add firefly

add .txt extension so bps can be opened in browser
update factorio blueprints
2024-11-17 00:42:45 -06:00 · 2024-11-15 16:06:45 -06:00 · 2024-11-15 16:03:36 -06:00 · 2024-10-29 01:25:23 -06:00 · 2024-09-18 20:59:41 -06:00 · 2024-09-18 20:55:05 -06:00
18 changed files with 594 additions and 78 deletions
--- a/cdn/factorio_blueprints/nauvis_science.txt
+++ b/cdn/factorio_blueprints/nauvis_science.txt
--- a/cdn/factorio_blueprints/red_circuits.txt
+++ b/cdn/factorio_blueprints/red_circuits.txt
--- a/flake.lock
+++ b/flake.lock
@ -3,8 +3,8 @@
    "attic": {
      "inputs": {
        "crane": "crane",
-        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
+        "flake-compat": "flake-compat_2",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": "nixpkgs",
        "nixpkgs-stable": "nixpkgs-stable"
      },
@ -23,10 +23,53 @@
        "type": "github"
      }
    },
+    "authentik-nix": {
+      "inputs": {
+        "authentik-src": "authentik-src",
+        "flake-compat": "flake-compat",
+        "flake-parts": "flake-parts",
+        "flake-utils": "flake-utils",
+        "napalm": "napalm",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "poetry2nix": "poetry2nix"
+      },
+      "locked": {
+        "lastModified": 1724362025,
+        "narHash": "sha256-/fzIU/Hjgksy7A4ji09zK6cH7ATQV5rAEYb/wgBw8x8=",
+        "owner": "nix-community",
+        "repo": "authentik-nix",
+        "rev": "39cf62b92149800dd2a436f8b18acd471c9180dd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "authentik-nix",
+        "type": "github"
+      }
+    },
+    "authentik-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1724339964,
+        "narHash": "sha256-QwK/auMLCJEHHtyexFnO+adCq/u0fezHQ90fXW9J4c4=",
+        "owner": "goauthentik",
+        "repo": "authentik",
+        "rev": "8a0b31b9227ca33b96c5448f185419f17090ed38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "goauthentik",
+        "ref": "version/2024.6.4",
+        "repo": "authentik",
+        "type": "github"
+      }
+    },
    "cachix": {
      "inputs": {
        "devenv": "devenv",
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
        "nixpkgs": "nixpkgs_3",
        "pre-commit-hooks": "pre-commit-hooks"
      },
@ -84,11 +127,11 @@
    "complement": {
      "flake": false,
      "locked": {
-        "lastModified": 1722323564,
-        "narHash": "sha256-6w6/N8walz4Ayc9zu7iySqJRmGFukhkaICLn4dweAcA=",
+        "lastModified": 1720637557,
+        "narHash": "sha256-oZz6nCmFmdJZpC+K1iOG2KkzTI6rlAmndxANPDVU7X0=",
        "owner": "matrix-org",
        "repo": "complement",
-        "rev": "6e4426a9e63233f9821a4d2382bfed145244183f",
+        "rev": "0d14432e010482ea9e13a6f7c47c1533c0c9d62f",
        "type": "github"
      },
      "original": {
@ -105,8 +148,8 @@
        "complement": "complement",
        "crane": "crane_2",
        "fenix": "fenix",
-        "flake-compat": "flake-compat_5",
-        "flake-utils": "flake-utils_3",
+        "flake-compat": "flake-compat_6",
+        "flake-utils": "flake-utils_4",
        "liburing": "liburing",
        "nix-filter": "nix-filter",
        "nixpkgs": [
@ -218,7 +261,7 @@
        ],
        "nix": "nix",
        "nixpkgs": "nixpkgs_2",
-        "poetry2nix": "poetry2nix",
+        "poetry2nix": "poetry2nix_2",
        "pre-commit-hooks": [
          "conduwuit",
          "cachix",
@ -268,11 +311,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
@ -300,11 +343,11 @@
    "flake-compat_3": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
        "type": "github"
      },
      "original": {
@ -330,6 +373,22 @@
      }
    },
    "flake-compat_5": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_6": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@ -346,7 +405,43 @@
        "type": "github"
      }
    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1722555600,
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
      "locked": {
        "lastModified": 1667395993,
        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -361,9 +456,9 @@
        "type": "github"
      }
    },
-    "flake-utils_2": {
+    "flake-utils_3": {
      "inputs": {
-        "systems": "systems"
+        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1689068808,
@ -379,9 +474,9 @@
        "type": "github"
      }
    },
-    "flake-utils_3": {
+    "flake-utils_4": {
      "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_4"
      },
      "locked": {
        "lastModified": 1710146030,
@ -398,9 +493,9 @@
        "type": "github"
      }
    },
-    "flake-utils_4": {
+    "flake-utils_5": {
      "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_5"
      },
      "locked": {
        "lastModified": 1710146030,
@ -416,9 +511,9 @@
        "type": "github"
      }
    },
-    "flake-utils_5": {
+    "flake-utils_6": {
      "inputs": {
-        "systems": "systems_4"
+        "systems": "systems_6"
      },
      "locked": {
        "lastModified": 1710146030,
@ -480,15 +575,15 @@
    },
    "homepage": {
      "inputs": {
-        "flake-utils": "flake-utils_5",
+        "flake-utils": "flake-utils_6",
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1724455559,
-        "narHash": "sha256-suDqHUBghYgS79MqOOBtxu28MVbiQpbB01JGnvvhN0E=",
+        "lastModified": 1726714659,
+        "narHash": "sha256-DCngitzTqzhGjoykt7npvuGxc9aWDgZq3Pn+S6++5EM=",
        "ref": "master",
-        "rev": "18b56328eda94579fb4727ba886888f6596f7d0a",
-        "revCount": 15,
+        "rev": "c5ba6530fb371d09faf933a08efb288b037705f8",
+        "revCount": 21,
        "type": "git",
        "url": "https://git.posixlycorrect.com/fabian/homepage.git"
      },
@ -500,11 +595,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1719091691,
-        "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
+        "lastModified": 1724489415,
+        "narHash": "sha256-ey8vhwY/6XCKoh7fyTn3aIQs7WeYSYtLbYEG87VCzX4=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
+        "rev": "c7f5b394397398c023000cf843986ee2571a1fd7",
        "type": "github"
      },
      "original": {
@ -547,9 +642,34 @@
        "type": "github"
      }
    },
+    "napalm": {
+      "inputs": {
+        "flake-utils": [
+          "authentik-nix",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "authentik-nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1717929455,
+        "narHash": "sha256-BiI5xWygriOJuNISnGAeL0KYxrEMnjgpg+7wDskVBhI=",
+        "owner": "nix-community",
+        "repo": "napalm",
+        "rev": "e1babff744cd278b56abe8478008b4a9e23036cf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "napalm",
+        "type": "github"
+      }
+    },
    "nix": {
      "inputs": {
-        "flake-compat": "flake-compat_2",
+        "flake-compat": "flake-compat_3",
        "nixpkgs": [
          "conduwuit",
          "cachix",
@ -592,6 +712,28 @@
      }
    },
    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "authentik-nix",
+          "poetry2nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703863825,
+        "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
+    "nix-github-actions_2": {
      "inputs": {
        "nixpkgs": [
          "conduwuit",
@ -664,6 +806,18 @@
        "type": "github"
      }
    },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1722555339,
+        "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
+      }
+    },
    "nixpkgs-regression": {
      "locked": {
        "lastModified": 1643052045,
@ -775,11 +929,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1722221733,
-        "narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=",
+        "lastModified": 1725001927,
+        "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "12bf09802d77264e441f48e25459c10c93eada2e",
+        "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421",
        "type": "github"
      },
      "original": {
@ -791,8 +945,36 @@
    },
    "poetry2nix": {
      "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": [
+          "authentik-nix",
+          "flake-utils"
+        ],
        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": [
+          "authentik-nix",
+          "nixpkgs"
+        ],
+        "systems": "systems_2",
+        "treefmt-nix": "treefmt-nix"
+      },
+      "locked": {
+        "lastModified": 1724208502,
+        "narHash": "sha256-TCRcEPSfgAw/t7kClmlr23s591N06mQCrhzlAO7cyFw=",
+        "owner": "nix-community",
+        "repo": "poetry2nix",
+        "rev": "884b66152b0c625b8220b570a31dc7acc36749a3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "poetry2nix",
+        "type": "github"
+      }
+    },
+    "poetry2nix_2": {
+      "inputs": {
+        "flake-utils": "flake-utils_3",
+        "nix-github-actions": "nix-github-actions_2",
        "nixpkgs": [
          "conduwuit",
          "cachix",
@ -818,7 +1000,7 @@
    },
    "pre-commit-hooks": {
      "inputs": {
-        "flake-compat": "flake-compat_4",
+        "flake-compat": "flake-compat_5",
        "gitignore": "gitignore",
        "nixpkgs": [
          "conduwuit",
@ -860,8 +1042,9 @@
    },
    "root": {
      "inputs": {
+        "authentik-nix": "authentik-nix",
        "conduwuit": "conduwuit",
-        "flake-utils": "flake-utils_4",
+        "flake-utils": "flake-utils_5",
        "home-manager": "home-manager",
        "homepage": "homepage",
        "impermanence": "impermanence",
@ -913,9 +1096,8 @@
        "type": "github"
      },
      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
+        "id": "systems",
+        "type": "indirect"
      }
    },
    "systems_3": {
@ -948,13 +1130,65 @@
        "type": "github"
      }
    },
+    "systems_5": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_6": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "authentik-nix",
+          "poetry2nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1719749022,
+        "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
    "unstable": {
      "locked": {
-        "lastModified": 1722185531,
-        "narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
+        "lastModified": 1725103162,
+        "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
+        "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
        "type": "github"
      },
      "original": {
@ -966,11 +1200,11 @@
    },
    "vpsadminos": {
      "locked": {
-        "lastModified": 1722101851,
-        "narHash": "sha256-fM5Z8Qhk9/AbGYJ4VrJilGlFK9btBEF+ROtbYYJZJ1I=",
+        "lastModified": 1725379879,
+        "narHash": "sha256-RXSlp6OS9BNCio8kKajk4yEpntNc2AyozQeDSQa6f3w=",
        "owner": "vpsfreecz",
        "repo": "vpsadminos",
-        "rev": "2c8ff8462a6f4aefb7bd2663d6ddbedd9d161f2c",
+        "rev": "605f2f6c56cb79eb66b2b7d3bec050342d7f43b7",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -26,6 +26,11 @@
      url = "github:StarCitizenTools/mediawiki-skins-Citizen/v2.27.0";
      flake = false;
    };
+
+    authentik-nix = {
+      url = "github:nix-community/authentik-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

  outputs = flakes @ {
@ -39,6 +44,7 @@
    homepage,
    conduwuit,
    mediawikiSkinCitizen,
+    authentik-nix,
  }: let
    system = "x86_64-linux";

--- a/pki/fabian.ssh
+++ b/pki/fabian.ssh
--- a/pki/fabian_primary.gpg
+++ b/pki/fabian_primary.gpg
@ -0,0 +1,25 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZHlROBYJKwYBBAHaRw8BAQdAhzA1JCghQ6KoHOuf6JPQhEmchHLVXFVye4I2
+pRUOUMO0KkZhYmlhbiBNb250ZXJvIDxmYWJpYW5AcG9zaXhseWNvcnJlY3QuY29t
+PoiUBBMWCgA8FiEEeqJ35gSkFzkWu7TpH/rDXheYF08FAmR5UTgCGwMFCQlmAYAE
+CwkIBwQVCgkIBRYCAwEAAh4FAheAAAoJEB/6w14XmBdPP2EA/i9ugFxpIFF6oOQs
+clMfr+sNj6Il0OUTJK0dqpp4mGorAP0awa6nfhU8T1Ju7UWr6cfSmnL4bM6M/4Z3
+D+AF/L5PBokCMwQQAQoAHRYhBOd6gIv5qVXWaO7qZHP6nJy18CSbBQJkeVKDAAoJ
+EHP6nJy18CSbzTkP/Reio0ObRrRW+QSw62ZXrUG0mFcNeeoM9amldCToFRyGnSDu
+wtZ9nqwLiTJ01VPBOsEZLsl4VonO3rdadqnMTZ3XqKK9VHBl6UNot3DQ8INDAcko
+GW1zvEdxNkpMxhtAja0JkcBdG7+zxc2aEGeKfEna2qDXA+xtYw5+pssOWYMip7hm
+jQ2NzYMYav2KYRBC7eXTkAIIIJi/l9pR1IwHtY3a0gfbkQymgCyt5wVG6LneYFIR
+ycNVCObwyP8gFASdId0bWnA23rkilc9ZBOCps/cGfDLM+KQ+sLAWBFBQyQeEjcv
+tU+pLXncAEvWy/SFmprVSLDQMMooFaEJMZChojGcCkwAPG1twsihqIA3E44Q3/+G
+K0gZN57jGMnfvuQiuLuttOMdu27KwEu++t3YUt0P6S4kARpx51zZJ7A2Yj2u22aM
+7EL8qq6KTNdNoS7FgwQkrWbokdDZIl0HV+5TeMQfylPqOPhuFK/1A9qztqknBPVY
+QUx2t6FZUgH9sT7uD+5gXxyeqmEIFo2i6D8G/4TEPbKtWivJfeOqDEBn4QEY2nvE
+zgJLLU5XCv9xPz5rizRCa+h+kg+i4mH6fLCBCCAPXsbAAo0gUlGJvX4slPh7uPOa
+T2r7A/7uezResBzP/L/vostlmjO5c8cOl9Wc6D1kRZq17/AjMUgy6+KR3iVnuDgE
+ZHlROBIKKwYBBAGXVQEFAQEHQPRbCS2p8xpt3fRxfyRnDOdH9pULY4NtGmZUS0ve
+ZGkTAwEIB4h+BBgWCgAmFiEEeqJ35gSkFzkWu7TpH/rDXheYF08FAmR5UTgCGwwF
+CQlmAYAACgkQH/rDXheYF0/65AD+LtDeedCYv9zs+1Ia3DvejVZM256WEH+dRH5h
+Pm3RzQ8A/2+bXRnfsgGqacj/kKEL3spuos95ngRNRkrQ39nc1koP
+=PAxr
+-----END PGP PUBLIC KEY BLOCK-----
--- a/pki/fabian_yubikey.gpg
+++ b/pki/fabian_yubikey.gpg
@ -0,0 +1,19 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZukhMBYJKwYBBAHaRw8BAQdAC/Gy2p7RPFw3k+ROFnKpJvCVqQb+BUYboE2u
+CP1kz/C0KkZhYmlhbiBNb250ZXJvIDxmYWJpYW5AcG9zaXhseWNvcnJlY3QuY29t
+PoiTBBMWCgA7FiEEcgbY7iR0898Y6odvDsFpH/jBqB8FAmbpITACGwMFCwkIBwIC
+IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQDsFpH/jBqB+oGwEAhmegCZJAt8Opv/9+
+HBbL51f2035qymHPgkV/SyFM1GEBAOVQY6A5U+NrLNiaQTN5Z7jcfQuBobzk4ksn
+RzROhTcAiHUEEBYKAB0WIQR6onfmBKQXORa7tOkf+sNeF5gXTwUCZutnFQAKCRAf
+sNeF5gXT1juAQDsH/lDorfMdWxuP87eV9OP8jQvibuTuZ9n2jUllXsLcQEA5gDJ
+05NW5Tw2g9mvlrocWr7N2/PC5UvFct4akwDXtA+4MwRm6SEwFgkrBgEEAdpHDwEB
+B0AHSmncE+krtL9ZGe4eq865vjaLiUAVnZQaVObKm11CBYh4BBgWCgAgFiEEcgbY
+7iR0898Y6odvDsFpH/jBqB8FAmbpITACGyAACgkQDsFpH/jBqB+hBwD/Y9vAcbPG
+CTmZvtgYlZW5Oey5T3hHoANv1THOZwv9G58BALEBZRvDztmYPjRaMyAMonrpc2P0
+GPHYLcqCPVbjkaAKuDgEZukhMBIKKwYBBAGXVQEFAQEHQC2+QJcHEJjdZikBYeMj
+ks53MjfeawAXU31KtAU60KACAwEIB4h4BBgWCgAgFiEEcgbY7iR0898Y6odvDsFp
+H/jBqB8FAmbpITACGwwACgkQDsFpH/jBqB+0TwD+K4IcFstNGLrijlgH2zuQaI+p
+8QT8AInjSpGfC4zcMlEBAIVYvdTYw4IXPSQOs0qPyR0nhfGIeoBMeWrAAfoxQ0oB
+=wpc0
+-----END PGP PUBLIC KEY BLOCK-----
--- a/pki/gatekeeper_ca.pem
+++ b/pki/gatekeeper_ca.pem
@ -1,21 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIUQCBAoFSQrYx063PnK3XKiOJSpvQwDQYJKoZIhvcNAQEL
-BQAwKzEpMCcGA1UEAwwgcG9zaXhseWNvcnJlY3QuY29tIGdhdGVrZWVwZXIgQ0Ew
-HhcNMjQwODAyMDcxNzE4WhcNMzQwNzMxMDcxNzE4WjArMSkwJwYDVQQDDCBwb3Np
-eGx5Y29ycmVjdC5jb20gZ2F0ZWtlZXBlciBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAKxjqIpRxIu2yPejUbyMixZACESrbmIGOhhxwUu1ys6aYPOZ
-7yQMs5xuJXcgCuD7Oba1eBi+CpLhyvgZlyLrCfxoCzTdAeeXq0EB7YUn8IYEN3dR
-e+yds//zkjRzbXAaIbUoAF8XaXgylOSIXLNrh0TTjNscC+TPYvKSbaDhdICOZ1ky
-u08w5QdOoi1W8FNJd4LKIKWQZW3dMeNaBbKnt9R4mjL28tE5gP6ZYUvcCIoqYAbE
-DSNq29lXsmDzbD914bN5wYoTP3A+k8QG6eYGb10YgaaJ0TBxeLzadVBq7gFylMt3
-1LTNmH/v+l73IYfiDV4O3d33cg0VOKqiD48WCnkCAwEAAaOBpTCBojAMBgNVHRME
-BTADAQH/MB0GA1UdDgQWBBStVj4YoMTnD+XZ+doBI7Ao17Gg3DBmBgNVHSMEXzBd
-gBStVj4YoMTnD+XZ+doBI7Ao17Gg3KEvpC0wKzEpMCcGA1UEAwwgcG9zaXhseWNv
-cnJlY3QuY29tIGdhdGVrZWVwZXIgQ0GCFEAgQKBUkK2MdOtz5yt1yojiUqb0MAsG
-A1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAZgbpPdkhAbrbA7Y63WI2Bo26
-tPVCZpsEKiwpyEbDDC+NVrbOit1kQg/j26RuXLDVg19IfXk407FVFVGYVJNE+kXt
-KjyKCGyyZUBQRebCN8kzFsCQ/AJSfzNKQhEK68rchSH66mbjtOtItkdVZRnq0pWI
-7WXlTIxK8KTcAx2V/ijyalCENUpwRWfM4Qnkqsi82Dx9e8V0TRCLomW7IQok4dre
-F6IolUHw9ZuSC10/T8n8+riqWBWEisBGLz79OrdETdHK9A5gpNHRF+sO9JAhVr/t
-exBWTEJ33BeI0NX87d0Pneun4nss5FsLst+Ut7Y0F2QF2Iar1iERUalHVIjCtA==
-----END CERTIFICATE-----
--- a/sys/default.nix
+++ b/sys/default.nix
@ -62,7 +62,7 @@ with lib; {
      group = "fabian";
      shell = pkgs.zsh;
      extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"];
-      openssh.authorizedKeys.keyFiles = [../pki/fabian.pub];
+      openssh.authorizedKeys.keyFiles = [../pki/fabian.ssh];
    };
    groups.fabian.gid = 1000;
  };
--- a/sys/srv/authentik.nix
+++ b/sys/srv/authentik.nix
@ -0,0 +1,110 @@
+{
+  lib,
+  pkgs,
+  flakes,
+  ...
+}:
+with lib; {
+  imports = [flakes.authentik-nix.nixosModules.default];
+
+  options = {
+    services.nginx.virtualHosts = mkOption {
+      type = with lib.types;
+        attrsOf (
+          submodule
+          (
+            {config, ...}: {
+              options = {
+                enableAuthentik = mkOption {
+                  default = false;
+                  type = bool;
+                };
+                locations = mkOption {
+                  type = attrsOf (
+                    submodule {
+                      config = mkIf config.enableAuthentik {
+                        extraConfig = ''
+                          auth_request        /outpost.goauthentik.io/auth/nginx;
+                          error_page          401 = @goauthentik_proxy_signin;
+                          auth_request_set $auth_cookie $upstream_http_set_cookie;
+                          add_header Set-Cookie $auth_cookie;
+
+                          # translate headers from the outposts back to the actual upstream
+                          auth_request_set $authentik_username $upstream_http_x_authentik_username;
+                          auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
+                          auth_request_set $authentik_email $upstream_http_x_authentik_email;
+                          auth_request_set $authentik_name $upstream_http_x_authentik_name;
+                          auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
+
+                          proxy_set_header X-authentik-username $authentik_username;
+                          proxy_set_header X-authentik-groups $authentik_groups;
+                          proxy_set_header X-authentik-email $authentik_email;
+                          proxy_set_header X-authentik-name $authentik_name;
+                          proxy_set_header X-authentik-uid $authentik_uid;
+                        '';
+                      };
+                    }
+                  );
+                };
+              };
+              config = mkIf config.enableAuthentik {
+                extraConfig = ''
+                  proxy_buffers 8 16k;
+                  proxy_buffer_size 32k;
+
+                  location /outpost.goauthentik.io {
+                    proxy_pass          http://localhost:9000/outpost.goauthentik.io;
+                    # ensure the host of this vserver matches your external URL you've configured
+                    # in authentik
+                    proxy_set_header    Host $host;
+                    proxy_redirect      http://localhost:9000 https://auth.posixlycorrect.com;
+                    proxy_set_header    X-Original-URL $scheme://$http_host$request_uri;
+                    add_header          Set-Cookie $auth_cookie;
+                    auth_request_set    $auth_cookie $upstream_http_set_cookie;
+
+                    # required for POST requests to work
+                    proxy_pass_request_body off;
+                    proxy_set_header Content-Length "";
+                  }
+
+                  location @goauthentik_proxy_signin {
+                    internal;
+                    add_header Set-Cookie $auth_cookie;
+                    return 302 /outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
+                    # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
+                    # return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
+                  }
+                '';
+              };
+            }
+          )
+        );
+    };
+  };
+
+  config = {
+    services = {
+      authentik = {
+        enable = true;
+        environmentFile = "/var/trust/authentik/authentik-env";
+        nginx = {
+          enable = true;
+          enableACME = true;
+          host = "auth.posixlycorrect.com";
+        };
+        settings = {
+          email = {
+            host = "smtp.fastmail.com";
+            port = 587;
+            username = "fabianmontero@fastmail.com";
+            use_tls = true;
+            use_ssl = false;
+            from = "auth@posixlycorrect.com";
+          };
+          disable_startup_analytics = true;
+          avatars = "initials";
+        };
+      };
+    };
+  };
+}
--- a/sys/srv/default.nix
+++ b/sys/srv/default.nix
@ -10,12 +10,15 @@ with lib; {
    ./net.nix
    ./mediawiki.nix
    ./jitsi.nix
-    ./matrix.nix
+    # ./matrix.nix currently not being used
    ./forgejo.nix
    ./vaultwarden.nix
    ./bepasty.nix
    ./jellyfin.nix
    ./msmtp.nix
    ./kuma.nix
+    # ./authentik.nix  consumes too much RAM and serves no purpose for now
+    ./paperless.nix
+    ./trilium.nix
  ];
 }
--- a/sys/srv/firefly.nix
+++ b/sys/srv/firefly.nix
@ -0,0 +1,33 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  services = {
+    nginx = {
+      virtualHosts."firefly.posixlycorrect.com" = {
+        enableACME = true;
+        forceSSL = true;
+        extraConfig = ''
+          proxy_headers_hash_max_size 512;
+          proxy_headers_hash_bucket_size 128;
+        '';
+      };
+    };
+
+    firefly-iii = {
+      enable = true;
+      user = "firefly-iii";
+      dataDir = "/var/lib/firefly-iii";
+      enableNginx = true;
+      virtualHost = "firefly.posixlycorrect.com";
+      settings = {
+        SITE_OWNER = "fabian@posixlycorrect.com";
+        DB_CONNECTION = "sqlite";
+        APP_ENV = "local";
+        APP_KEY_FILE = /var/trust/firefly/key_file;
+      };
+    };
+  };
+}
--- a/sys/srv/forgejo.nix
+++ b/sys/srv/forgejo.nix
@ -39,6 +39,7 @@ with lib; {
        useWizard = false;
        settings = {
          general.APP_NAME = "posixlycorrect";
+          ui.DEFAULT_THEME = "forgejo-dark";
          server = {
            DOMAIN = "git.posixlycorrect.com";
            ROOT_URL = "https://git.posixlycorrect.com";
--- a/sys/srv/jitsi.nix
+++ b/sys/srv/jitsi.nix
@ -12,13 +12,6 @@ with lib; {
        extraConfig = ''
          proxy_headers_hash_max_size 512;
          proxy_headers_hash_bucket_size 128;
-
-            ssl_verify_depth 1;
-            ssl_verify_client on;
-            ssl_client_certificate ${../../pki/gatekeeper_ca.pem};
-            if ($ssl_client_verify != "SUCCESS") {
-              return 403;
-            }
        '';
      };
    };
--- a/sys/srv/mediawiki.nix
+++ b/sys/srv/mediawiki.nix
@ -53,6 +53,24 @@ with lib; {
      extensions = {
        # some extensions are included and can enabled by passing null
        VisualEditor = null;
+        CategoryTree = null;
+        CiteThisPage = null;
+        Scribunto = null;
+        Cite = null;
+        CodeEditor = null;
+        Math = null;
+        MultimediaViewer = null;
+        PdfHandler = null;
+        Poem = null;
+        SecureLinkFixer = null;
+        WikiEditor = null;
+        ParserFunctions = null;
+
+        TemplateStyles = pkgs.fetchzip {
+          url = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/TemplateStyles/+archive/refs/heads/wmf/1.42.0-wmf.9.tar.gz";
+          sha256 = "sha256-+EOwkDU8L0qQ4Wo3WDqNug4Pyz/PUhOiHKmNcFJO4G0=";
+          stripRoot = false;
+        };
      };
    };
  };
--- a/sys/srv/net.nix
+++ b/sys/srv/net.nix
@ -32,7 +32,29 @@ with lib; {
        "posixlycorrect.com" = {
          forceSSL = true;
          enableACME = true;
-          root = "${pkgs.local.homepage}";
+          locations = {
+            "/".root = "${pkgs.local.homepage}";
+
+            "~ ^/pki(?:/(.*))?$" = { # https://serverfault.com/a/476368
+              alias = "${../../pki}/$1";
+              extraConfig = ''
+                autoindex on;
+                autoindex_exact_size on;
+                autoindex_localtime on;
+                autoindex_format html;
+              '';
+            };
+
+            "~ ^/factorio_blueprints(?:/(.*))?$" = { # https://serverfault.com/a/476368
+              alias = "${../../cdn/factorio_blueprints}/$1";
+              extraConfig = ''
+                autoindex on;
+                autoindex_exact_size on;
+                autoindex_localtime on;
+                autoindex_format html;
+              '';
+            };
+          };
        };
      };
    };
--- a/sys/srv/paperless.nix
+++ b/sys/srv/paperless.nix
@ -0,0 +1,39 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  services = {
+    nginx = {
+      virtualHosts."docs.posixlycorrect.com" = {
+        enableACME = true;
+        forceSSL = true;
+        extraConfig = ''
+          proxy_headers_hash_max_size 512;
+          proxy_headers_hash_bucket_size 128;
+        '';
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:28981";
+        };
+      };
+    };
+
+    paperless = {
+      enable = true;
+      user = "paperless";
+      passwordFile = "/var/trust/paperless/passwordFile";
+      openMPThreadingWorkaround = true; # see https://github.com/NixOS/nixpkgs/issues/240591
+      address = "127.0.0.1";
+      port = 28981;
+      settings = {
+        PAPERLESS_URL = "docs.posixlycorrect.com";
+        PAPERLESS_OCR_LANGUAGE = "eng+spa";
+        PAPERLESS_APP_TITLE = "posixlycorrect";
+        PAPERLESS_OCR_USER_ARGS = {
+          "invalidate_digital_signatures" = true;
+          };
+      };
+    };
+  };
+}
--- a/sys/srv/trilium.nix
+++ b/sys/srv/trilium.nix
@ -0,0 +1,32 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  services = {
+    nginx = {
+      virtualHosts."notes.posixlycorrect.com" = {
+        enableACME = true;
+        forceSSL = true;
+        extraConfig = ''
+          proxy_headers_hash_max_size 512;
+          proxy_headers_hash_bucket_size 128;
+        '';
+      };
+    };
+
+    trilium-server = {
+      enable = true;
+      host = "127.0.0.1";
+      port = 8458;
+      noAuthentication = false;
+      instanceName = "posixlycorrect";
+      dataDir = "/var/lib/trilium";
+      nginx = {
+        enable = true;
+        hostName = "notes.posixlycorrect.com";
+      };
+    };
+  };
+}
Author	SHA1	Message	Date
Fabian Montero	b9a00a51e1	add firefly	2024-11-17 00:42:45 -06:00
Fabian Montero	75fe6138c0	add .txt extension so bps can be opened in browser	2024-11-15 16:06:45 -06:00
Fabian Montero	b460ed6e57	update factorio blueprints	2024-11-15 16:03:36 -06:00
Fabian Montero	e46d1dfef7	add cdn and factorio_blueprints	2024-10-29 01:25:23 -06:00
Fabian Montero	a462a2df0a	flake.lock: Update Flake lock file updates: • Updated input 'homepage': 'git+https://git.posixlycorrect.com/fabian/homepage.git?ref=master&rev=d26219c00d1f6070b85278c5efb3cd44ce6cc4eb' (2024-09-19) → 'git+https://git.posixlycorrect.com/fabian/homepage.git?ref=master&rev=c5ba6530fb371d09faf933a08efb288b037705f8' (2024-09-19)	2024-09-18 20:59:41 -06:00
Fabian Montero	7fb0835247	flake.lock: Update Flake lock file updates: • Updated input 'homepage': 'git+https://git.posixlycorrect.com/fabian/homepage.git?ref=master&rev=a49523cc42d61e0dac0d3dcb01cc1ca3fad7070c' (2024-09-04) → 'git+https://git.posixlycorrect.com/fabian/homepage.git?ref=master&rev=d26219c00d1f6070b85278c5efb3cd44ce6cc4eb' (2024-09-19)	2024-09-18 20:55:05 -06:00
Fabian Montero	eda3ab9aab	add index of pki	2024-09-18 20:51:09 -06:00
Fabian Montero	9aa997637f	invalidate_digital_signatures in paperless	2024-09-18 18:03:38 -06:00
Fabian Montero	e536c096ce	flake.lock: Update Flake lock file updates: • Updated input 'conduwuit/complement': 'github:matrix-org/complement/6e4426a9e63233f9821a4d2382bfed145244183f' (2024-07-30) → 'github:matrix-org/complement/0d14432e010482ea9e13a6f7c47c1533c0c9d62f' (2024-07-10) • Updated input 'impermanence': 'github:nix-community/impermanence/23c1f06316b67cb5dabdfe2973da3785cfe9c34a' (2024-06-22) → 'github:nix-community/impermanence/c7f5b394397398c023000cf843986ee2571a1fd7' (2024-08-24) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/12bf09802d77264e441f48e25459c10c93eada2e' (2024-07-29) → 'github:nixos/nixpkgs/6e99f2a27d600612004fbd2c3282d614bfee6421' (2024-08-30) • Updated input 'unstable': 'github:nixos/nixpkgs/52ec9ac3b12395ad677e8b62106f0b98c1f8569d' (2024-07-28) → 'github:nixos/nixpkgs/12228ff1752d7b7624a54e9c1af4b222b3c1073b' (2024-08-31) • Updated input 'vpsadminos': 'github:vpsfreecz/vpsadminos/2c8ff8462a6f4aefb7bd2663d6ddbedd9d161f2c' (2024-07-27) → 'github:vpsfreecz/vpsadminos/605f2f6c56cb79eb66b2b7d3bec050342d7f43b7' (2024-09-03)	2024-09-04 14:14:42 -06:00
Fabian Montero	bf34e2fe8e	flake.lock: Update Flake lock file updates: • Updated input 'homepage': 'git+https://git.posixlycorrect.com/fabian/homepage.git?ref=master&rev=4fd192a71d19b79684ae544f4f8470aa777b968d' (2024-08-28) → 'git+https://git.posixlycorrect.com/fabian/homepage.git?ref=master&rev=a49523cc42d61e0dac0d3dcb01cc1ca3fad7070c' (2024-09-04)	2024-09-04 02:20:09 -06:00
Fabian Montero	ced4592c1a	add trilium	2024-09-04 02:18:22 -06:00
Fabian Montero	5bd11b2bd4	disable matrix	2024-09-04 01:47:49 -06:00
Fabian Montero	34b1a8e289	make forgejo default theme dark	2024-09-04 00:22:55 -06:00
Fabian Montero	c8057ed52c	deactivate authentik	2024-08-28 13:52:35 -06:00
Fabian Montero	f14f11be00	flake.lock: Update Flake lock file updates: • Updated input 'homepage': 'git+https://git.posixlycorrect.com/fabian/homepage.git?ref=master&rev=18b56328eda94579fb4727ba886888f6596f7d0a' (2024-08-23) → 'git+https://git.posixlycorrect.com/fabian/homepage.git?ref=master&rev=4fd192a71d19b79684ae544f4f8470aa777b968d' (2024-08-28)	2024-08-28 12:27:58 -06:00
Fabian Montero	0cafd83313	add paperless	2024-08-28 12:24:17 -06:00
Fabian Montero	f8324e96e6	add TemplateStyles extension to mediawiki	2024-08-28 11:32:21 -06:00
Fabian Montero	8ee952b958	add authentik	2024-08-27 19:12:09 -06:00
Fabian Montero	222ce4c296	add mediawiki extensions	2024-08-27 18:35:58 -06:00