From 18403cff706ab8efd6448aca39cb77ca2045c375 Mon Sep 17 00:00:00 2001
From: Lucy Hochkamp <git@xyno.systems>
Date: Thu, 27 Feb 2025 09:54:58 +0100
Subject: [PATCH] add hedgedoc to sso

---
 flake.lock                          |  62 ++++++++++++++--------------
 hosts/theseus/default.nix           |   2 +-
 hosts/theseus/river.nix             |  16 ++++++-
 nixos-modules/services/hedgedoc.nix |  14 +++----
 secrets/hedgedocSecret.age          | Bin 1146 -> 1210 bytes
 5 files changed, 53 insertions(+), 41 deletions(-)

diff --git a/flake.lock b/flake.lock
index 1b6b06e4..b1d49507 100644
--- a/flake.lock
+++ b/flake.lock
@@ -68,11 +68,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739229629,
-        "narHash": "sha256-zUWKsviMuelgB4PJNJuLZi/yvHnaLb1wZ9mOATjj9eM=",
+        "lastModified": 1739933872,
+        "narHash": "sha256-UhuvTR4OrWR+WBaRCZm4YMkvjJhZ1KZo/jRjE41m+Ek=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "a36049dac55b6b00536ce8fb601ad3dd1cd8ba8c",
+        "rev": "6ab392f626a19f1122d1955c401286e1b7cf6b53",
         "type": "github"
       },
       "original": {
@@ -177,11 +177,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1738683842,
-        "narHash": "sha256-Igl76UYv7D/aJ7K7CbZxlBvmvzbfyNK7DOfw+Ub+M5Y=",
+        "lastModified": 1740317838,
+        "narHash": "sha256-Ukj9bWILZB69E1X+C+zrzNw+p0Bp9UKO2BoNGCeqLQQ=",
         "owner": "SofusA",
         "repo": "helix-pull-diagnostics",
-        "rev": "3fb39042d480bb6e24b8473ff1eb31058846f55f",
+        "rev": "73d716d71d52dd461479fab6ffd23e6612ebf4c4",
         "type": "github"
       },
       "original": {
@@ -219,11 +219,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736373539,
-        "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
+        "lastModified": 1739757849,
+        "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
+        "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
         "type": "github"
       },
       "original": {
@@ -256,11 +256,11 @@
       },
       "locked": {
         "dir": "nix",
-        "lastModified": 1737910997,
-        "narHash": "sha256-Q9g8erFLGov37CdtMcVm5V/u+PMtwQa7lVz4oIz43sQ=",
+        "lastModified": 1739976554,
+        "narHash": "sha256-iBsa9Gyc9q1pBxpvwBkZWFPx3aNZgqtqtehuTjymZ20=",
         "ref": "feat-tap-overlap",
-        "rev": "3b653692891c0231e7cc8844e142008296448217",
-        "revCount": 912,
+        "rev": "900ef1359ea5f632f490be2e259aa3b409f5855e",
+        "revCount": 942,
         "type": "git",
         "url": "https://github.com/jokesper/kmonad"
       },
@@ -324,11 +324,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1738816619,
-        "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=",
+        "lastModified": 1740387674,
+        "narHash": "sha256-pGk/aA0EBvI6o4DeuZsr05Ig/r4uMlSaf5EWUZEWM10=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "2eccff41bab80839b1d25b303b53d339fbb07087",
+        "rev": "d58f642ddb23320965b27beb0beba7236e9117b5",
         "type": "github"
       },
       "original": {
@@ -384,11 +384,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1739229610,
-        "narHash": "sha256-se+XO93QNFc9Krf7pf5TvR4lKC6jh+oWV/+EomsMeZ8=",
+        "lastModified": 1740394027,
+        "narHash": "sha256-o5MrBsmDCm9QCoH5hMGWy9z5ZCb+TbZNp/jJqwri1s4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ba4ca7f603ef577e16e76900e6be48329339d50e",
+        "rev": "d7cbc931b382b2405f35b4c96497f44adf1d971e",
         "type": "github"
       },
       "original": {
@@ -400,11 +400,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1739055578,
-        "narHash": "sha256-2MhC2Bgd06uI1A0vkdNUyDYsMD0SLNGKtD8600mZ69A=",
+        "lastModified": 1740162160,
+        "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a45fa362d887f4d4a7157d95c28ca9ce2899b70e",
+        "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9",
         "type": "github"
       },
       "original": {
@@ -469,11 +469,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739316033,
-        "narHash": "sha256-yHBsu5I2GOTaMzqEYXfDWzEH+pTpNKp/Ew/8x+cVCZg=",
+        "lastModified": 1740360867,
+        "narHash": "sha256-aT6GCM7hzfQRyuoWB0CWCk19FYXLAprHT8rbsa65gMc=",
         "owner": "SEIAROTg",
         "repo": "quadlet-nix",
-        "rev": "31e4175bdc1cee453f66cada21f9dd6eb90e507f",
+        "rev": "51d1bbcedd2ae675e971f36ed0dcb90f2cb0c10f",
         "type": "github"
       },
       "original": {
@@ -515,11 +515,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739209199,
-        "narHash": "sha256-IXemY38IgENRcnBw2/0hBkUU8dNwZr+kzrrVQd4EH/o=",
+        "lastModified": 1740374295,
+        "narHash": "sha256-448BUOpYTaKz3OjJeScqHMYx043LnVP0ok3FP9y14ow=",
         "owner": "sofusa",
         "repo": "roslyn-language-server",
-        "rev": "e1e9831f8fc83121f87516b00401cca409392c29",
+        "rev": "fdc150d0881df030fc125b0a8db9d83826861fe8",
         "type": "github"
       },
       "original": {
@@ -743,11 +743,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1739161281,
-        "narHash": "sha256-cMM5E5EzEnfQFdBurCVqCi9mhsmRCeaEJB4iskPsQ1o=",
+        "lastModified": 1740390943,
+        "narHash": "sha256-F8EuAkiLuDZlJ+jKaSJENVZnLz0/9T2rq7qB7vuUIak=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "0e962f036e6e2a9dde28f37d80104c7ea477a801",
+        "rev": "e8ac7b958a121a4fdb7daf14894c9c029054b9f6",
         "type": "github"
       },
       "original": {
diff --git a/hosts/theseus/default.nix b/hosts/theseus/default.nix
index cceacb26..47732553 100644
--- a/hosts/theseus/default.nix
+++ b/hosts/theseus/default.nix
@@ -211,7 +211,7 @@
       # firefox
       obsidian
       thunderbird
-      orca-slicer
+      # unstable.orca-slicer
       diebahn
       vlc
       dolphin
diff --git a/hosts/theseus/river.nix b/hosts/theseus/river.nix
index b71bd198..0bdebec6 100644
--- a/hosts/theseus/river.nix
+++ b/hosts/theseus/river.nix
@@ -4,6 +4,16 @@ let
   # url = "https://gruvbox-wallpapers.pages.dev/wallpapers/anime/wallhaven-2e2xyx.jpg";
   # sha256 = "1zw1a8x20bp9mn9lx18mxzgzvzi02ss57r4q1lc9f14fsmzphnlq";
   # };
+  setRandomBackground = pkgs.writeScript "setBackground.sh" ''
+    #!/${pkgs.bash}/bin/bash
+    while true; do
+      FILENAME=''$(${pkgs.findutils}/bin/find /home/ragon/Pictures/backgrounds -type f | ${pkgs.coreutils}/bin/shuf -n 1)
+      ${pkgs.swaybg}/bin/swaybg -i $FILENAME -m fill &
+      PID=$!
+      sleep 1200
+      kill $PID
+    done
+  '';
   backgroundImage = "/home/ragon/Pictures/background.jpg";
   pow = n: i:
     if i == 1 then n
@@ -588,7 +598,8 @@ label:focus {
           timeout 300 'swaylock -i ${backgroundImage}' \
           timeout 600 'wlopm --off \*' resume 'wlopm --on \*' \
           before-sleep 'swaylock -i ${backgroundImage}' &
-      swaybg -i ${backgroundImage} &
+      # swaybg -i ${backgroundImage} &
+      ${setRandomBackground} &
       shikane &
       ${pkgs.mako}/bin/mako &
       # iwgtk likes to crash when restarting iwd
@@ -598,7 +609,8 @@ label:focus {
       signal-desktop &
       element-desktop &
       evolution &
-      ${pkgs.appimage-run}/bin/appimage-run /home/ragon/AppImages/KeePassXC-2.8.0-snapshot-x86_64.AppImage &
+      # ${pkgs.appimage-run}/bin/appimage-run /home/ragon/AppImages/KeePassXC-2.8.0-snapshot-x86_64.AppImage &
+      keepassxc &
     '';
   };
   # services.wired = {
diff --git a/nixos-modules/services/hedgedoc.nix b/nixos-modules/services/hedgedoc.nix
index 374886f6..9fbe17e5 100644
--- a/nixos-modules/services/hedgedoc.nix
+++ b/nixos-modules/services/hedgedoc.nix
@@ -25,16 +25,16 @@ in
         allowFreeURL = true;
         email = false;
         oauth2 = {
+          providerName = "authentik";
           clientID = "$CLIENT_ID";
           clientSecret = "$CLIENT_SECRET";
-          providerName = "xyno.systems SSO";
-          authorizationURL = "https://sso.xyno.systems/api/oidc/authorize";
-          tokenURL = "https://sso.xyno.systems/api/oidc/token";
-          userProfileURL = "https://sso.xyno.systems/api/oidc/userinfo";
-          scope = "openid profile email";
-          userProfileUsernameAttr = "sub";
-          userProfileEmailAttr = "email";
+          scope = "openid email profile";
+          userProfileURL = "https://auth.hailsatan.eu/application/o/userinfo/";
+          tokenURL = "https://auth.hailsatan.eu/application/o/token/";
+          authorizationURL = "https://auth.hailsatan.eu/application/o/authorize/";
+          userProfileUsernameAttr = "preferred_username";
           userProfileDisplayNameAttr = "name";
+          userProfileEmailAttr = "email";
         };
         domain = "${cfg.domain}";
         db = {
diff --git a/secrets/hedgedocSecret.age b/secrets/hedgedocSecret.age
index 71d5e495def67f00cc4af19c43549cc180d4ec0f..610d2e8d137994d6ab63c74240ec8eb921a27a78 100644
GIT binary patch
delta 1123
zcmeyxv5RwpPQ6o5a;SHeVU(+Xo>!r-Q?`3$cxZ)hWM)Win1x$GqG3>#wv&I3foD=^
zBv(~Ms&|D!q<5%xL1b=8Vx^0}hhtG<P^h0tZc;{ZvZHxcN@lKUR(X(fF_*5LLUD11
zZfc5=si~o*LTS23czC%&wq<dUVX8rBYOsq*QHW8pg<FtGp1D_HWxh*_L4JT^gh5b5
zQb1I3L4Z>vSE9a|L72C*yK#Y8URhqCZ&qljd2mHam5+OnfnQ`^j)AGRp+T;vPg+^_
z#E;_Pr3FFhjs+eOj(I-5d8OKk;eIZLCfUV7iNPfnrUfo3=_M7;?!La|`r-Lp{+Zb(
z;Vxmh#zltOzG0;%`N7FWE@uAPDZYm0nT{SI&OsKwq2WH>QKc4>;~B-n9E}Y93cd4O
zf^rLelglg}OC!pI{9VHfl8XXO!UKIX%nNh<B16+XDk2=YvQsQAyed3PJUxRfy?w*<
zEByToJ&PhtlEPi1%FNQd!rlFXEJ}QHtCA<5VU(zMNzQl6OU;ck^iNBvaMcbs@G$l(
zOLWTg3n>i?u{6w1s){HtFAJ<laZ2Y(&de~ZNV5zt$j%C?$gIfED=gGb%q=o5Fw~CH
zPc$>~F0?GyuCy#M@V7vZ0CPVdQ@?bDh~Th5mk5JQL%)=il&q4<s(SbA;DAVv)QXCr
zJol7Bm%_r}s4#!W6zB9vF4wZ+{M2ygGJU5!vm(F3tiUQ?ZT<Wb&#G**%2F4z%Bm7q
zqso9X7cY}!bn8rmb8?IV6*6*sQuLjR!+rDJ3X-)A^ODk2J)N`sU9-dU!?HrNOgu{J
zUGmMcJoJ+cO}PAgoPsJ1D>4f6gZ<4d@&cVLa<%<aGNZzZBOJ@Mi=BOnin7X!a*QiX
zO}KP*brmvvvcpU=P5j;b+?}(+Jj+V`%7R174T_!3eUtV5vkM~pQ=ENFEeb5llDXcB
zEDgWJpa0eVa@cpV&TiedwFldBMDH=Q*0bE()cbQ=R*NpvJgo&`KYm;MxHIRG*GBb?
zPSbwdFJqiCYu`lK&mz}0zC3?h!$z3da9U)a%DwYR)t6>nobmhMWs}<50#EPz&C{7<
zSGR2D39rBhDV$u2o2*W(;o6ry`}RA*7jh{t{;qoGSSfMe{@FjH!xx<yWRD9xxMO+u
zf9iqjRrQxc&qmdp7R&9LU>vsapxktg*J&!b5BBDIW*e6k?XD9tZE|hfC$&t5L+9(}
zrOm7FY@aik`$J)kaLLgdDNYAwtAz_Jmv|v|!LZnZ|N1WW|Br;G_O5fYoSan^lJIb{
zg5QM~PV@V2Pnj>)7jaZ;Q=h`=_g5sNj!#g1pK8#xSN33h^wNc%%WSQ_$>^}!Rd*HF
zoJx$4)mYw8x~kbRTYE*ok`$xA%kskh-Mg?)d@b`cZqLw6g^j0dJa^p)DYk4Y)Y*12
g((B&OrRAO);al&B)S2vmA=cV8&(qF9X2k|`0N<Ce4FCWD

delta 1059
zcmdnR`HN$MPJLFXc5r@SNx4~WRY_n~v9Xu0Pr18exj}xIzptyge@RlBds&5nZ?;!p
zAXlJ~k9(ziU`~2Ya)7^ESfaUyp@o;JvA#<{L{>&>WTLaFg=tt?nNy&pE0?aFLUD11
zZfc5=si~o*LTS23czC&jc~qp4kF$SLczTveMpQs~m7Awoeu{TsW?_(bn44o*NI`|S
zg{473R+wusS7mBtVTgOEds<qGdwQ6Mg^zY_P_n66u|<AKpubO$MMg?$Sw=~|fxln+
z#E;_P0paFJk?D@ff$0HR;pWEKMv(y-75-7VDdrLGk>!5I+CJsMq1l1SfmO*|{vqD(
z6*=LBWlo_v78a(3PEI)$1%X9{K1TVjLFJx-;VzZ#W;rGL$p)^I;~B-nOpGjY48u**
z-71rE+*4EZ&4b+xf|AXuB1=6YbIW{kl6}1#1HA$bih?7#0$j`-EsT>4a*Hi3EG^8V
z+$&uD@`LoXv&~#`jl)ZPf=hEM+|qo#v(hJ@VU(!P%Fi~p^e?bXDmM+&&WOr#^L0!q
z3UG4w3^yt^$n-LgFbOhF&B-^(3v}cv(sp$(DvzizNh~rqwJ1p|N{*;<G78M9DtF3C
zcQ1DKHS<p^%JFpzHZMkx0CPVdQ@?bDG*jOK3zzbuqSUnFD1*F6llmlQ%Zk);?TjqH
zpcK>WTnj(<iVT;k#8SghuI!M)(qfB@l=Si}@2GO4g7kc!91C*~7o+qX!!qyCNdKJN
zh?0oH@X{=d_%;pB$uSC4aIGpTunhGm_sx$eF7qkM&MP%3D)%<b3J7q|HMB5wvT&<6
zb_xo23yp9O<qE2F$<Ple^$a%2t1`7LE2_%&D2Ot1bMo*pDYW!(EzhjTE$}mS%k$1i
z=F-*GRR{@i_X~DU3^s`<^Kgy`NbxZ=2renjFfZ~q2(5_9&MEf`4~YskEb=Ny=X(6!
z#W$uoBrV7H)Q04U!@2+d?$~!^srvQJ^%eY29`vXtDwussVRl=+^XQ`Wf6DW1rpK1e
zVc5#6b(){Ke|N~HnQ6TLKPkNW+ODc7wq5Dqzf&u=CRbm4@xsmdz=43*hnK9r$g}-(
ztmo~UZDwDRM2s@~wKEHs^BZ)n`I=pvt9B~0W-FV+9pjpqkd4ZFS;7w8RMn9#ySsAJ
z#e47S<<D-6c=RH%@u7y>Z};ShO;11WI<@Q_+wDlc!=i3?R`a|OtvOROkJIX~p6b^b
z`MzZ>FXO(fx8CLyk;1?3xK*cw2%mo3J@xQ7jf)WtL05N6-QOm5dg|gG0oH+hOaV`J
zb}Zh+VPg5}9kcqKte0uwsk17tUNvs~DVi3Lq$B;h;Ec3%+JfEg5rGM1&N83ww|rPA
Qw=u!>%(YX?F79^)0KfB*eE<Le