMaps.zipline_users = [ "openid" "profile" "email" "offline_access" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@
|
|||
|
||||
SQLITE_PATH=${lib.getExe pkgs.sqlite}
|
||||
SUDO_PATH=${lib.getExe pkgs.sudo}
|
||||
PGDUMP_PATH=${lib.getExe' pkgs.postgresql "pg_dump"}
|
||||
|
||||
if [ ! -d $DB_BACKUP_DIR ]; then
|
||||
mkdir -p -m 600 $DB_BACKUP_DIR
|
||||
|
|
@ -31,10 +30,6 @@
|
|||
$SQLITE_PATH /var/lib/jellyfin/data/jellyfin.db ".backup $DB_BACKUP_DIR/jellyfin.db"
|
||||
$SQLITE_PATH /var/lib/jellyfin/data/library.db ".backup $DB_BACKUP_DIR/jellyfin-library.db"
|
||||
$SQLITE_PATH /var/lib/grafana/data/grafana.db ".backup $DB_BACKUP_DIR/grafana.db"
|
||||
|
||||
$SUDO_PATH -u onlyoffice -- $PGDUMP_PATH > $DB_BACKUP_DIR/dump-onlyoffice
|
||||
$SUDO_PATH -u zipline -- $PGDUMP_PATH > $DB_BACKUP_DIR/dump-zipline
|
||||
$SUDO_PATH -u postgres -- ${lib.getExe' pkgs.postgresql "pg_dumpall"} -g > $DB_BACKUP_DIR/dump-globals
|
||||
'';
|
||||
serviceConfig.Type = "oneshot";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,52 +0,0 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
sops.secrets."zipline/secrets.env".restartUnits = [ "zipline.service" ];
|
||||
|
||||
services.caddy.virtualHosts."zipline.wo2wz.fyi".extraConfig =
|
||||
assert config.services.caddy.enable;
|
||||
''
|
||||
import default-settings
|
||||
import cloudflare-tls
|
||||
|
||||
reverse_proxy localhost:${toString config.services.zipline.settings.CORE_PORT}
|
||||
'';
|
||||
|
||||
users.users.zipline = {
|
||||
group = "zipline";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.zipline = {};
|
||||
|
||||
services.zipline = {
|
||||
enable = true;
|
||||
settings = {
|
||||
CORE_DEFAULT_DOMAIN = "zipline.wo2wz.fyi";
|
||||
CORE_PORT = 8001;
|
||||
CORE_TRUST_PROXY = "true";
|
||||
CORE_RETURN_HTTPS_URLS = "true";
|
||||
|
||||
DATASOURCE_LOCAL_DIRECTORY = "/mnt/external/storage/zipline/uploads";
|
||||
|
||||
FEATURES_VERSION_CHECKING = "false";
|
||||
FEATURES_THUMBNAILS_NUM_THREADS = 2;
|
||||
FEATURES_ROBOTS_TXT = "false";
|
||||
INVITES_ENABLED = "false";
|
||||
|
||||
MFA_TOTP_ENABLED = "true";
|
||||
MFA_PASSKEYS = "true";
|
||||
|
||||
FEATURES_OAUTH_REGISTRATION = "true";
|
||||
OAUTH_BYPASS_LOCAL_LOGIN = "true";
|
||||
OAUTH_OIDC_CLIENT_ID = "zipline";
|
||||
OAUTH_OIDC_AUTHORIZE_URL = "https://kanidm.wo2wz.fyi/ui/oauth2";
|
||||
OAUTH_OIDC_USERINFO_URL = "https://kanidm.wo2wz.fyi/oauth2/openid/zipline/userinfo";
|
||||
OAUTH_OIDC_TOKEN_URL = "https://kanidm.wo2wz.fyi/oauth2/token";
|
||||
|
||||
FILES_MAX_FILE_SIZE = "3091283091716487142128741263894122347014687124687124614791824619246129491246128461841279468127468912461924612974182746182468712468126487912648126481256487126491672941974612945618274610289417846192849712471eb";
|
||||
FILES_ASSUME_MIMETYPES = "true";
|
||||
FILES_REMOVE_GPS_METADATA = "true";
|
||||
};
|
||||
environmentFiles = [ config.sops.secrets."zipline/secrets.env".path ];
|
||||
};
|
||||
}
|
||||
|
|
@ -13,15 +13,12 @@ kanidm:
|
|||
grafana: ENC[AES256_GCM,data:9aWa5SJ4UNWcQCCRT9rL6XnoUjlkXeifBYe3fL4xRbNC3bc5L6jNtJOF9v0ZZ874pTr/dnv5LzLz/ISLDQWfnw==,iv:+V+JjP2EA02cn7aFif262DjqoCXYRLqXv2jR0pc457c=,tag:CI9daTCxkeOueb3d//hx0A==,type:str]
|
||||
jellyfin: ENC[AES256_GCM,data:37edw83rscw19EiFOVUYoq33awKMWw+XXN6KKYYjEdKwtBx7I01RuOha3DkspFM7zJdmZf3E6IL1UT3N/sBB6w==,iv:T9N4h90799xOhFeNxqmKR0nDGn6BXuIGB4DiOIkt6vk=,tag:JZuu+uqRKAbQskKxzOPIEQ==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:P7ha6OwX6A5PyNO4xy+UTfdQBeKbktJbK5Ggv/fLuW+SDrxTehuwM1F9A5el3j1Dsegk3VsrrTPBZTVU6i5qwA==,iv:YcvNvAZHjdBd9q5Uxdp+Phj5uQRqLoRi33rIzUcv7Ng=,tag:cXM58lfOpHbTbaJRNUm1Kw==,type:str]
|
||||
zipline: ENC[AES256_GCM,data:q25Ugsqj6+we3dTDyczfxuGA1DcnlxUDbJLxlzVAF3wTtzdF4t6p2tkPlTtvvgLQQPg/sYAQB0zFE9DcxpxuCw==,iv:fyhRGFUTx1d0ITygUWOkaDAtVI2h05DMv3aEI/DUM2k=,tag:WaPRXbFXl1+aTC+ZtyITYw==,type:str]
|
||||
nextcloud:
|
||||
adminpass: ENC[AES256_GCM,data:eSQQkhcXB4s9pnJ1hToGgyEr+rGlMIKHLsU0EemMOng=,iv:USq1winT7GPGVKwDjfF+cFs/dj395zgXyTVQ/x1KNS0=,tag:Me6MKsZwUc4sjZIPfZmk+A==,type:str]
|
||||
restic:
|
||||
password: ENC[AES256_GCM,data:sWFhBWXpYktef9Ajf5eDlOljcMmJur1PkKSalrmt9yXPYto117YMeI7zyXDZqlk9bDoqj28d8/pl2lP0itBpOZc+GoPZfDns+RyJUrP0S/0pV5gXA72/9g4Yqg9eSuXdeAbFYb9CnuHUi8+HJnIULPKOaqpwpwKaRsDAN5KVsAA=,iv:RCXcp0/cpT6WHM6v4zZtwD+w1epYp/JXvSWON8/Txyk=,tag:ffdQYuuIfuJQJGIXi1HaMw==,type:str]
|
||||
vaultwarden:
|
||||
secrets.env: ENC[AES256_GCM,data:bvAAiZ/MTqwHzaNFw8C23R4w2wg7v01yL/Oz3PLty6VRCgivwvySVShV3ijde/zW/N4d6dYlG76sCemlWi/79/UcIV8sZivnLZ124oYh2iuBMNv9cLrwG/PiPYO74lyq+WcIhIimnur4f/o5PbqoanDfVTru50v5+3ovwuK1MsjOaLGU,iv:rrDfCcmzl3vpr6JVoNU5rlxYfCCZi3hUzEX5IlEoThU=,tag:dSEY6NOxRggyd28pbvV30w==,type:str]
|
||||
zipline:
|
||||
secrets.env: ENC[AES256_GCM,data:wLU3M+yFHyf7g1MJ/1TJa9db8NT1L5aPDG9WgamOf1PVhiLyd0/p5m8EISD8DPePILe48jL2pxFBJVeeuKR8klKTrryyJye53V29YGGX2B3KMfWWKTIyYlAztOw91Xd0c9Qe256mX2UvoVa6xsZAxHSSxwjTm8zOijmzdwovzB2wiaNgoHNkYhKPBFO3aeZZLY5OrEQZ1gSQg3FkjU8jJuigxTJPgHEelQYwZXVwlUmGz51DXceWb0YJeal8Dw+nalhCGNWU3ZYa6ehKxIl170506ZisIl1/0CzrBWVvzttJX6HggLkQn88=,iv:g8/HnpTQKNtZQqplF4UoeLVtyHxR1QcY3Hch9dtoPkg=,tag:h3TDgC1I3QaTZuCHAs0rZg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ey5xs9gxy0738tcp2a66zcye2cxj6suhcwa6y39x3w0sdvyr5tsxp0rlj
|
||||
|
|
@ -33,7 +30,7 @@ sops:
|
|||
N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P
|
||||
RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-11-11T21:02:25Z"
|
||||
mac: ENC[AES256_GCM,data:Mc58/HYDvU5zkiLDQuDHAwaTmDFazGUAxHXEII/4e5HA2njkl8Qb6D41BqoaIuQFRCZ9p5QxyeNfQ3jQsHJb5QbYsA7b4Meygv3i0hlCe1lmk6n33JwNjirL0j3M5GqRqqrRpkeOxtVyAtUFqAWtpC9m0vwxD+vaj09bhMnd4U0=,iv:NQcRaiEJfNDJDkS0600tu2gTAjWwRqYzuZSNhXyXzSI=,tag:q15T8ALODY2KROcGCeh81w==,type:str]
|
||||
lastmodified: "2025-11-18T17:23:13Z"
|
||||
mac: ENC[AES256_GCM,data:1+R7ctuEqovBsKdq7VyhTIVhEewbiFKqS7Cy9VYZtAdBJyvWRtEvAG3/OOr/zzkkswLHP90iE5HExDCrH/TBnSakJzqYeUxmEi84H0CGvnq4nxCs+0QYGIrlAiDqIOr1+ESpKFq+3VGJwb5mdzYVqeFXwIKE44+L4YvhtsXH3ys=,iv:LXJ31X5riqNm1XQuH/jIWuWl3Rts+PQyMxChPlx8S88=,tag:QGDnbzPaj4/hm5Rky0Soaw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue