thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add options: selfprivacy.sso.enable && selfprivacy.sso.debug

Browse Source 
selfprivacy.sso.enable is true by default.
This commit is contained in:
Alexander Tomokhov
2025-02-03 01:35:21 +04:00
parent 65548a1e73
commit 331fa63b33
6 changed files with 24 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
auth/auth.nix
View File

@@ -1,8 +1,8 @@
nixpkgs-2411: { config, lib, pkgs, ... }: nixpkgs-2411: { config, lib, pkgs, ... }:
let let
cfg = config.selfprivacy.modules.auth;
domain = config.selfprivacy.domain; domain = config.selfprivacy.domain;
auth-fqdn = cfg.subdomain + "." + domain; subdomain = "auth";
auth-fqdn = subdomain + "." + domain;
ldap-host = "127.0.0.1"; ldap-host = "127.0.0.1";
ldap-port = 3636; ldap-port = 3636;
@@ -46,37 +46,7 @@ let
lua_path = "${lua_core_path};${lua_lrucache_path};"; lua_path = "${lua_core_path};${lua_lrucache_path};";
in in
{ {
options.selfprivacy.modules.auth = { config = lib.mkIf config.selfprivacy.sso.enable {
enable = (lib.mkOption {
default = false;
type = lib.types.bool;
}) // {
meta = {
type = "enable";
};
};
subdomain = (lib.mkOption {
default = "auth";
type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
}) // {
meta = {
widget = "subdomain";
type = "string";
regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
weight = 0;
};
};
debug = (lib.mkOption {
default = false;
type = lib.types.bool;
}) // {
meta = {
type = "enable";
};
};
};
config = lib.mkIf cfg.enable {
nixpkgs.overlays = [ nixpkgs.overlays = [
( (
_final: prev: { _final: prev: {
@@ -132,7 +102,7 @@ in
# kanidm is behind a proxy # kanidm is behind a proxy
trust_x_forward_for = true; trust_x_forward_for = true;
log_level = if cfg.debug then "trace" else "info"; log_level = if config.selfprivacy.sso.debug then "trace" else "info";
}; };
provision = { provision = {
enable = true; enable = true;
@@ -151,8 +121,8 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
additionalModules = additionalModules =
lib.mkIf cfg.debug [ pkgs.nginxModules.lua ]; lib.mkIf config.selfprivacy.sso.debug [ pkgs.nginxModules.lua ];
commonHttpConfig = lib.mkIf cfg.debug '' commonHttpConfig = lib.mkIf config.selfprivacy.sso.debug ''
log_format kanidm escape=none '$request $status\n' log_format kanidm escape=none '$request $status\n'
'[Request body]: $request_body\n' '[Request body]: $request_body\n'
'[Header]: $resp_header\n' '[Header]: $resp_header\n'
@@ -163,7 +133,7 @@ in
useACMEHost = domain; useACMEHost = domain;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
extraConfig = lib.mkIf cfg.debug '' extraConfig = lib.mkIf config.selfprivacy.sso.debug ''
access_log /var/log/nginx/kanidm.log kanidm; access_log /var/log/nginx/kanidm.log kanidm;
lua_need_request_body on; lua_need_request_body on;

12
selfprivacy-module.nix
View File

@@ -34,6 +34,18 @@ with lib;
type = types.nullOr types.bool; type = types.nullOr types.bool;
}; };
}; };
sso = {
enable = mkOption {
description = "Enable SSO.";
default = true;
type = types.nullOr types.bool;
};
debug = mkOption {
description = "Enable debug for SSO.";
default = false;
type = types.nullOr types.bool;
};
};
stateVersion = mkOption { stateVersion = mkOption {
description = "State version of the server"; description = "State version of the server";
type = types.nullOr types.str; type = types.nullOr types.str;

2
sp-modules/gitea/module.nix
View File

@@ -14,7 +14,7 @@ let
"gitea-light" "gitea-light"
"gitea-dark" "gitea-dark"
]; ];
is-auth-enabled = cfg.enableSso; is-auth-enabled = cfg.enableSso && config.selfprivacy.sso.enable;
oauth-client-id = "forgejo"; oauth-client-id = "forgejo";
auth-passthru = config.selfprivacy.passthru.auth; auth-passthru = config.selfprivacy.passthru.auth;
oauth2-provider-name = auth-passthru.oauth2-provider-name; oauth2-provider-name = auth-passthru.oauth2-provider-name;

2
sp-modules/nextcloud/module.nix
View File

@@ -12,7 +12,7 @@ let
hostName = "${cfg.subdomain}.${sp.domain}"; hostName = "${cfg.subdomain}.${sp.domain}";
auth-passthru = config.selfprivacy.passthru.auth; auth-passthru = config.selfprivacy.passthru.auth;
cfg = sp.modules.nextcloud; cfg = sp.modules.nextcloud;
is-auth-enabled = cfg.enableSso; is-auth-enabled = cfg.enableSso && config.selfprivacy.sso.enable;
ldap_scheme_and_host = "ldaps://${auth-passthru.ldap-host}"; ldap_scheme_and_host = "ldaps://${auth-passthru.ldap-host}";
occ = "${config.services.nextcloud.occ}/bin/nextcloud-occ"; occ = "${config.services.nextcloud.occ}/bin/nextcloud-occ";

2
sp-modules/roundcube/module.nix
View File

@@ -2,7 +2,7 @@
let let
domain = config.selfprivacy.domain; domain = config.selfprivacy.domain;
cfg = config.selfprivacy.modules.roundcube; cfg = config.selfprivacy.modules.roundcube;
is-auth-enabled = cfg.enableSso; is-auth-enabled = cfg.enableSso && config.selfprivacy.sso.enable;
auth-passthru = config.selfprivacy.passthru.auth; auth-passthru = config.selfprivacy.passthru.auth;
auth-fqdn = auth-passthru.auth-fqdn; auth-fqdn = auth-passthru.auth-fqdn;
sp-module-name = "roundcube"; sp-module-name = "roundcube";

3
sp-modules/simple-nixos-mailserver/common.nix
View File

@@ -4,7 +4,8 @@ rec {
domain = config.selfprivacy.domain; domain = config.selfprivacy.domain;
group = "dovecot2"; group = "dovecot2";
is-auth-enabled = is-auth-enabled =
config.selfprivacy.modules.simple-nixos-mailserver.enableSso; config.selfprivacy.modules.simple-nixos-mailserver.enableSso
&& config.selfprivacy.sso.enable;
appendSetting = appendSetting =
{ name, file, prefix, suffix ? "", passwordFile, destination }: { name, file, prefix, suffix ? "", passwordFile, destination }: