thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

passthru.selfprivacy -> selfprivacy.passthru

Browse Source
This commit is contained in:
Alexander Tomokhov
2025-02-03 00:57:08 +04:00
parent 365e01a4e3
commit ee2e404eb8
9 changed files with 37 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
auth/auth.nix
View File

@@ -4,12 +4,6 @@ let
domain = config.selfprivacy.domain; domain = config.selfprivacy.domain;
auth-fqdn = cfg.subdomain + "." + domain; auth-fqdn = cfg.subdomain + "." + domain;
# e.g. "dc=mydomain,dc=com"
ldap-base-dn =
lib.strings.concatMapStringsSep
","
(x: "dc=" + x)
(lib.strings.splitString "." domain);
ldap-host = "127.0.0.1"; ldap-host = "127.0.0.1";
ldap-port = 3636; ldap-port = 3636;
@@ -214,7 +208,7 @@ in
systemd.services.kanidm.serviceConfig.ExecStartPost = lib.mkAfter systemd.services.kanidm.serviceConfig.ExecStartPost = lib.mkAfter
[ spApiUserExecStartPostScript ]; [ spApiUserExecStartPostScript ];
passthru.selfprivacy.auth = { selfprivacy.passthru.auth = {
inherit inherit
admins-group admins-group
auth-fqdn auth-fqdn

18
sp-modules/gitea/config-paths-needed.json
View File

@@ -1,16 +1,16 @@
[ [
[ "passthru", "selfprivacy", "auth", "admins-group" ],
[ "passthru", "selfprivacy", "auth", "auth-fqdn" ],
[ "passthru", "selfprivacy", "auth", "full-users-group" ],
[ "passthru", "selfprivacy", "auth", "ldap-base-dn" ],
[ "passthru", "selfprivacy", "auth", "ldap-host" ],
[ "passthru", "selfprivacy", "auth", "ldap-port" ],
[ "passthru", "selfprivacy", "auth", "oauth2-discovery-url" ],
[ "passthru", "selfprivacy", "auth", "oauth2-provider-name" ],
[ "passthru", "selfprivacy", "auth", "oauth2-systemd-service" ],
[ "selfprivacy", "domain" ], [ "selfprivacy", "domain" ],
[ "selfprivacy", "modules", "auth", "enable" ], [ "selfprivacy", "modules", "auth", "enable" ],
[ "selfprivacy", "modules", "gitea" ], [ "selfprivacy", "modules", "gitea" ],
[ "selfprivacy", "passthru", "auth", "admins-group" ],
[ "selfprivacy", "passthru", "auth", "auth-fqdn" ],
[ "selfprivacy", "passthru", "auth", "full-users-group" ],
[ "selfprivacy", "passthru", "auth", "ldap-base-dn" ],
[ "selfprivacy", "passthru", "auth", "ldap-host" ],
[ "selfprivacy", "passthru", "auth", "ldap-port" ],
[ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
[ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
[ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
[ "selfprivacy", "useBinds" ], [ "selfprivacy", "useBinds" ],
[ "services", "forgejo", "group" ], [ "services", "forgejo", "group" ],
[ "services", "forgejo", "package" ] [ "services", "forgejo", "package" ]

2
sp-modules/gitea/module.nix
View File

@@ -16,7 +16,7 @@ let
]; ];
is-auth-enabled = cfg.enableSso; is-auth-enabled = cfg.enableSso;
oauth-client-id = "forgejo"; oauth-client-id = "forgejo";
auth-passthru = config.passthru.selfprivacy.auth; auth-passthru = config.selfprivacy.passthru.auth;
oauth2-provider-name = auth-passthru.oauth2-provider-name; oauth2-provider-name = auth-passthru.oauth2-provider-name;
redirect-uri = redirect-uri =
"https://${cfg.subdomain}.${sp.domain}/user/oauth2/${oauth2-provider-name}/callback"; "https://${cfg.subdomain}.${sp.domain}/user/oauth2/${oauth2-provider-name}/callback";

16
sp-modules/nextcloud/config-paths-needed.json
View File

@@ -1,16 +1,16 @@
[ [
[ "passthru", "selfprivacy", "auth", "admins-group" ],
[ "passthru", "selfprivacy", "auth", "full-users-group" ],
[ "passthru", "selfprivacy", "auth", "ldap-base-dn" ],
[ "passthru", "selfprivacy", "auth", "ldap-host" ],
[ "passthru", "selfprivacy", "auth", "ldap-port" ],
[ "passthru", "selfprivacy", "auth", "oauth2-discovery-url" ],
[ "passthru", "selfprivacy", "auth", "oauth2-provider-name" ],
[ "passthru", "selfprivacy", "auth", "oauth2-systemd-service" ],
[ "security", "acme", "certs" ], [ "security", "acme", "certs" ],
[ "selfprivacy", "domain" ], [ "selfprivacy", "domain" ],
[ "selfprivacy", "modules", "auth", "enable" ], [ "selfprivacy", "modules", "auth", "enable" ],
[ "selfprivacy", "modules", "nextcloud" ], [ "selfprivacy", "modules", "nextcloud" ],
[ "selfprivacy", "passthru", "auth", "admins-group" ],
[ "selfprivacy", "passthru", "auth", "full-users-group" ],
[ "selfprivacy", "passthru", "auth", "ldap-base-dn" ],
[ "selfprivacy", "passthru", "auth", "ldap-host" ],
[ "selfprivacy", "passthru", "auth", "ldap-port" ],
[ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
[ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
[ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
[ "selfprivacy", "useBinds" ], [ "selfprivacy", "useBinds" ],
[ "services", "nextcloud" ], [ "services", "nextcloud" ],
[ "services", "phpfpm", "pools", "nextcloud", "group" ], [ "services", "phpfpm", "pools", "nextcloud", "group" ],

2
sp-modules/nextcloud/module.nix
View File

@@ -10,7 +10,7 @@ let
; ;
hostName = "${cfg.subdomain}.${sp.domain}"; hostName = "${cfg.subdomain}.${sp.domain}";
auth-passthru = config.passthru.selfprivacy.auth; auth-passthru = config.selfprivacy.passthru.auth;
cfg = sp.modules.nextcloud; cfg = sp.modules.nextcloud;
is-auth-enabled = cfg.enableSso; is-auth-enabled = cfg.enableSso;
ldap_scheme_and_host = "ldaps://${auth-passthru.ldap-host}"; ldap_scheme_and_host = "ldaps://${auth-passthru.ldap-host}";

10
sp-modules/roundcube/config-paths-needed.json
View File

@@ -1,13 +1,13 @@
[ [
[ "mailserver", "fqdn" ], [ "mailserver", "fqdn" ],
[ "passthru", "selfprivacy", "auth", "admins-group" ],
[ "passthru", "selfprivacy", "auth", "auth-fqdn" ],
[ "passthru", "selfprivacy", "auth", "full-users-group" ],
[ "passthru", "selfprivacy", "auth", "oauth2-provider-name" ],
[ "passthru", "selfprivacy", "auth", "oauth2-systemd-service" ],
[ "selfprivacy", "domain" ], [ "selfprivacy", "domain" ],
[ "selfprivacy", "modules", "auth" ], [ "selfprivacy", "modules", "auth" ],
[ "selfprivacy", "modules", "roundcube" ], [ "selfprivacy", "modules", "roundcube" ],
[ "selfprivacy", "passthru", "auth", "admins-group" ],
[ "selfprivacy", "passthru", "auth", "auth-fqdn" ],
[ "selfprivacy", "passthru", "auth", "full-users-group" ],
[ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
[ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
[ "selfprivacy", "passthru", "mailserver", "oauth-client-id" ], [ "selfprivacy", "passthru", "mailserver", "oauth-client-id" ],
[ "selfprivacy", "passthru", "mailserver", "oauth-client-secret-fp" ] [ "selfprivacy", "passthru", "mailserver", "oauth-client-secret-fp" ]
] ]

2
sp-modules/roundcube/module.nix
View File

@@ -3,7 +3,7 @@ let
domain = config.selfprivacy.domain; domain = config.selfprivacy.domain;
cfg = config.selfprivacy.modules.roundcube; cfg = config.selfprivacy.modules.roundcube;
is-auth-enabled = cfg.enableSso; is-auth-enabled = cfg.enableSso;
auth-passthru = config.passthru.selfprivacy.auth; auth-passthru = config.selfprivacy.passthru.auth;
auth-fqdn = auth-passthru.auth-fqdn; auth-fqdn = auth-passthru.auth-fqdn;
sp-module-name = "roundcube"; sp-module-name = "roundcube";
user = "roundcube"; user = "roundcube";

2
sp-modules/simple-nixos-mailserver/common.nix
View File

@@ -1,6 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
rec { rec {
auth-passthru = config.passthru.selfprivacy.auth; auth-passthru = config.selfprivacy.passthru.auth;
domain = config.selfprivacy.domain; domain = config.selfprivacy.domain;
group = "dovecot2"; group = "dovecot2";
is-auth-enabled = is-auth-enabled =

20
sp-modules/simple-nixos-mailserver/config-paths-needed.json
View File

@@ -1,20 +1,20 @@
[ [
[ "mailserver" ], [ "mailserver" ],
[ "passthru", "selfprivacy", "auth", "admins-group" ],
[ "passthru", "selfprivacy", "auth", "full-users-group" ],
[ "passthru", "selfprivacy", "auth", "ldap-base-dn" ],
[ "passthru", "selfprivacy", "auth", "ldap-port" ],
[ "passthru", "selfprivacy", "auth", "oauth2-discovery-url" ],
[ "passthru", "selfprivacy", "auth", "oauth2-introspection-url-postfix" ],
[ "passthru", "selfprivacy", "auth", "oauth2-introspection-url-prefix" ],
[ "passthru", "selfprivacy", "auth", "oauth2-systemd-service" ],
[ "passthru", "selfprivacy", "roundcube", "oauth-client-id" ],
[ "passthru", "selfprivacy", "roundcube", "oauth-client-secret-fp" ],
[ "security", "acme", "certs" ], [ "security", "acme", "certs" ],
[ "selfprivacy", "domain" ], [ "selfprivacy", "domain" ],
[ "selfprivacy", "hashedMasterPassword" ], [ "selfprivacy", "hashedMasterPassword" ],
[ "selfprivacy", "modules", "auth", "enable" ], [ "selfprivacy", "modules", "auth", "enable" ],
[ "selfprivacy", "modules", "simple-nixos-mailserver" ], [ "selfprivacy", "modules", "simple-nixos-mailserver" ],
[ "selfprivacy", "passthru", "auth", "admins-group" ],
[ "selfprivacy", "passthru", "auth", "full-users-group" ],
[ "selfprivacy", "passthru", "auth", "ldap-base-dn" ],
[ "selfprivacy", "passthru", "auth", "ldap-port" ],
[ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
[ "selfprivacy", "passthru", "auth", "oauth2-introspection-url-postfix" ],
[ "selfprivacy", "passthru", "auth", "oauth2-introspection-url-prefix" ],
[ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
[ "selfprivacy", "passthru", "roundcube", "oauth-client-id" ],
[ "selfprivacy", "passthru", "roundcube", "oauth-client-secret-fp" ],
[ "selfprivacy", "useBinds" ], [ "selfprivacy", "useBinds" ],
[ "selfprivacy", "username" ], [ "selfprivacy", "username" ],
[ "selfprivacy", "users" ], [ "selfprivacy", "users" ],