thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
513 Commits 1 Branch 0 Tags
76cc815db0fd64973ca42b0ced168898fec1b610
Commit Graph

28 Commits

Author SHA1 Message Date
nhnn
66cbd47d77 fix: SECURITY: disable kanidm anonymous account 2025-07-09 15:11:04 +03:00
nhnn
b10a11fba2 fix: bump Kanidm to 1.6.0 2025-07-03 18:22:36 +03:00
nhnn
ee5b7fdddc fix: wait for kanidm to start 2025-07-03 18:22:32 +03:00
nhnn
a464d574e0 style: format again 2025-07-03 18:22:27 +03:00
nhnn
14e8cf359d fix: various kanidm, jitsi and general fixes 2025-07-03 18:22:16 +03:00
nhnn
86233cac27 style: format tree 2025-06-18 19:53:44 +03:00
Alexander Tomokhov
72472e8edf auth: do not create sp.selfprivacy-api.* groups 2025-04-22 21:17:59 +04:00
Alexander Tomokhov
8a79551743 auth: remove possibility to use kanidm 1.4.6 2025-04-22 17:34:30 +04:00
Alexander Tomokhov
849b695aa4 auth: create a proper selfprivacy-api token via auth module 
- selfprivacy-api NixOS module can use selfprivacy.auth.clients option
  to configure its own client
- when "selfprivacy-api" OAuth ID name is used, read-write token is
  created and idm_admins membership is set
 2025-04-22 01:26:29 +04:00
Alexander Tomokhov
217fdce469 auth: kanidm.db migration to v1.5.0 for provisioning 
- ExecStartPre sqlite script for any kanidm version <= 1.5.0.
 2025-04-22 00:04:44 +04:00
Alexander Tomokhov
69a5103f8b refact auth: systemd.tmpfiles for /run/keys/selfprivacy-api; comments 2025-04-21 20:22:40 +04:00
Alexander Tomokhov
a96b6b8444 auth: add only roundcube kanidm service account to idm_mail_servers 2025-04-21 20:22:40 +04:00
Alexander Tomokhov
f2e9623d7f auth: selfprivacy.sso.useKanidm_1_4 2025-04-18 21:16:24 +04:00
Alexander Tomokhov
043c192fb7 auth: upgrade kanidm to 1.5 2025-04-18 16:17:38 +03:00
Alexander Tomokhov
46971cd2be auth:module: replace special symbols in generated secrets 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
56a56b67b4 auth: add imageFile option 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
9d7fa8ec7d clean auth/auth.nix and auth/auth-module.nix 2025-04-12 11:06:47 +04:00
Alexander Tomokhov
63ce4d9143 fix auth: name of /run/keys/* folder equals to linux group name 2025-04-11 21:25:11 +04:00
Alexander Tomokhov
b87c37afa2 auth: rewrite /run/keys/* creation to tmpfiles.d 2025-04-11 19:36:11 +04:00
Inex Code
d08a5e1ba3 fix: Mark 'idm_all_persons' as a known group for provisioning 2025-03-28 17:09:01 +03:00
Inex Code
e79af804f1 feat: Allow services to communicate with Kanidm even when there is no DNS record yet 2025-03-28 17:08:37 +03:00
Alexander Tomokhov
3f95b80c3c auth module: add originLanding option 2025-03-26 15:57:59 +04:00
Alexander Tomokhov
8013f2e394 auth: module for easier integration of new services with Kanidm 
- Forgejo is migrated to this module.
 2025-03-21 16:40:18 +04:00
Alexander Tomokhov
403c4b31b1 refact: auth: variable for generated keys path in auth.nix 2025-03-16 19:50:41 +04:00
Alexander Tomokhov
c49a93bf9c auth: generate kanidm API token for selfprivacy in /run/keys/... 2025-02-12 15:50:19 +04:00
Alexander Tomokhov
331fa63b33 add options: selfprivacy.sso.enable && selfprivacy.sso.debug 
selfprivacy.sso.enable is true by default.
 2025-02-03 02:17:54 +04:00
Alexander Tomokhov
ee2e404eb8 passthru.selfprivacy -> selfprivacy.passthru 2025-02-03 01:05:48 +04:00
Alexander Tomokhov
29d1759186 merge auth SP module into main configuration; add enableSso option 
`enableSso` is being added to the following SP modules:
* gitea (forgejo)
* nextcloud
* roundcube
* simple-nixos-mailserver
 2025-02-03 00:10:05 +04:00