diff --git a/darwin/kuro/homebrew.nix b/darwin/kuro/homebrew.nix index 178aa1de..03286eb0 100644 --- a/darwin/kuro/homebrew.nix +++ b/darwin/kuro/homebrew.nix @@ -14,6 +14,7 @@ "1password" "shapr3d" "orcaslicer" + "zed" ]; }; } diff --git a/home/apps/zed.nix b/home/apps/zed.nix index fd8ddaaa..52d153a3 100644 --- a/home/apps/zed.nix +++ b/home/apps/zed.nix @@ -6,4 +6,12 @@ home.packages = lib.optionals pkgs.stdenv.isLinux [ pkgs.zed-editor ]; + + zed-editor = { + enable = true; + }; + # xdg.configFile = { + # "zed/keymaps.json" = ''''; + # "zed/settings.json".source = ''''; + # }; } diff --git a/neovim/default.nix b/neovim/default.nix index 2877fc27..1943092c 100644 --- a/neovim/default.nix +++ b/neovim/default.nix @@ -381,30 +381,35 @@ in { }; }; rustaceanvim = { - enable = false; + enable = true; settings = { server = { - on_attach = rawLua '' - function(client, bufnr) - vim.keymap.set( - "n", - "a", - function() - vim.cmd.RustLsp('codeAction') -- supports rust-analyzer's grouping - -- or vim.lsp.buf.codeAction() if you don't want grouping. - end, - { silent = true, buffer = bufnr } - ) - vim.keymap.set( - "n", - "K", -- Override Neovim's built-in hover keymap with rustaceanvim's hover actions - function() - vim.cmd.RustLsp({'hover', 'actions'}) - end, - { silent = true, buffer = bufnr } - ) - end - ''; + on_attach = + rawLua + /* + lua + */ + '' + function(client, bufnr) + vim.keymap.set( + "n", + "a", + function() + vim.cmd.RustLsp('codeAction') -- supports rust-analyzer's grouping + -- or vim.lsp.buf.codeAction() if you don't want grouping. + end, + { silent = true, buffer = bufnr } + ) + vim.keymap.set( + "n", + "K", -- Override Neovim's built-in hover keymap with rustaceanvim's hover actions + function() + vim.cmd.RustLsp({'hover', 'actions'}) + end, + { silent = true, buffer = bufnr } + ) + end + ''; default_settings = { rust-analyzer = { inlayHints = { @@ -490,7 +495,7 @@ in { sourcekit.enable = true; openscad_lsp.enable = true; rust_analyzer = { - enable = true; + enable = false; installCargo = false; installRustc = false; settings = { diff --git a/nixos/mirai/services/authelia.nix b/nixos/mirai/services/authelia.nix index 12de9e3f..dab35d9c 100644 --- a/nixos/mirai/services/authelia.nix +++ b/nixos/mirai/services/authelia.nix @@ -1,11 +1,14 @@ {config, ...}: { sops = { - secrets = { - "authelia/servers/darksailor/jwtSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User; - "authelia/servers/darksailor/storageEncryptionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User; - "authelia/servers/darksailor/sessionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User; - "authelia/users/servius".owner = config.systemd.services.authelia-darksailor.serviceConfig.User; - users.owner = config.systemd.services.authelia-darksailor.serviceConfig.User; + secrets = let + user = config.systemd.services.authelia-darksailor.serviceConfig.User; + in { + "authelia/servers/darksailor/jwtSecret".owner = user; + "authelia/servers/darksailor/storageEncryptionSecret".owner = user; + "authelia/servers/darksailor/sessionSecret".owner = user; + "authelia/users/servius".owner = user; + "authelia/oidc/immich".owner = user; + users.owner = user; }; }; services = { @@ -19,6 +22,40 @@ path = "/run/secrets/users"; }; }; + identity_providers = { + odic = { + clients = [ + { + client_id = "immich"; + client_name = "immich"; + client_secret = ''{{ fileContent "${config.sops.secrets."authelia/oidc/immich".path}" }}''; + public = false; + authorization_policy = "two_factor"; + require_pkce = false; + pkce_challenge_method = ""; + redirect_uris = [ + "https://photos.darksailor.dev/auth/login" + "https://photos.darksailor.dev/user-settings" + "app.immich:///oauth-callback" + ]; + scopes = [ + "openid" + "profile" + "email" + ]; + response_types = [ + "code" + ]; + grant_types = [ + "authorization_code" + ]; + access_token_signed_response_alg = "none"; + userinfo_signed_response_alg = "none"; + token_endpoint_auth_method = "client_secret_post"; + } + ]; + }; + }; session = { cookies = [ { @@ -79,9 +116,6 @@ }; }; }; - # log = { - # file_path = "/tmp/authelia.log"; - # }; }; secrets = { jwtSecretFile = config.sops.secrets."authelia/servers/darksailor/jwtSecret".path; diff --git a/nixos/mirai/services/immich.nix b/nixos/mirai/services/immich.nix index a6b0b7e7..9e68ede5 100644 --- a/nixos/mirai/services/immich.nix +++ b/nixos/mirai/services/immich.nix @@ -1,5 +1,5 @@ {...}: { services.immich = { - enable = false; + enable = true; }; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 39700bba..a71bcc6e 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -25,6 +25,8 @@ authelia: jwtSecret: ENC[AES256_GCM,data:oRK/nkkcziFVma7WHHyIxtSjQIKIwfBXZ3TYhZ6qDz9aDxzuU/nWBg==,iv:e3IyqU242YZK/qV/x541jrRAkBKLwhW3ifyGP/9MJIk=,tag:PiN2YOSDLcf10HkAgEgz7Q==,type:str] storageEncryptionSecret: ENC[AES256_GCM,data:cJx0HpsAXqqt4cSQduh4NUVb+czQCkMnSn35HNtLDzqoAMAZOxnNCNsd9Rpq0VySyZc4TzSiN+9tPLj1,iv:r1w4hYKWn/Guwuk13Fg831r5bUm02PJw/IoNDTMbdOg=,tag:5vMdpJ6fTT4YvT/5gGy94Q==,type:str] sessionSecret: ENC[AES256_GCM,data:50h5JbQneCjEdTO34T6zDNzXSeeyV1MyuS034gZgwddg8Z/KAGMDWQ==,iv:SsD8YmzXzF2KhRg76tjNRyjpOZsD/jP6M8PgNCuSlcg=,tag:dfW1m6UUubD6Go1HS5yoLw==,type:str] + oidc: + immich: ENC[AES256_GCM,data:p11v+4I07FSW/pYk4l5fBlOQ2YczU0eoOvyLq/V62hY=,iv:NuHdsdLL+krQR2BZtMOcZL2zTHYjzoXbvKZLDWe36io=,tag:E8dkaQpSf+pzW18M+lqFGw==,type:str] lldap: jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str] seed: ENC[AES256_GCM,data:zMBZP4GeGkQ4chC9eQ4tG8vTqbxZj4iQMKCj0WQd1qOWVTibpk6VylnFz5ugmeMR,iv:5ZFf/r683AHVlpp7iN9B6nY1b8tD/JSCxRN4vXT1cRM=,tag:MmeGpK9d2GFP3etr9Ouvkg==,type:str] @@ -53,7 +55,7 @@ sops: VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-26T15:11:16Z" - mac: ENC[AES256_GCM,data:ebMRGGCyzv5J6nXKOU5Ztacs2KU7Z9UZYC1B2n0NqZcakKmmkAeE6yb4Q83bRd1uys3ERuX6GU1S1lK0B5sd3ArDBXi7L1v4bM4SW5l6jfQIq1Yb2vUwMSCEniMsw5qesmaFhyqm4ppT8JLbidixgTL7dnQHVsefvuAdG01EIbU=,iv:oTbuNlUfV8IOGuwlbZJPiIpodo0CMl0mHCGttIX6xBU=,tag:IWvF6O7TQBqgvuuueZsyfw==,type:str] + lastmodified: "2025-07-28T11:23:30Z" + mac: ENC[AES256_GCM,data:lAaVNBji1kslL5pCYBABP3X8n1AFQ1ocFgPCRmlipLPt9dVVwzKDokI75xWztOTVU/ydkz/AQjHkeunPc0bl3lhukrpLAulpQLFTV/+zy2ku3nStCrpx93bmjO0KWb9GvjidITVOvr4WzOZUSsq45Im4gJgpFXDyCXg/8HsY6K0=,iv:vh7GdrwU+T4AkZS7uWljagA11itG1QEs2JdwSqbqmtc=,tag:VpCVyr4TxWYCWfssXz4QyQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2