thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): debug and enable options

Browse Source
This commit is contained in:
Alexander Tomokhov
2024-12-28 20:52:50 +04:00
parent dd4a356ae7
commit bc8f998176
2 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sp-modules/auth/flake.nix
View File

@@ -37,9 +37,6 @@
./module.nix ./module.nix
]; ];
nixpkgs.overlays = [ self.overlays.default ]; nixpkgs.overlays = [ self.overlays.default ];
selfprivacy.modules.auth.enable = true;
selfprivacy.modules.auth.debug = false;
}; };
configPathsNeeded = configPathsNeeded =

16
sp-modules/auth/module.nix
View File

@@ -58,7 +58,8 @@ in
# nginx should proxy requests to it # nginx should proxy requests to it
bindaddress = kanidm-bind-address; bindaddress = kanidm-bind-address;
ldapbindaddress = "127.0.0.1:${toString passthru.ldap-port}"; ldapbindaddress =
"${passthru.ldap-host}:${toString passthru.ldap-port}";
# kanidm is behind a proxy # kanidm is behind a proxy
trust_x_forward_for = true; trust_x_forward_for = true;
@@ -81,7 +82,7 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
additionalModules = additionalModules =
lib.mkIf cfg.debug pkgs.nginxModules.lua; lib.mkIf cfg.debug [ pkgs.nginxModules.lua ];
commonHttpConfig = lib.mkIf cfg.debug '' commonHttpConfig = lib.mkIf cfg.debug ''
log_format kanidm escape=none '$request $status\n' log_format kanidm escape=none '$request $status\n'
'[Request body]: $request_body\n' '[Request body]: $request_body\n'
@@ -93,8 +94,6 @@ in
useACMEHost = domain; useACMEHost = domain;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
# be aware that such logging mechanism breaks Kanidm authentication
# (but authorization works)
extraConfig = lib.mkIf cfg.debug '' extraConfig = lib.mkIf cfg.debug ''
access_log /var/log/nginx/kanidm.log kanidm; access_log /var/log/nginx/kanidm.log kanidm;
@@ -106,12 +105,20 @@ in
header_filter_by_lua ' header_filter_by_lua '
local h = ngx.req.get_headers() local h = ngx.req.get_headers()
for k, v in pairs(h) do for k, v in pairs(h) do
if type(v) == "table" then
ngx.var.req_header = ngx.var.req_header .. k .. "=" .. table.concat(v, ", ") .. " "
else
ngx.var.req_header = ngx.var.req_header .. k .. "=" .. v .. " " ngx.var.req_header = ngx.var.req_header .. k .. "=" .. v .. " "
end end
end
local rh = ngx.resp.get_headers() local rh = ngx.resp.get_headers()
for k, v in pairs(rh) do for k, v in pairs(rh) do
if type(v) == "table" then
ngx.var.resp_header = ngx.var.resp_header .. k .. "=" .. table.concat(v, ", ") .. " "
else
ngx.var.resp_header = ngx.var.resp_header .. k .. "=" .. v .. " " ngx.var.resp_header = ngx.var.resp_header .. k .. "=" .. v .. " "
end end
end
'; ';
# log body # log body
@@ -144,6 +151,7 @@ in
"," ","
(x: "dc=" + x) (x: "dc=" + x)
(lib.strings.splitString "." domain); (lib.strings.splitString "." domain);
ldap-host = "127.0.0.1";
ldap-port = 3636; ldap-port = 3636;
}; };
}; };