thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

auth: remove possibility to use kanidm 1.4.6

Browse Source
This commit is contained in:
Alexander Tomokhov
2025-04-22 17:34:30 +04:00
parent 9f5ace5258
commit 8a79551743
4 changed files with 9 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
auth/kanidm-provision.nix
View File

@@ -1,52 +0,0 @@
{
lib,
rustPlatform,
fetchFromGitHub,
yq,
versionCheckHook,
nix-update-script,
nixosTests,
}:
rustPlatform.buildRustPackage rec {
pname = "kanidm-provision";
version = "1.2.0";
src = fetchFromGitHub {
owner = "oddlama";
repo = "kanidm-provision";
tag = "v${version}";
hash = "sha256-+NQJEAJ0DqKEV1cYZN7CLzGoBJNUL3SQAMmxRQG5DMI=";
};
postPatch = ''
tomlq -ti '.package.version = "${version}"' Cargo.toml
'';
useFetchCargoVendor = true;
cargoHash = "sha256-uo/TGyfNChq/t6Dah0HhXhAwktyQk0V/wewezZuftNk=";
nativeBuildInputs = [
yq # for `tomlq`
];
nativeInstallCheckInputs = [ versionCheckHook ];
versionCheckProgramArg = "--version";
doInstallCheck = true;
passthru = {
tests = { inherit (nixosTests) kanidm-provisioning; };
updateScript = nix-update-script { };
};
meta = {
description = "A small utility to help with kanidm provisioning";
homepage = "https://github.com/oddlama/kanidm-provision";
license = with lib.licenses; [
asl20
mit
];
maintainers = with lib.maintainers; [ oddlama ];
mainProgram = "kanidm-provision";
};
}

17
flake.lock generated
View File

@@ -31,27 +31,10 @@
"type": "github"
}
},
"nixpkgs-2411": {
"locked": {
"lastModified": 1738435198,
"narHash": "sha256-5+Hmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f6687779bf4c396250831aa5a32cbfeb85bb07a3",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f6687779bf4c396250831aa5a32cbfeb85bb07a3",
"type": "github"
}
},
"root": {
"inputs": {
"nixos-unstable": "nixos-unstable",
"nixpkgs": "nixpkgs",
"nixpkgs-2411": "nixpkgs-2411",
"selfprivacy-api": "selfprivacy-api"
}
},

31
flake.nix
View File

@@ -3,7 +3,6 @@
inputs = {
nixpkgs.url = github:nixos/nixpkgs;
nixpkgs-2411.url = github:nixos/nixpkgs/f6687779bf4c396250831aa5a32cbfeb85bb07a3;
nixos-unstable.url = github:nixos/nixpkgs/nixos-unstable;
selfprivacy-api.url =
@@ -12,7 +11,7 @@
selfprivacy-api.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, nixpkgs-2411, nixos-unstable, selfprivacy-api }: {
outputs = { self, nixpkgs, nixos-unstable, selfprivacy-api }: {
nixosConfigurations-fun =
{ hardware-configuration
, deployment
@@ -27,33 +26,21 @@
deployment
./configuration.nix
./auth/auth.nix
({ config, ... }: {
{
nixpkgs.overlays = [
(
_final: prev:
let
pkgs2411 =
nixpkgs-2411.legacyPackages.${prev.system};
pkgs-unstable =
nixos-unstable.legacyPackages.${prev.system};
in
if config.selfprivacy.sso.useKanidm_1_4 or false
then
{
inherit (pkgs2411) kanidm;
kanidm-provision =
pkgs2411.callPackage ./auth/kanidm-provision.nix { };
}
else
{
inherit (pkgs-unstable) kanidm kanidm-provision;
}
{
inherit (nixos-unstable.legacyPackages.${prev.system})
kanidm
kanidm-provision
;
}
)
];
disabledModules = [ "services/security/kanidm.nix" ];
imports = [ ./auth/kanidm.nix ];
})
}
selfprivacy-api.nixosModules.default
({ pkgs, lib, ... }: {
environment.etc = (lib.attrsets.mapAttrs'

5
selfprivacy-module.nix
View File

@@ -45,11 +45,6 @@ with lib;
default = false;
type = types.nullOr types.bool;
};
useKanidm_1_4 = mkOption {
description = "Whether to use Kanidm v1.4 (instead of upstream).";
default = false;
type = types.bool;
};
};
stateVersion = mkOption {
description = "State version of the server";