thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SP modules do not depend on selfprivacy.modules.auth

Browse Source
This commit is contained in:
Alexander Tomokhov
2025-02-03 02:03:20 +04:00
parent ea443d2150
commit 65548a1e73
4 changed files with 322 additions and 336 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sp-modules/gitea/module.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, options, pkgs, ... }:
{ config, lib, pkgs, ... }:
let
sp = config.selfprivacy;
stateDir =
@@ -309,8 +309,6 @@ in
};
}
# the following part is active only when "auth" module is enabled
(lib.attrsets.optionalAttrs
(options.selfprivacy.modules ? "auth")
(lib.mkIf is-auth-enabled {
services.forgejo.settings = {
auth.DISABLE_LOGIN_FORM = true;
@@ -355,7 +353,7 @@ in
--port '${toString auth-passthru.ldap-port}' \
--user-search-base '${auth-passthru.ldap-base-dn}' \
--user-filter '(&(class=person)(memberof=${users-group})(name=%s))' \
--admin-filter '(&(class=person)(memberof=${admins-group}))' \
--admin-filter '(&(class=person)(memberof=${admins-group})' \
--username-attribute name \
--firstname-attribute name \
--surname-attribute displayname \
@@ -455,6 +453,5 @@ in
};
};
})
)
]);
}

8
sp-modules/nextcloud/module.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, options, pkgs, ... }:
{ config, lib, pkgs, ... }:
let
inherit (import ./common.nix config)
admin-pass-filepath
@@ -276,8 +276,6 @@ in
};
}
# the following part is active only when "auth" module is enabled
(lib.attrsets.optionalAttrs
(options.selfprivacy.modules ? "auth")
(lib.mkIf is-auth-enabled {
systemd.services.nextcloud-setup = {
path = [ pkgs.jq ];
@@ -325,7 +323,7 @@ in
${occ} ldap:set-config "$CONFIG_ID" 'ldapBaseUsers' '${auth-passthru.ldap-base-dn}'
${occ} ldap:set-config "$CONFIG_ID" 'ldapEmailAttribute' 'mail'
${occ} ldap:set-config "$CONFIG_ID" 'ldapGroupFilter' \
'(&(class=group)(${wildcard-group}))'
'(&(class=group)(${wildcard-group})'
${occ} ldap:set-config "$CONFIG_ID" 'ldapGroupFilterGroups' \
'(&(class=group)(${wildcard-group}))'
# ${occ} ldap:set-config "$CONFIG_ID" 'ldapGroupFilterObjectclass' \
@@ -403,6 +401,6 @@ in
};
};
};
}))
})
]);
}

5
sp-modules/roundcube/module.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, options, pkgs, ... }:
{ config, lib, pkgs, ... }:
let
domain = config.selfprivacy.domain;
cfg = config.selfprivacy.modules.roundcube;
@@ -82,8 +82,6 @@ in
systemd.services.roundcube.after = [ "dovecot2.service" ];
}
# the following part is active only when "auth" module is enabled
(lib.attrsets.optionalAttrs
(options.selfprivacy.modules ? "auth")
(lib.mkIf is-auth-enabled {
# for phpfpm-roundcube to have access to get through /run/keys directory
users.groups.keys.members = [ user ];
@@ -137,6 +135,5 @@ in
};
};
})
)
]);
}

14
sp-modules/simple-nixos-mailserver/config.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, options, pkgs, ... }@nixos-args:
{ config, lib, pkgs, ... }@nixos-args:
let
sp = config.selfprivacy;
@@ -176,8 +176,6 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (lib.mkMerge [
};
}
# the following parts are active only when "auth" module is enabled
(lib.attrsets.optionalAttrs
(options.selfprivacy.modules ? "auth")
(lib.mkIf is-auth-enabled {
mailserver = {
extraVirtualAliases = lib.mkForce { };
@@ -207,11 +205,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (lib.mkMerge [
systemd.services.kanidm.serviceConfig.ExecStartPost = lib.mkAfter [
("-" + kanidmExecStartPostScript)
];
}))
(lib.attrsets.optionalAttrs
(options.selfprivacy.modules ? "auth")
(lib.mkIf is-auth-enabled (import ./auth-dovecot.nix nixos-args)))
(lib.attrsets.optionalAttrs
(options.selfprivacy.modules ? "auth")
(lib.mkIf is-auth-enabled (import ./auth-postfix.nix nixos-args)))
})
(lib.mkIf is-auth-enabled (import ./auth-dovecot.nix nixos-args))
(lib.mkIf is-auth-enabled (import ./auth-postfix.nix nixos-args))
])