auth: upgrade kanidm to 1.5
This commit is contained in:
Alexander Tomokhov
committed by
Inex Code
Inex Code
parent
356f9ddb91
commit
043c192fb7
@@ -1,4 +1,4 @@
|
|||||||
nixpkgs-2411: { config, lib, pkgs, ... }:
|
nixos-unstable: { config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
domain = config.selfprivacy.domain;
|
domain = config.selfprivacy.domain;
|
||||||
subdomain = "auth";
|
subdomain = "auth";
|
||||||
@@ -85,11 +85,10 @@ lib.mkIf config.selfprivacy.sso.enable {
|
|||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
(
|
(
|
||||||
_final: prev: {
|
_final: prev: {
|
||||||
inherit (nixpkgs-2411.legacyPackages.${prev.system}) kanidm;
|
inherit (nixos-unstable.legacyPackages.${prev.system})
|
||||||
kanidm-provision =
|
kanidm
|
||||||
(nixpkgs-2411.legacyPackages.${prev.system}).callPackage
|
kanidm-provision
|
||||||
./kanidm-provision.nix
|
;
|
||||||
{ };
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
];
|
];
|
||||||
|
|||||||
@@ -1,52 +0,0 @@
|
|||||||
{
|
|
||||||
lib,
|
|
||||||
rustPlatform,
|
|
||||||
fetchFromGitHub,
|
|
||||||
yq,
|
|
||||||
versionCheckHook,
|
|
||||||
nix-update-script,
|
|
||||||
nixosTests,
|
|
||||||
}:
|
|
||||||
|
|
||||||
rustPlatform.buildRustPackage rec {
|
|
||||||
pname = "kanidm-provision";
|
|
||||||
version = "1.2.0";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "oddlama";
|
|
||||||
repo = "kanidm-provision";
|
|
||||||
tag = "v${version}";
|
|
||||||
hash = "sha256-+NQJEAJ0DqKEV1cYZN7CLzGoBJNUL3SQAMmxRQG5DMI=";
|
|
||||||
};
|
|
||||||
|
|
||||||
postPatch = ''
|
|
||||||
tomlq -ti '.package.version = "${version}"' Cargo.toml
|
|
||||||
'';
|
|
||||||
|
|
||||||
useFetchCargoVendor = true;
|
|
||||||
cargoHash = "sha256-uo/TGyfNChq/t6Dah0HhXhAwktyQk0V/wewezZuftNk=";
|
|
||||||
|
|
||||||
nativeBuildInputs = [
|
|
||||||
yq # for `tomlq`
|
|
||||||
];
|
|
||||||
|
|
||||||
nativeInstallCheckInputs = [ versionCheckHook ];
|
|
||||||
versionCheckProgramArg = "--version";
|
|
||||||
doInstallCheck = true;
|
|
||||||
|
|
||||||
passthru = {
|
|
||||||
tests = { inherit (nixosTests) kanidm-provisioning; };
|
|
||||||
updateScript = nix-update-script { };
|
|
||||||
};
|
|
||||||
|
|
||||||
meta = {
|
|
||||||
description = "A small utility to help with kanidm provisioning";
|
|
||||||
homepage = "https://github.com/oddlama/kanidm-provision";
|
|
||||||
license = with lib.licenses; [
|
|
||||||
asl20
|
|
||||||
mit
|
|
||||||
];
|
|
||||||
maintainers = with lib.maintainers; [ oddlama ];
|
|
||||||
mainProgram = "kanidm-provision";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
34
flake.lock
generated
34
flake.lock
generated
@@ -1,5 +1,21 @@
|
|||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
|
"nixos-unstable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1744463964,
|
||||||
|
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1734835170,
|
"lastModified": 1734835170,
|
||||||
@@ -15,26 +31,10 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-2411": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1738435198,
|
|
||||||
"narHash": "sha256-5+Hmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "f6687779bf4c396250831aa5a32cbfeb85bb07a3",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"ref": "nixos-24.11",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
|
"nixos-unstable": "nixos-unstable",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-2411": "nixpkgs-2411",
|
|
||||||
"selfprivacy-api": "selfprivacy-api"
|
"selfprivacy-api": "selfprivacy-api"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = github:nixos/nixpkgs;
|
nixpkgs.url = github:nixos/nixpkgs;
|
||||||
nixpkgs-2411.url = github:nixos/nixpkgs/nixos-24.11;
|
nixos-unstable.url = github:nixos/nixpkgs/nixos-unstable;
|
||||||
|
|
||||||
selfprivacy-api.url =
|
selfprivacy-api.url =
|
||||||
git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git;
|
git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git;
|
||||||
@@ -11,7 +11,7 @@
|
|||||||
selfprivacy-api.inputs.nixpkgs.follows = "nixpkgs";
|
selfprivacy-api.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, nixpkgs-2411, selfprivacy-api }: {
|
outputs = { self, nixpkgs, nixos-unstable, selfprivacy-api }: {
|
||||||
nixosConfigurations-fun =
|
nixosConfigurations-fun =
|
||||||
{ hardware-configuration
|
{ hardware-configuration
|
||||||
, deployment
|
, deployment
|
||||||
@@ -25,7 +25,7 @@
|
|||||||
hardware-configuration
|
hardware-configuration
|
||||||
deployment
|
deployment
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
(import ./auth/auth.nix nixpkgs-2411)
|
(import ./auth/auth.nix nixos-unstable)
|
||||||
{
|
{
|
||||||
disabledModules = [ "services/security/kanidm.nix" ];
|
disabledModules = [ "services/security/kanidm.nix" ];
|
||||||
imports = [ ./auth/kanidm.nix ];
|
imports = [ ./auth/kanidm.nix ];
|
||||||
|
|||||||
Reference in New Issue
Block a user