From ee2e404eb81087b70822bdd56d1e2a00d67cda65 Mon Sep 17 00:00:00 2001
From: Alexander Tomokhov <alexoundos@selfprivacy.org>
Date: Mon, 3 Feb 2025 00:57:08 +0400
Subject: [PATCH] passthru.selfprivacy -> selfprivacy.passthru

---
 auth/auth.nix                                 |  8 +-------
 sp-modules/gitea/config-paths-needed.json     | 18 ++++++++---------
 sp-modules/gitea/module.nix                   |  2 +-
 sp-modules/nextcloud/config-paths-needed.json | 16 +++++++--------
 sp-modules/nextcloud/module.nix               |  2 +-
 sp-modules/roundcube/config-paths-needed.json | 10 +++++-----
 sp-modules/roundcube/module.nix               |  2 +-
 sp-modules/simple-nixos-mailserver/common.nix |  2 +-
 .../config-paths-needed.json                  | 20 +++++++++----------
 9 files changed, 37 insertions(+), 43 deletions(-)

diff --git a/auth/auth.nix b/auth/auth.nix
index 22923ee..cee1a2a 100644
--- a/auth/auth.nix
+++ b/auth/auth.nix
@@ -4,12 +4,6 @@ let
   domain = config.selfprivacy.domain;
   auth-fqdn = cfg.subdomain + "." + domain;
 
-  # e.g. "dc=mydomain,dc=com"
-  ldap-base-dn =
-    lib.strings.concatMapStringsSep
-      ","
-      (x: "dc=" + x)
-      (lib.strings.splitString "." domain);
   ldap-host = "127.0.0.1";
   ldap-port = 3636;
 
@@ -214,7 +208,7 @@ in
     systemd.services.kanidm.serviceConfig.ExecStartPost = lib.mkAfter
       [ spApiUserExecStartPostScript ];
 
-    passthru.selfprivacy.auth = {
+    selfprivacy.passthru.auth = {
       inherit
         admins-group
         auth-fqdn
diff --git a/sp-modules/gitea/config-paths-needed.json b/sp-modules/gitea/config-paths-needed.json
index b681d62..b22677e 100644
--- a/sp-modules/gitea/config-paths-needed.json
+++ b/sp-modules/gitea/config-paths-needed.json
@@ -1,16 +1,16 @@
 [
-  [ "passthru", "selfprivacy", "auth", "admins-group" ],
-  [ "passthru", "selfprivacy", "auth", "auth-fqdn" ],
-  [ "passthru", "selfprivacy", "auth", "full-users-group" ],
-  [ "passthru", "selfprivacy", "auth", "ldap-base-dn" ],
-  [ "passthru", "selfprivacy", "auth", "ldap-host" ],
-  [ "passthru", "selfprivacy", "auth", "ldap-port" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-discovery-url" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-provider-name" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-systemd-service" ],
   [ "selfprivacy", "domain" ],
   [ "selfprivacy", "modules", "auth", "enable" ],
   [ "selfprivacy", "modules", "gitea" ],
+  [ "selfprivacy", "passthru", "auth", "admins-group" ],
+  [ "selfprivacy", "passthru", "auth", "auth-fqdn" ],
+  [ "selfprivacy", "passthru", "auth", "full-users-group" ],
+  [ "selfprivacy", "passthru", "auth", "ldap-base-dn" ],
+  [ "selfprivacy", "passthru", "auth", "ldap-host" ],
+  [ "selfprivacy", "passthru", "auth", "ldap-port" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
   [ "selfprivacy", "useBinds" ],
   [ "services", "forgejo", "group" ],
   [ "services", "forgejo", "package" ]
diff --git a/sp-modules/gitea/module.nix b/sp-modules/gitea/module.nix
index 062c470..7b32b1f 100644
--- a/sp-modules/gitea/module.nix
+++ b/sp-modules/gitea/module.nix
@@ -16,7 +16,7 @@ let
   ];
   is-auth-enabled = cfg.enableSso;
   oauth-client-id = "forgejo";
-  auth-passthru = config.passthru.selfprivacy.auth;
+  auth-passthru = config.selfprivacy.passthru.auth;
   oauth2-provider-name = auth-passthru.oauth2-provider-name;
   redirect-uri =
     "https://${cfg.subdomain}.${sp.domain}/user/oauth2/${oauth2-provider-name}/callback";
diff --git a/sp-modules/nextcloud/config-paths-needed.json b/sp-modules/nextcloud/config-paths-needed.json
index a263bbd..979bf4e 100644
--- a/sp-modules/nextcloud/config-paths-needed.json
+++ b/sp-modules/nextcloud/config-paths-needed.json
@@ -1,16 +1,16 @@
 [
-  [ "passthru", "selfprivacy", "auth", "admins-group" ],
-  [ "passthru", "selfprivacy", "auth", "full-users-group" ],
-  [ "passthru", "selfprivacy", "auth", "ldap-base-dn" ],
-  [ "passthru", "selfprivacy", "auth", "ldap-host" ],
-  [ "passthru", "selfprivacy", "auth", "ldap-port" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-discovery-url" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-provider-name" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-systemd-service" ],
   [ "security", "acme", "certs" ],
   [ "selfprivacy", "domain" ],
   [ "selfprivacy", "modules", "auth", "enable" ],
   [ "selfprivacy", "modules", "nextcloud" ],
+  [ "selfprivacy", "passthru", "auth", "admins-group" ],
+  [ "selfprivacy", "passthru", "auth", "full-users-group" ],
+  [ "selfprivacy", "passthru", "auth", "ldap-base-dn" ],
+  [ "selfprivacy", "passthru", "auth", "ldap-host" ],
+  [ "selfprivacy", "passthru", "auth", "ldap-port" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
   [ "selfprivacy", "useBinds" ],
   [ "services", "nextcloud" ],
   [ "services", "phpfpm", "pools", "nextcloud", "group" ],
diff --git a/sp-modules/nextcloud/module.nix b/sp-modules/nextcloud/module.nix
index 2478dfa..7919e07 100644
--- a/sp-modules/nextcloud/module.nix
+++ b/sp-modules/nextcloud/module.nix
@@ -10,7 +10,7 @@ let
     ;
 
   hostName = "${cfg.subdomain}.${sp.domain}";
-  auth-passthru = config.passthru.selfprivacy.auth;
+  auth-passthru = config.selfprivacy.passthru.auth;
   cfg = sp.modules.nextcloud;
   is-auth-enabled = cfg.enableSso;
   ldap_scheme_and_host = "ldaps://${auth-passthru.ldap-host}";
diff --git a/sp-modules/roundcube/config-paths-needed.json b/sp-modules/roundcube/config-paths-needed.json
index a759840..a545298 100644
--- a/sp-modules/roundcube/config-paths-needed.json
+++ b/sp-modules/roundcube/config-paths-needed.json
@@ -1,13 +1,13 @@
 [
   [ "mailserver", "fqdn" ],
-  [ "passthru", "selfprivacy", "auth", "admins-group" ],
-  [ "passthru", "selfprivacy", "auth", "auth-fqdn" ],
-  [ "passthru", "selfprivacy", "auth", "full-users-group" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-provider-name" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-systemd-service" ],
   [ "selfprivacy", "domain" ],
   [ "selfprivacy", "modules", "auth" ],
   [ "selfprivacy", "modules", "roundcube" ],
+  [ "selfprivacy", "passthru", "auth", "admins-group" ],
+  [ "selfprivacy", "passthru", "auth", "auth-fqdn" ],
+  [ "selfprivacy", "passthru", "auth", "full-users-group" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
   [ "selfprivacy", "passthru", "mailserver", "oauth-client-id" ],
   [ "selfprivacy", "passthru", "mailserver", "oauth-client-secret-fp" ]
 ]
diff --git a/sp-modules/roundcube/module.nix b/sp-modules/roundcube/module.nix
index dea1b29..8c201d1 100644
--- a/sp-modules/roundcube/module.nix
+++ b/sp-modules/roundcube/module.nix
@@ -3,7 +3,7 @@ let
   domain = config.selfprivacy.domain;
   cfg = config.selfprivacy.modules.roundcube;
   is-auth-enabled = cfg.enableSso;
-  auth-passthru = config.passthru.selfprivacy.auth;
+  auth-passthru = config.selfprivacy.passthru.auth;
   auth-fqdn = auth-passthru.auth-fqdn;
   sp-module-name = "roundcube";
   user = "roundcube";
diff --git a/sp-modules/simple-nixos-mailserver/common.nix b/sp-modules/simple-nixos-mailserver/common.nix
index 9ac427d..5f21e92 100644
--- a/sp-modules/simple-nixos-mailserver/common.nix
+++ b/sp-modules/simple-nixos-mailserver/common.nix
@@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 rec {
-  auth-passthru = config.passthru.selfprivacy.auth;
+  auth-passthru = config.selfprivacy.passthru.auth;
   domain = config.selfprivacy.domain;
   group = "dovecot2";
   is-auth-enabled =
diff --git a/sp-modules/simple-nixos-mailserver/config-paths-needed.json b/sp-modules/simple-nixos-mailserver/config-paths-needed.json
index bb0c127..2229673 100644
--- a/sp-modules/simple-nixos-mailserver/config-paths-needed.json
+++ b/sp-modules/simple-nixos-mailserver/config-paths-needed.json
@@ -1,20 +1,20 @@
 [
   [ "mailserver" ],
-  [ "passthru", "selfprivacy", "auth", "admins-group" ],
-  [ "passthru", "selfprivacy", "auth", "full-users-group" ],
-  [ "passthru", "selfprivacy", "auth", "ldap-base-dn" ],
-  [ "passthru", "selfprivacy", "auth", "ldap-port" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-discovery-url" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-introspection-url-postfix" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-introspection-url-prefix" ],
-  [ "passthru", "selfprivacy", "auth", "oauth2-systemd-service" ],
-  [ "passthru", "selfprivacy", "roundcube", "oauth-client-id" ],
-  [ "passthru", "selfprivacy", "roundcube", "oauth-client-secret-fp" ],
   [ "security", "acme", "certs" ],
   [ "selfprivacy", "domain" ],
   [ "selfprivacy", "hashedMasterPassword" ],
   [ "selfprivacy", "modules", "auth", "enable" ],
   [ "selfprivacy", "modules", "simple-nixos-mailserver" ],
+  [ "selfprivacy", "passthru", "auth", "admins-group" ],
+  [ "selfprivacy", "passthru", "auth", "full-users-group" ],
+  [ "selfprivacy", "passthru", "auth", "ldap-base-dn" ],
+  [ "selfprivacy", "passthru", "auth", "ldap-port" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-introspection-url-postfix" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-introspection-url-prefix" ],
+  [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
+  [ "selfprivacy", "passthru", "roundcube", "oauth-client-id" ],
+  [ "selfprivacy", "passthru", "roundcube", "oauth-client-secret-fp" ],
   [ "selfprivacy", "useBinds" ],
   [ "selfprivacy", "username" ],
   [ "selfprivacy", "users" ],