fix: various kanidm, jitsi and general fixes

2025-05-22 16:50:34 +03:00
parent eb29949a03
commit 14e8cf359d
12 changed files with 44 additions and 71 deletions
--- a/auth/auth-module.nix
+++ b/auth/auth-module.nix
@@ -38,7 +38,7 @@ let
    pkgs.writeShellScript "${oauthClientID}-kanidm-ExecStartPost-script.sh" (
      ''
        export HOME=$RUNTIME_DIRECTORY/client_home
-        readonly KANIDM="${pkgs.kanidm}/bin/kanidm"
+        readonly KANIDM="${config.services.kanidm.package}/bin/kanidm"

        # try to get existing Kanidm service account
        KANIDM_SERVICE_ACCOUNT="$($KANIDM service-account list --name idm_admin | grep -E "^name: ${kanidmServiceAccountName}$")"
--- a/auth/auth.nix
+++ b/auth/auth.nix
@@ -62,7 +62,7 @@ lib.mkIf config.selfprivacy.sso.enable {
    enableServer = true;

    # kanidm with Rust code patches for OAuth and admin passwords provisioning
-    package = pkgs.kanidm.withSecretProvisioning;
+    package = pkgs.kanidm_1_5.withSecretProvisioning;

    serverSettings = {
      inherit domain;
@@ -158,7 +158,7 @@ lib.mkIf config.selfprivacy.sso.enable {

  systemd.services.kanidm.serviceConfig.ExecStartPre =
    # idempotent script to run on each startup only for kanidm v1.5.0
-    lib.mkIf (pkgs.kanidm.version == "1.5.0") (lib.mkBefore [ kanidmMigrateDbScript ]);
+    lib.mkIf (lib.versionAtLeast config.services.kanidm.package.version "1.5.0") (lib.mkBefore [ kanidmMigrateDbScript ]);

  selfprivacy.passthru.auth = {
    inherit