thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add assertions: selfprivacy.sso.enable -> modules.*.enableSso

Browse Source
This commit is contained in:
Alexander Tomokhov
2025-02-03 01:51:19 +04:00
parent 331fa63b33
commit 1ff180ad1a
8 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
sp-modules/gitea/config-paths-needed.json
View File

@@ -11,6 +11,7 @@
[ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ], [ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
[ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ], [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
[ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ], [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
[ "selfprivacy", "sso", "enable" ],
[ "selfprivacy", "useBinds" ], [ "selfprivacy", "useBinds" ],
[ "services", "forgejo", "group" ], [ "services", "forgejo", "group" ],
[ "services", "forgejo", "package" ] [ "services", "forgejo", "package" ]

7
sp-modules/gitea/module.nix
View File

@@ -200,6 +200,13 @@ in
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (lib.mkMerge [
{ {
assertions = [
{
assertion = cfg.enableSso -> sp.sso.enable;
message =
"SSO cannot be enabled for Forgejo when SSO is disabled globally.";
}
];
fileSystems = lib.mkIf sp.useBinds { fileSystems = lib.mkIf sp.useBinds {
"/var/lib/gitea" = { "/var/lib/gitea" = {
device = "/volumes/${cfg.location}/gitea"; device = "/volumes/${cfg.location}/gitea";

1
sp-modules/nextcloud/config-paths-needed.json
View File

@@ -11,6 +11,7 @@
[ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ], [ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
[ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ], [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
[ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ], [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
[ "selfprivacy", "sso", "enable" ],
[ "selfprivacy", "useBinds" ], [ "selfprivacy", "useBinds" ],
[ "services", "nextcloud" ], [ "services", "nextcloud" ],
[ "services", "phpfpm", "pools", "nextcloud", "group" ], [ "services", "phpfpm", "pools", "nextcloud", "group" ],

7
sp-modules/nextcloud/module.nix
View File

@@ -152,6 +152,13 @@ in
# config = lib.mkIf sp.modules.nextcloud.enable # config = lib.mkIf sp.modules.nextcloud.enable
config = lib.mkIf sp.modules.nextcloud.enable (lib.mkMerge [ config = lib.mkIf sp.modules.nextcloud.enable (lib.mkMerge [
{ {
assertions = [
{
assertion = cfg.enableSso -> sp.sso.enable;
message =
"SSO cannot be enabled for Nextcloud when SSO is disabled globally.";
}
];
fileSystems = lib.mkIf sp.useBinds { fileSystems = lib.mkIf sp.useBinds {
"/var/lib/nextcloud" = { "/var/lib/nextcloud" = {
device = "/volumes/${cfg.location}/nextcloud"; device = "/volumes/${cfg.location}/nextcloud";

3
sp-modules/roundcube/config-paths-needed.json
View File

@@ -9,5 +9,6 @@
[ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ], [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
[ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ], [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
[ "selfprivacy", "passthru", "mailserver", "oauth-client-id" ], [ "selfprivacy", "passthru", "mailserver", "oauth-client-id" ],
[ "selfprivacy", "passthru", "mailserver", "oauth-client-secret-fp" ] [ "selfprivacy", "passthru", "mailserver", "oauth-client-secret-fp" ],
[ "selfprivacy", "sso", "enable" ]
] ]

7
sp-modules/roundcube/module.nix
View File

@@ -57,6 +57,13 @@ in
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (lib.mkMerge [
{ {
assertions = [
{
assertion = cfg.enableSso -> config.selfprivacy.sso.enable;
message =
"SSO cannot be enabled for Roundcube when SSO is disabled globally.";
}
];
services.roundcube = { services.roundcube = {
enable = true; enable = true;
# this is the url of the vhost, not necessarily the same as the fqdn of # this is the url of the vhost, not necessarily the same as the fqdn of

1
sp-modules/simple-nixos-mailserver/config-paths-needed.json
View File

@@ -15,6 +15,7 @@
[ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ], [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
[ "selfprivacy", "passthru", "roundcube", "oauth-client-id" ], [ "selfprivacy", "passthru", "roundcube", "oauth-client-id" ],
[ "selfprivacy", "passthru", "roundcube", "oauth-client-secret-fp" ], [ "selfprivacy", "passthru", "roundcube", "oauth-client-secret-fp" ],
[ "selfprivacy", "sso", "enable" ],
[ "selfprivacy", "useBinds" ], [ "selfprivacy", "useBinds" ],
[ "selfprivacy", "username" ], [ "selfprivacy", "username" ],
[ "selfprivacy", "users" ], [ "selfprivacy", "users" ],

9
sp-modules/simple-nixos-mailserver/config.nix
View File

@@ -71,6 +71,15 @@ let
in in
lib.mkIf sp.modules.simple-nixos-mailserver.enable (lib.mkMerge [ lib.mkIf sp.modules.simple-nixos-mailserver.enable (lib.mkMerge [
{ {
assertions = [
{
assertion =
config.selfprivacy.modules.simple-nixos-mailserver.enableSso
-> config.selfprivacy.sso.enable;
message =
"SSO cannot be enabled for Roundcube when SSO is disabled globally.";
}
];
fileSystems = lib.mkIf sp.useBinds fileSystems = lib.mkIf sp.useBinds
{ {
"/var/vmail" = { "/var/vmail" = {