thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

auth: sp.full_users group

Browse Source
This commit is contained in:
Alexander Tomokhov
2025-01-25 01:24:28 +04:00
parent d8d1a1e86f
commit d008fbcc17
4 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sp-modules/auth/module.nix
View File

@@ -98,6 +98,7 @@ in
enable = true; enable = true;
autoRemove = true; # if false, obsolete oauth2 scopeMaps remain autoRemove = true; # if false, obsolete oauth2 scopeMaps remain
groups."sp.admins".present = true; groups."sp.admins".present = true;
groups.${passthru.full-users-group}.present = true;
}; };
enableClient = true; enableClient = true;
clientSettings = { clientSettings = {
@@ -184,6 +185,8 @@ in
(lib.strings.splitString "." domain); (lib.strings.splitString "." domain);
ldap-host = "127.0.0.1"; ldap-host = "127.0.0.1";
ldap-port = 3636; ldap-port = 3636;
full-users-group = "sp.full_users";
}; };
}; };
} }

3
sp-modules/gitea/module.nix
View File

@@ -414,7 +414,8 @@ in
services.kanidm.provision = { services.kanidm.provision = {
groups = { groups = {
"${admins-group}".members = [ "sp.admins" ]; "${admins-group}".members = [ "sp.admins" ];
"${users-group}".members = [ admins-group ]; "${users-group}".members =
[ admins-group auth-passthru.full-users-group ];
}; };
systems.oauth2.forgejo = { systems.oauth2.forgejo = {
displayName = "Forgejo"; displayName = "Forgejo";

3
sp-modules/nextcloud/module.nix
View File

@@ -383,7 +383,8 @@ in
services.kanidm.provision = { services.kanidm.provision = {
groups = { groups = {
"${admins-group}".members = [ "sp.admins" ]; "${admins-group}".members = [ "sp.admins" ];
"${users-group}".members = [ admins-group ]; "${users-group}".members =
[ admins-group auth-passthru.full-users-group ];
}; };
systems.oauth2.${oauth-client-id} = { systems.oauth2.${oauth-client-id} = {
displayName = "Nextcloud"; displayName = "Nextcloud";

3
sp-modules/roundcube/module.nix
View File

@@ -102,7 +102,8 @@ in
services.kanidm.provision = { services.kanidm.provision = {
groups = { groups = {
"sp.roundcube.admins".members = [ "sp.admins" ]; "sp.roundcube.admins".members = [ "sp.admins" ];
"sp.roundcube.users".members = [ "sp.roundcube.admins" ]; "sp.roundcube.users".members =
[ "sp.roundcube.admins" auth-passthru.full-users-group ];
}; };
systems.oauth2.roundcube = { systems.oauth2.roundcube = {
displayName = "Roundcube"; displayName = "Roundcube";