wo2w/nixos-config
1
0
Fork 0
Code Issues Pull requests Activity

zipline: remove

Browse source 
for real now, i have decided to just use nextcloud (this also means no more pgsql unless i want it)
This commit is contained in:
wo2wz 2025-11-18 12:31:58 -05:00
parent e5ed8478a5
commit 03b76a5e04
5 changed files with 2 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/nixos/services/homeserver/default.nix
View file

@ -14,6 +14,5 @@
./uptime-kuma.nix ./uptime-kuma.nix
./vaultwarden.nix ./vaultwarden.nix
./zed.nix ./zed.nix
./zipline.nix
]; ];
} }

17
modules/nixos/services/homeserver/kanidm.nix
View file

@ -16,10 +16,6 @@
owner = "kanidm"; owner = "kanidm";
group = "kanidm"; group = "kanidm";
}; };
"kanidm/oauth2/zipline" = {
owner = "kanidm";
group = "kanidm";
};
}; };
users.groups.tls-kanidm.members = [ "caddy" "kanidm" ]; users.groups.tls-kanidm.members = [ "caddy" "kanidm" ];
@ -79,7 +75,6 @@
"grafana_users" "grafana_users"
"jellyfin_users" "jellyfin_users"
"nextcloud_users" "nextcloud_users"
"zipline_users"
"grafana_admins" "grafana_admins"
"jellyfin_admins" "jellyfin_admins"
@ -90,7 +85,6 @@
grafana_users = {}; grafana_users = {};
jellyfin_users = {}; jellyfin_users = {};
nextcloud_users = {}; nextcloud_users = {};
zipline_users = {};
grafana_admins.members = [ "grafana_users" ]; grafana_admins.members = [ "grafana_users" ];
jellyfin_admins.members = [ "jellyfin_users" ]; jellyfin_admins.members = [ "jellyfin_users" ];
@ -128,17 +122,6 @@
basicSecretFile = config.sops.secrets."kanidm/oauth2/nextcloud".path; basicSecretFile = config.sops.secrets."kanidm/oauth2/nextcloud".path;
scopeMaps.nextcloud_users = [ "openid" "profile" ]; scopeMaps.nextcloud_users = [ "openid" "profile" ];
}; };
zipline = {
displayName = "Zipline";
originUrl = "https://zipline.wo2wz.fyi/api/auth/oauth/oidc";
originLanding = "https://zipline.wo2wz.fyi";
preferShortUsername = true;
allowInsecureClientDisablePkce = true;
basicSecretFile = config.sops.secrets."kanidm/oauth2/zipline".path;
scopeMaps.zipline_users = [ "openid" "profile" "email" "offline_access" ];
};
}; };
}; };

5
modules/nixos/services/homeserver/restic.nix
View file

@ -15,7 +15,6 @@
SQLITE_PATH=${lib.getExe pkgs.sqlite} SQLITE_PATH=${lib.getExe pkgs.sqlite}
SUDO_PATH=${lib.getExe pkgs.sudo} SUDO_PATH=${lib.getExe pkgs.sudo}
PGDUMP_PATH=${lib.getExe' pkgs.postgresql "pg_dump"}
if [ ! -d $DB_BACKUP_DIR ]; then if [ ! -d $DB_BACKUP_DIR ]; then
mkdir -p -m 600 $DB_BACKUP_DIR mkdir -p -m 600 $DB_BACKUP_DIR
@ -31,10 +30,6 @@
$SQLITE_PATH /var/lib/jellyfin/data/jellyfin.db ".backup $DB_BACKUP_DIR/jellyfin.db" $SQLITE_PATH /var/lib/jellyfin/data/jellyfin.db ".backup $DB_BACKUP_DIR/jellyfin.db"
$SQLITE_PATH /var/lib/jellyfin/data/library.db ".backup $DB_BACKUP_DIR/jellyfin-library.db" $SQLITE_PATH /var/lib/jellyfin/data/library.db ".backup $DB_BACKUP_DIR/jellyfin-library.db"
$SQLITE_PATH /var/lib/grafana/data/grafana.db ".backup $DB_BACKUP_DIR/grafana.db" $SQLITE_PATH /var/lib/grafana/data/grafana.db ".backup $DB_BACKUP_DIR/grafana.db"
$SUDO_PATH -u onlyoffice -- $PGDUMP_PATH > $DB_BACKUP_DIR/dump-onlyoffice
$SUDO_PATH -u zipline -- $PGDUMP_PATH > $DB_BACKUP_DIR/dump-zipline
$SUDO_PATH -u postgres -- ${lib.getExe' pkgs.postgresql "pg_dumpall"} -g > $DB_BACKUP_DIR/dump-globals
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
}; };

52
modules/nixos/services/homeserver/zipline.nix
View file

@ -1,52 +0,0 @@
{ config, ... }:
{
sops.secrets."zipline/secrets.env".restartUnits = [ "zipline.service" ];
services.caddy.virtualHosts."zipline.wo2wz.fyi".extraConfig =
assert config.services.caddy.enable;
''
import default-settings
import cloudflare-tls
reverse_proxy localhost:${toString config.services.zipline.settings.CORE_PORT}
'';
users.users.zipline = {
group = "zipline";
isSystemUser = true;
};
users.groups.zipline = {};
services.zipline = {
enable = true;
settings = {
CORE_DEFAULT_DOMAIN = "zipline.wo2wz.fyi";
CORE_PORT = 8001;
CORE_TRUST_PROXY = "true";
CORE_RETURN_HTTPS_URLS = "true";
DATASOURCE_LOCAL_DIRECTORY = "/mnt/external/storage/zipline/uploads";
FEATURES_VERSION_CHECKING = "false";
FEATURES_THUMBNAILS_NUM_THREADS = 2;
FEATURES_ROBOTS_TXT = "false";
INVITES_ENABLED = "false";
MFA_TOTP_ENABLED = "true";
MFA_PASSKEYS = "true";
FEATURES_OAUTH_REGISTRATION = "true";
OAUTH_BYPASS_LOCAL_LOGIN = "true";
OAUTH_OIDC_CLIENT_ID = "zipline";
OAUTH_OIDC_AUTHORIZE_URL = "https://kanidm.wo2wz.fyi/ui/oauth2";
OAUTH_OIDC_USERINFO_URL = "https://kanidm.wo2wz.fyi/oauth2/openid/zipline/userinfo";
OAUTH_OIDC_TOKEN_URL = "https://kanidm.wo2wz.fyi/oauth2/token";
FILES_MAX_FILE_SIZE = "3091283091716487142128741263894122347014687124687124614791824619246129491246128461841279468127468912461924612974182746182468712468126487912648126481256487126491672941974612945618274610289417846192849712471eb";
FILES_ASSUME_MIMETYPES = "true";
FILES_REMOVE_GPS_METADATA = "true";
};
environmentFiles = [ config.sops.secrets."zipline/secrets.env".path ];
};
}

7
secrets/secrets.yaml
View file

@ -13,15 +13,12 @@ kanidm:
grafana: ENC[AES256_GCM,data:9aWa5SJ4UNWcQCCRT9rL6XnoUjlkXeifBYe3fL4xRbNC3bc5L6jNtJOF9v0ZZ874pTr/dnv5LzLz/ISLDQWfnw==,iv:+V+JjP2EA02cn7aFif262DjqoCXYRLqXv2jR0pc457c=,tag:CI9daTCxkeOueb3d//hx0A==,type:str] grafana: ENC[AES256_GCM,data:9aWa5SJ4UNWcQCCRT9rL6XnoUjlkXeifBYe3fL4xRbNC3bc5L6jNtJOF9v0ZZ874pTr/dnv5LzLz/ISLDQWfnw==,iv:+V+JjP2EA02cn7aFif262DjqoCXYRLqXv2jR0pc457c=,tag:CI9daTCxkeOueb3d//hx0A==,type:str]
jellyfin: ENC[AES256_GCM,data:37edw83rscw19EiFOVUYoq33awKMWw+XXN6KKYYjEdKwtBx7I01RuOha3DkspFM7zJdmZf3E6IL1UT3N/sBB6w==,iv:T9N4h90799xOhFeNxqmKR0nDGn6BXuIGB4DiOIkt6vk=,tag:JZuu+uqRKAbQskKxzOPIEQ==,type:str] jellyfin: ENC[AES256_GCM,data:37edw83rscw19EiFOVUYoq33awKMWw+XXN6KKYYjEdKwtBx7I01RuOha3DkspFM7zJdmZf3E6IL1UT3N/sBB6w==,iv:T9N4h90799xOhFeNxqmKR0nDGn6BXuIGB4DiOIkt6vk=,tag:JZuu+uqRKAbQskKxzOPIEQ==,type:str]
nextcloud: ENC[AES256_GCM,data:P7ha6OwX6A5PyNO4xy+UTfdQBeKbktJbK5Ggv/fLuW+SDrxTehuwM1F9A5el3j1Dsegk3VsrrTPBZTVU6i5qwA==,iv:YcvNvAZHjdBd9q5Uxdp+Phj5uQRqLoRi33rIzUcv7Ng=,tag:cXM58lfOpHbTbaJRNUm1Kw==,type:str] nextcloud: ENC[AES256_GCM,data:P7ha6OwX6A5PyNO4xy+UTfdQBeKbktJbK5Ggv/fLuW+SDrxTehuwM1F9A5el3j1Dsegk3VsrrTPBZTVU6i5qwA==,iv:YcvNvAZHjdBd9q5Uxdp+Phj5uQRqLoRi33rIzUcv7Ng=,tag:cXM58lfOpHbTbaJRNUm1Kw==,type:str]
zipline: ENC[AES256_GCM,data:q25Ugsqj6+we3dTDyczfxuGA1DcnlxUDbJLxlzVAF3wTtzdF4t6p2tkPlTtvvgLQQPg/sYAQB0zFE9DcxpxuCw==,iv:fyhRGFUTx1d0ITygUWOkaDAtVI2h05DMv3aEI/DUM2k=,tag:WaPRXbFXl1+aTC+ZtyITYw==,type:str]
nextcloud: nextcloud:
adminpass: ENC[AES256_GCM,data:eSQQkhcXB4s9pnJ1hToGgyEr+rGlMIKHLsU0EemMOng=,iv:USq1winT7GPGVKwDjfF+cFs/dj395zgXyTVQ/x1KNS0=,tag:Me6MKsZwUc4sjZIPfZmk+A==,type:str] adminpass: ENC[AES256_GCM,data:eSQQkhcXB4s9pnJ1hToGgyEr+rGlMIKHLsU0EemMOng=,iv:USq1winT7GPGVKwDjfF+cFs/dj395zgXyTVQ/x1KNS0=,tag:Me6MKsZwUc4sjZIPfZmk+A==,type:str]
restic: restic:
password: ENC[AES256_GCM,data:sWFhBWXpYktef9Ajf5eDlOljcMmJur1PkKSalrmt9yXPYto117YMeI7zyXDZqlk9bDoqj28d8/pl2lP0itBpOZc+GoPZfDns+RyJUrP0S/0pV5gXA72/9g4Yqg9eSuXdeAbFYb9CnuHUi8+HJnIULPKOaqpwpwKaRsDAN5KVsAA=,iv:RCXcp0/cpT6WHM6v4zZtwD+w1epYp/JXvSWON8/Txyk=,tag:ffdQYuuIfuJQJGIXi1HaMw==,type:str] password: ENC[AES256_GCM,data:sWFhBWXpYktef9Ajf5eDlOljcMmJur1PkKSalrmt9yXPYto117YMeI7zyXDZqlk9bDoqj28d8/pl2lP0itBpOZc+GoPZfDns+RyJUrP0S/0pV5gXA72/9g4Yqg9eSuXdeAbFYb9CnuHUi8+HJnIULPKOaqpwpwKaRsDAN5KVsAA=,iv:RCXcp0/cpT6WHM6v4zZtwD+w1epYp/JXvSWON8/Txyk=,tag:ffdQYuuIfuJQJGIXi1HaMw==,type:str]
vaultwarden: vaultwarden:
secrets.env: ENC[AES256_GCM,data:bvAAiZ/MTqwHzaNFw8C23R4w2wg7v01yL/Oz3PLty6VRCgivwvySVShV3ijde/zW/N4d6dYlG76sCemlWi/79/UcIV8sZivnLZ124oYh2iuBMNv9cLrwG/PiPYO74lyq+WcIhIimnur4f/o5PbqoanDfVTru50v5+3ovwuK1MsjOaLGU,iv:rrDfCcmzl3vpr6JVoNU5rlxYfCCZi3hUzEX5IlEoThU=,tag:dSEY6NOxRggyd28pbvV30w==,type:str] secrets.env: ENC[AES256_GCM,data:bvAAiZ/MTqwHzaNFw8C23R4w2wg7v01yL/Oz3PLty6VRCgivwvySVShV3ijde/zW/N4d6dYlG76sCemlWi/79/UcIV8sZivnLZ124oYh2iuBMNv9cLrwG/PiPYO74lyq+WcIhIimnur4f/o5PbqoanDfVTru50v5+3ovwuK1MsjOaLGU,iv:rrDfCcmzl3vpr6JVoNU5rlxYfCCZi3hUzEX5IlEoThU=,tag:dSEY6NOxRggyd28pbvV30w==,type:str]
zipline:
secrets.env: ENC[AES256_GCM,data:wLU3M+yFHyf7g1MJ/1TJa9db8NT1L5aPDG9WgamOf1PVhiLyd0/p5m8EISD8DPePILe48jL2pxFBJVeeuKR8klKTrryyJye53V29YGGX2B3KMfWWKTIyYlAztOw91Xd0c9Qe256mX2UvoVa6xsZAxHSSxwjTm8zOijmzdwovzB2wiaNgoHNkYhKPBFO3aeZZLY5OrEQZ1gSQg3FkjU8jJuigxTJPgHEelQYwZXVwlUmGz51DXceWb0YJeal8Dw+nalhCGNWU3ZYa6ehKxIl170506ZisIl1/0CzrBWVvzttJX6HggLkQn88=,iv:g8/HnpTQKNtZQqplF4UoeLVtyHxR1QcY3Hch9dtoPkg=,tag:h3TDgC1I3QaTZuCHAs0rZg==,type:str]
sops: sops:
age: age:
- recipient: age19ey5xs9gxy0738tcp2a66zcye2cxj6suhcwa6y39x3w0sdvyr5tsxp0rlj - recipient: age19ey5xs9gxy0738tcp2a66zcye2cxj6suhcwa6y39x3w0sdvyr5tsxp0rlj
@ -33,7 +30,7 @@ sops:
N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P
RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ== RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-11T21:02:25Z" lastmodified: "2025-11-18T17:23:13Z"
mac: ENC[AES256_GCM,data:Mc58/HYDvU5zkiLDQuDHAwaTmDFazGUAxHXEII/4e5HA2njkl8Qb6D41BqoaIuQFRCZ9p5QxyeNfQ3jQsHJb5QbYsA7b4Meygv3i0hlCe1lmk6n33JwNjirL0j3M5GqRqqrRpkeOxtVyAtUFqAWtpC9m0vwxD+vaj09bhMnd4U0=,iv:NQcRaiEJfNDJDkS0600tu2gTAjWwRqYzuZSNhXyXzSI=,tag:q15T8ALODY2KROcGCeh81w==,type:str] mac: ENC[AES256_GCM,data:1+R7ctuEqovBsKdq7VyhTIVhEewbiFKqS7Cy9VYZtAdBJyvWRtEvAG3/OOr/zzkkswLHP90iE5HExDCrH/TBnSakJzqYeUxmEi84H0CGvnq4nxCs+0QYGIrlAiDqIOr1+ESpKFq+3VGJwb5mdzYVqeFXwIKE44+L4YvhtsXH3ys=,iv:LXJ31X5riqNm1XQuH/jIWuWl3Rts+PQyMxChPlx8S88=,tag:QGDnbzPaj4/hm5Rky0Soaw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0