tlpui patch -> overlay

custom/tlpui/package.nix

@@ -0,0 +1,70 @@
+{
+  cairo,
+  fetchFromGitHub,
+  gobject-introspection,
+  gtk3,
+  lib,
+  pciutils,
+  python3Packages,
+  substituteAll,
+  tlp,
+  usbutils,
+  wrapGAppsHook,
+}:
+python3Packages.buildPythonPackage rec {
+  pname = "tlpui";
+  version = "1.6.5";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "d4nj1";
+    repo = "TLPUI";
+    rev = "refs/tags/tlpui-${version}";
+    hash = "sha256-pgzGhf2WDRNQ2z0hPapUJA5MLTKq92UlgjC+G78T/4s=";
+  };
+
+  patches = [
+    (substituteAll {
+      src = ./path.patch;
+      inherit tlp;
+    })
+  ];
+
+  # ignore test/test_tlp_settings.py asit relies on opening a gui which is non-trivial
+  pytestFlagsArray = [ "--ignore=test/test_tlp_settings.py" ];
+  nativeCheckInputs = [
+    gobject-introspection
+    python3Packages.pytestCheckHook
+  ];
+
+  build-system = [
+    wrapGAppsHook
+    python3Packages.poetry-core
+  ];
+
+  buildInputs = [ tlp ];
+
+  dependencies = [
+    gobject-introspection
+    gtk3
+    pciutils
+    python3Packages.pycairo
+    python3Packages.pygobject3
+    python3Packages.pyyaml
+    usbutils
+  ];
+
+  meta = {
+    changelog = "https://github.com/d4nj1/TLPUI/releases/tag/tlpui-${version}";
+    description = "A GTK user interface for TLP written in Python";
+    homepage = "https://github.com/d4nj1/TLPUI";
+    license = lib.licenses.gpl2Only;
+    longDescription = ''
+      The Python scripts in this project generate a GTK-UI to change TLP configuration files easily.
+      It has the aim to protect users from setting bad configuration and to deliver a basic overview of all the valid configuration values.
+    '';
+    platforms = lib.platforms.linux;
+    mainProgram = "tlpui";
+    maintainers = with lib.maintainers; [ grimmauld ];
+  };
+}

custom/tlpui/path.patch

@@ -0,0 +1,57 @@
+diff --git a/tlpui/file.py b/tlpui/file.py
+index f0f3ecb..a9ad7f8 100644
+--- a/tlpui/file.py
++++ b/tlpui/file.py
+@@ -26,7 +26,7 @@ def get_tlp_config_defaults(tlpversion: str):
+     tlpconfig_defaults = extract_default_tlp_configs(f"{settings.workdir}/defaults/tlp-{tlpversion}.conf")
+ 
+     # update default values with intrinsic ones
+-    intrinsic_defaults_path = f"{settings.FOLDER_PREFIX}/usr/share/tlp/defaults.conf"
++    intrinsic_defaults_path = f"@tlp@/share/tlp/defaults.conf"
+     tlpconfig_defaults.update(extract_default_tlp_configs(intrinsic_defaults_path))
+ 
+     return tlpconfig_defaults
+@@ -124,7 +124,10 @@ def create_tmp_tlp_config_file(changedproperties: dict) -> str:
+     filehandler, tmpfilename = mkstemp(dir=settings.TMP_FOLDER)
+     newfile = open(tmpfilename, mode='w', encoding='utf-8')
+ 
+-    oldfile = open(settings.tlpconfigfile, encoding='utf-8')
++    try:
++        oldfile = open(settings.tlpconfigfile, encoding='utf-8')
++    except FileNotFoundError:
++        oldfile = open("@tlp@/etc/tlp.conf", encoding='utf-8')
+     lines = oldfile.readlines()
+     oldfile.close()
+ 
+diff --git a/tlpui/mainui.py b/tlpui/mainui.py
+index 0242514..da59046 100644
+--- a/tlpui/mainui.py
++++ b/tlpui/mainui.py
+@@ -115,8 +115,12 @@ def changed_items_dialog(window, tmpfilename: str, dialogtitle: str, message: st
+     scrolledwindow.set_hexpand(True)
+     scrolledwindow.set_vexpand(True)
+ 
+-    with open(settings.tlpconfigfile, encoding='utf-8') as fromfile:
+-        fromfilecontent = fromfile.readlines()
++    try:
++        with open(settings.tlpconfigfile, encoding='utf-8') as fromfile:
++            fromfilecontent = fromfile.readlines()
++    except FileNotFoundError:
++        with open("@tlp@/etc/tlp.conf", encoding='utf-8') as fromfile:
++            fromfilecontent = fromfile.readlines()
+     with open(tmpfilename, encoding='utf-8') as tofile:
+         tofilecontent = tofile.readlines()
+     diff = settings.tlpbaseconfigfile + '\n\n'
+diff --git a/tlpui/settingshelper.py b/tlpui/settingshelper.py
+index 69481c0..d769029 100644
+--- a/tlpui/settingshelper.py
++++ b/tlpui/settingshelper.py
+@@ -20,7 +20,7 @@ def exec_command(commands: [str]):
+ 
+ def get_tlp_config_file(prefix: str) -> str:
+     """Select tlp config file by prefix."""
+-    return f"{prefix}/etc/tlp.conf"
++    return f"{prefix}/etc/tlp.d/30-tlpui.conf"
+ 
+ 
+ def check_binaries_exist(flatpak_folder_prefix: str) -> None:

fake_flake.nix

@@ -28,11 +28,11 @@ let
   };
 
   nixpkgs_patches = [
-    {
+#    {
-      # tlpui
+#      # tlpui
-      url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/305278.patch";
+#      url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/305278.patch";
-      hash = "sha256-vmzj7gF8jwHdqxN+dQiJ4MRxKpHvBTzbrUvFgt1DK8I=";
+#      hash = "sha256-vmzj7gF8jwHdqxN+dQiJ4MRxKpHvBTzbrUvFgt1DK8I=";
-    }
+#    }
   ];
 
   # enable ccache for lix if ccache is enabled

modules/auth.nix

@@ -0,0 +1,35 @@
+{config, ...}: let 
+  inherit (config.serverConfig) ports vhosts;
+  inherit (config.networking) domain;
+in {
+  
+
+  services.authentik = {
+    enable = true;
+    # The environmentFile needs to be on the target host!
+    # Best use something like sops-nix or agenix to manage it
+    environmentFile = "/run/secrets/authentik/authentik-env";
+
+    # authentik_env.age
+
+    age.secrets.authentik_env = {
+      file = ../secrets/authentik_env.age;
+      owner = "authentik";
+      group = "authentik";
+      mode = "0600";
+    };
+
+    settings = {
+      email = rec {
+        host = vhosts.mail_host.host;
+        port = 465;
+        username = "admin@${domain}";
+        use_tls = true;
+        use_ssl = true;
+        from = username;
+      };
+      disable_startup_analytics = true;
+      avatars = "initials";
+    };    
+  };
+}

modules/default.nix

@@ -138,10 +138,12 @@ in
         puffer_host = {
           port = 8080;
           host = "puffer.${domain}";
+          accessType = "proxy";
         };
         tlemap_host = {
           port = 8100;
           host = "tlemap.${domain}";
+          accessType = "proxy";
         };
         mail_host = {
           host = "mail.${domain}";
@@ -150,6 +152,7 @@ in
         gitea_host = {
           host = "git.${domain}";
           port = 8081;
+          accessType = "proxy";
         };
         matrix_host = {
           accessType = "redirect";
@@ -162,6 +165,7 @@ in
         };
         grafana_host = {
           host = "grafana.${domain}";
+          accessType = "proxy";
           port = 8082;
         };
         nextcloud_host = rec {
@@ -172,12 +176,15 @@ in
         };
         mastodon_host = {
           host = "mastodon.${domain}";
-          accessType = "none";
         };
-        nix_cache_host = rec {
+        nix_cache_host = {
           host = "nixcache.${domain}";
           port = 5000;
-
+        };
+        auth_host = {
+          host = "auth.${domain}";
+          port = 9443;
+          accessType = "proxy";
         };
       };
     };

overlays/default.nix

@@ -24,6 +24,7 @@
       [
         ./matrix-appservice-discord.nix
         ./deskwhich.nix
+        ./tlpui.nix
         ./mcontrolcenter.nix
         ./ccache-wrapper.nix
       ];

overlays/tlpui.nix

@@ -0,0 +1,4 @@
+{ final, prev, ... }:
+{
+  tlpui = prev.callPackage ../custom/tlpui/package.nix { };
+}

secrets/authentik_env.age

@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-rsa jWbwAg
+wOku8nfaZn+SYKhPgDbnU2OFXP7bBnrhE8H87YRgkg2eReMD1t4fzg6GiGCW9Urj
+ia3xivhGNq6GavB7RS1LKx3cRqjjIXHdtG0XERe72vY6bjfbA4afamJI6pKLzmti
+M5dhZpqOA1WPrkZTGy+f6P+klpl3WEUg+vyslcfIO3pRPwazebER8EwtlxEzZkCH
+HM015bFmJJQ26WD9wNj4IhpuOi6BO1ZtcyiEJigs8ylCnoBH9D8okaMzqlEb8G1E
+MhCb4umcrXsNHux4qG33NQbo/ZaN8+1tPnOpkSE2wslYy8gvFaMSCWcHVzpf1tlL
+GpDheRXrbN+cgczpmSD2CECv8EWLcI5fvqsKRRbH2WHvKa9tcwc9RKPWeeL9flNX
+wpqQMbUBGGbXPJNd/D63xNKCOEcZuskRwiSgGYqrr864YY1kFvBxRM2BP/xcpKRh
+2YKHrL4Bp/It5NHnkVSWqxF6CnajuXEL+R2Yh8aIl932gOpCwZSGkZnqVbLsdX3i
+x3tFmB+Cfi9yrIWSPtxy2yswj09OT1sVkaDPRzYW3GD8JMQIl7INn9QdW9O9AzoE
+Nhr44vbc1pnSjWucxaCD3+htt0PZLELV4001xlBFkpyuErjZcgJ3/x1rhKeXPwpo
+q70dkDXEetnkfXiZ8uDKzeAzXBMEFjui5v/PcB4tHQA
+--- bv5wWftXB8PIPk8118XQEhVViIO6FTX2ywc8R27770I
+=zø4š¶<C5A1>}
!IÇ-w©Èƒ×Á8"Ô¶Ö=Ö³@#1
í†öXRôÀÔwl˜IÚ
’=¥!N¼{#<23>NLÞ9qØo<C398>Õu¾D¦*ÈôŽñ‚8ªa©ô<C2A9>œNë°ô‹UUºá–æ(¬aMœA
™§åy+ü×AKx™C<E284A2>Û5–qÅ[qÞPæË	dÉìÌt?}ò}½{›n´X

secrets/secrets.nix

@@ -13,6 +13,8 @@ in
 
   # "duckdns_token.age".publicKeys = [ contabo_nix_pub ];
   "synapse_db_pass.age".publicKeys = [ contabo_nix_pub ];
+  "authentik_env.age".publicKeys = [ contabo_nix_pub ];
+
   "synapse_db_pass_prepared.age".publicKeys = [ contabo_nix_pub ];
   "grafana_admin_pass.age".publicKeys = [ contabo_nix_pub ];
   "nextcloud_admin_pass.age".publicKeys = [ contabo_nix_pub ];