thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
467 Commits 1 Branch 0 Tags
744ba8f03c186f1577ab77ab03035a22f46ba509
Commit Graph

160 Commits

Author SHA1 Message Date
nhnn
c12025a5de fix: disable updates 2025-05-01 16:10:41 +03:00
nhnn
c9a50cff27 fix: use strings, disable logreader app as it's not useful because user can check logs in SP app 2025-05-01 16:10:38 +03:00
nhnn
09675706b6 fix: make opcache string buffer bigger 2025-05-01 16:09:43 +03:00
nhnn
0075ebd35a fix: try enabling memcache for nextcloud 2025-05-01 16:09:41 +03:00
Alexander Tomokhov
8e924d3aaf nextcloud: disableMaintenanceModeAtStart option 2025-04-29 18:44:41 +04:00
Inex Code
547eb00544 feat: Delete nextcloud admin user (#133) 
Co-authored-by: Alexander Tomokhov <alexoundos@selfprivacy.org>
Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/133
 2025-04-25 14:21:44 +03:00
Alexander Tomokhov
9f5ace5258 roundcube: specify systemd dependencies with dovecot 2025-04-22 02:07:27 +04:00
Alexander Tomokhov
a96b6b8444 auth: add only roundcube kanidm service account to idm_mail_servers 2025-04-21 20:22:40 +04:00
Alexander Tomokhov
43c3ea06ab nextcloud,auth: set originLanding to user_oidc/login 2025-04-18 21:16:24 +04:00
Alexander Tomokhov
eb5074ba82 nextcloud,auth: migrate to auth module 2025-04-18 21:16:24 +04:00
Alexander Tomokhov
356f9ddb91 fix forgejo,auth: curl waiting failure condition 2025-04-18 16:15:21 +03:00
Alexander Tomokhov
952b660aae roundcube,auth: disable generation of a kanidm service token 2025-04-17 15:06:46 +04:00
Alexander Tomokhov
eb200cb792 refact dovecot,auth: tmpfiles, minor renames, config-paths-needed.json 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
90758a2652 fix mailserver,auth: OAuth client secret has only allowed characters 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
5f9be4130e roundcube,auth: migrate to auth module 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
791e551b93 forgejo,auth: change icon to sp-module's icon.svg 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
9a438aab13 forgejo,auth: display name (Forgejo) starts with capital letter 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
e92922d1a1 forgejo,auth: enablePkce when forgejo version is at least 8.0 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
9dc47e6143 fix forgejo,auth: apply oauth and ldap configurations 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
5cc23464d5 fix forgejo,auth: OAuth client secret filepath 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
56a56b67b4 auth: add imageFile option 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
1f67bb5a85 fix assertion message in sp-modules/simple-nixos-mailserver/config.nix 2025-04-17 13:20:07 +04:00
nhnn
b605d07b52 feat: Vikunja to-do app (#128) 
Vikunja is fast self-hostable to-do app.

Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/128
Reviewed-by: Inex Code <inex.code@selfprivacy.org>
Co-authored-by: nhnn <nhnn@nhnn.dev>
Co-committed-by: nhnn <nhnn@nhnn.dev>
 2025-04-14 14:32:42 +03:00
Alexander Tomokhov
0fdcf8a791 nextcloud,auth: disable integration with Kanidm when sso is disabled 2025-04-12 15:57:01 +04:00
Alexander Tomokhov
a5f497d9cf fix forgejo,auth: wait until OAuth2 discovery URL is online 
Previously, Forgejo systemd service failed quickly, because kanidm
reports a notice to systemd before discovery URL is ready.
 2025-04-11 14:07:40 +04:00
Inex Code
f516d2e722 chore: Update Nextcloud to version 30 2025-03-31 19:37:38 +03:00
Alexander Tomokhov
74d7f7ef43 dovecot:auth: fix OAuth client secret generation 2025-03-29 03:59:56 +04:00
Alexander Tomokhov
c118802155 roundcube:auth: fix OAuth client secret generation and copy order 2025-03-29 01:35:00 +04:00
Inex Code
f3593156dc fix: Turn on email SSO by default 2025-03-28 23:47:38 +03:00
Alexander Tomokhov
a10d9cdfb9 forgejo:auth: fix recognition of an admin user 2025-03-29 00:44:10 +04:00
Inex Code
537d916ea9 fix: Presumably unused secrets file for Nextcloud 2025-03-28 23:17:47 +03:00
Inex Code
c2e1fa41e9 refactor: rename accessGroup to userGroup 2025-03-28 17:41:04 +03:00
Inex Code
d902a0f3f6 feat: allow plain login to dovecot 
The password backend is provided by SelfPrivacy API module at the moment
 2025-03-28 17:23:41 +03:00
Inex Code
fa9cd82739 fix: roundcube metadata 2025-03-28 17:21:08 +03:00
Inex Code
2b4a9e1f90 refactor: Remove redundant subdomain form ocrerv 2025-03-28 17:19:36 +03:00
Inex Code
aedc1a4297 fix: Nextcloud metadata 2025-03-28 17:18:16 +03:00
Inex Code
c528ea129f feat: Add SSO field to Forgeo SP mdoule metadata 2025-03-28 17:16:01 +03:00
Inex Code
3144e384a6 fix: Forgejo metadata 2025-03-28 17:15:20 +03:00
Alexander Tomokhov
2ee27353da auth,forgejo: fix originLanding 2025-03-26 15:59:23 +04:00
Alexander Tomokhov
8013f2e394 auth: module for easier integration of new services with Kanidm 
- Forgejo is migrated to this module.
 2025-03-21 16:40:18 +04:00
Alexander Tomokhov
1ff180ad1a add assertions: selfprivacy.sso.enable -> modules.*.enableSso 2025-02-03 02:17:54 +04:00
Alexander Tomokhov
331fa63b33 add options: selfprivacy.sso.enable && selfprivacy.sso.debug 
selfprivacy.sso.enable is true by default.
 2025-02-03 02:17:54 +04:00
Alexander Tomokhov
65548a1e73 SP modules do not depend on selfprivacy.modules.auth 2025-02-03 02:05:05 +04:00
Alexander Tomokhov
ea443d2150 gitea,nextcloud,roundcube,mailserver: depend on kanidm systemd service 2025-02-03 01:05:48 +04:00
Alexander Tomokhov
ee2e404eb8 passthru.selfprivacy -> selfprivacy.passthru 2025-02-03 01:05:48 +04:00
Alexander Tomokhov
29d1759186 merge auth SP module into main configuration; add enableSso option 
`enableSso` is being added to the following SP modules:
* gitea (forgejo)
* nextcloud
* roundcube
* simple-nixos-mailserver
 2025-02-03 00:10:05 +04:00
Alexander Tomokhov
3a8a3dfc95 fix auth meta: add meta to flake.nix and icon.svg 2025-02-01 18:36:01 +04:00
Alexander Tomokhov
70a946cc66 auth: add meta to all options 2025-01-31 14:37:58 +04:00
Alexander Tomokhov
4c6228d694 roundcube & mailserver: fix oauth: mailserver is an OAuth secret donor 
Both of them use the same client ID and client secret, but Roundcube
depends on mailserver generally, so mailserver is the one to share OAuth
client id and secret.
 2025-01-31 14:31:58 +04:00
Alexander Tomokhov
89e7145a01 auth: replace useless oauth2-introspection-url with prefix/postfix parts 
oauth2-introspection-url is useless, because it would contain OAuth
client secret right in the URL. OAuth clients contruct URLs on its own.
 2025-01-31 14:26:58 +04:00