thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SP modules do not depend on selfprivacy.modules.auth

Browse Source
This commit is contained in:
Alexander Tomokhov
2025-02-03 02:03:20 +04:00
parent ea443d2150
commit 65548a1e73
4 changed files with 322 additions and 336 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sp-modules/gitea/module.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, options, pkgs, ... }: { config, lib, pkgs, ... }:
let let
sp = config.selfprivacy; sp = config.selfprivacy;
stateDir = stateDir =
@@ -309,8 +309,6 @@ in
}; };
} }
# the following part is active only when "auth" module is enabled # the following part is active only when "auth" module is enabled
(lib.attrsets.optionalAttrs
(options.selfprivacy.modules ? "auth")
(lib.mkIf is-auth-enabled { (lib.mkIf is-auth-enabled {
services.forgejo.settings = { services.forgejo.settings = {
auth.DISABLE_LOGIN_FORM = true; auth.DISABLE_LOGIN_FORM = true;
@@ -355,7 +353,7 @@ in
--port '${toString auth-passthru.ldap-port}' \ --port '${toString auth-passthru.ldap-port}' \
--user-search-base '${auth-passthru.ldap-base-dn}' \ --user-search-base '${auth-passthru.ldap-base-dn}' \
--user-filter '(&(class=person)(memberof=${users-group})(name=%s))' \ --user-filter '(&(class=person)(memberof=${users-group})(name=%s))' \
--admin-filter '(&(class=person)(memberof=${admins-group}))' \ --admin-filter '(&(class=person)(memberof=${admins-group})' \
--username-attribute name \ --username-attribute name \
--firstname-attribute name \ --firstname-attribute name \
--surname-attribute displayname \ --surname-attribute displayname \
@@ -455,6 +453,5 @@ in
}; };
}; };
}) })
)
]); ]);
} }

8
sp-modules/nextcloud/module.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, options, pkgs, ... }: { config, lib, pkgs, ... }:
let let
inherit (import ./common.nix config) inherit (import ./common.nix config)
admin-pass-filepath admin-pass-filepath
@@ -276,8 +276,6 @@ in
}; };
} }
# the following part is active only when "auth" module is enabled # the following part is active only when "auth" module is enabled
(lib.attrsets.optionalAttrs
(options.selfprivacy.modules ? "auth")
(lib.mkIf is-auth-enabled { (lib.mkIf is-auth-enabled {
systemd.services.nextcloud-setup = { systemd.services.nextcloud-setup = {
path = [ pkgs.jq ]; path = [ pkgs.jq ];
@@ -325,7 +323,7 @@ in
${occ} ldap:set-config "$CONFIG_ID" 'ldapBaseUsers' '${auth-passthru.ldap-base-dn}' ${occ} ldap:set-config "$CONFIG_ID" 'ldapBaseUsers' '${auth-passthru.ldap-base-dn}'
${occ} ldap:set-config "$CONFIG_ID" 'ldapEmailAttribute' 'mail' ${occ} ldap:set-config "$CONFIG_ID" 'ldapEmailAttribute' 'mail'
${occ} ldap:set-config "$CONFIG_ID" 'ldapGroupFilter' \ ${occ} ldap:set-config "$CONFIG_ID" 'ldapGroupFilter' \
'(&(class=group)(${wildcard-group}))' '(&(class=group)(${wildcard-group})'
${occ} ldap:set-config "$CONFIG_ID" 'ldapGroupFilterGroups' \ ${occ} ldap:set-config "$CONFIG_ID" 'ldapGroupFilterGroups' \
'(&(class=group)(${wildcard-group}))' '(&(class=group)(${wildcard-group}))'
# ${occ} ldap:set-config "$CONFIG_ID" 'ldapGroupFilterObjectclass' \ # ${occ} ldap:set-config "$CONFIG_ID" 'ldapGroupFilterObjectclass' \
@@ -403,6 +401,6 @@ in
}; };
}; };
}; };
})) })
]); ]);
} }

5
sp-modules/roundcube/module.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, options, pkgs, ... }: { config, lib, pkgs, ... }:
let let
domain = config.selfprivacy.domain; domain = config.selfprivacy.domain;
cfg = config.selfprivacy.modules.roundcube; cfg = config.selfprivacy.modules.roundcube;
@@ -82,8 +82,6 @@ in
systemd.services.roundcube.after = [ "dovecot2.service" ]; systemd.services.roundcube.after = [ "dovecot2.service" ];
} }
# the following part is active only when "auth" module is enabled # the following part is active only when "auth" module is enabled
(lib.attrsets.optionalAttrs
(options.selfprivacy.modules ? "auth")
(lib.mkIf is-auth-enabled { (lib.mkIf is-auth-enabled {
# for phpfpm-roundcube to have access to get through /run/keys directory # for phpfpm-roundcube to have access to get through /run/keys directory
users.groups.keys.members = [ user ]; users.groups.keys.members = [ user ];
@@ -137,6 +135,5 @@ in
}; };
}; };
}) })
)
]); ]);
} }

14
sp-modules/simple-nixos-mailserver/config.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, options, pkgs, ... }@nixos-args: { config, lib, pkgs, ... }@nixos-args:
let let
sp = config.selfprivacy; sp = config.selfprivacy;
@@ -176,8 +176,6 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (lib.mkMerge [
}; };
} }
# the following parts are active only when "auth" module is enabled # the following parts are active only when "auth" module is enabled
(lib.attrsets.optionalAttrs
(options.selfprivacy.modules ? "auth")
(lib.mkIf is-auth-enabled { (lib.mkIf is-auth-enabled {
mailserver = { mailserver = {
extraVirtualAliases = lib.mkForce { }; extraVirtualAliases = lib.mkForce { };
@@ -207,11 +205,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (lib.mkMerge [
systemd.services.kanidm.serviceConfig.ExecStartPost = lib.mkAfter [ systemd.services.kanidm.serviceConfig.ExecStartPost = lib.mkAfter [
("-" + kanidmExecStartPostScript) ("-" + kanidmExecStartPostScript)
]; ];
})) })
(lib.attrsets.optionalAttrs (lib.mkIf is-auth-enabled (import ./auth-dovecot.nix nixos-args))
(options.selfprivacy.modules ? "auth") (lib.mkIf is-auth-enabled (import ./auth-postfix.nix nixos-args))
(lib.mkIf is-auth-enabled (import ./auth-dovecot.nix nixos-args)))
(lib.attrsets.optionalAttrs
(options.selfprivacy.modules ? "auth")
(lib.mkIf is-auth-enabled (import ./auth-postfix.nix nixos-args)))
]) ])