thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
372 Commits 1 Branch 0 Tags
89e7145a01deb718935c4ddf31ca324ba49b8467
Commit Graph

372 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander Tomokhov
89e7145a01 auth: replace useless oauth2-introspection-url with prefix/postfix parts 
oauth2-introspection-url is useless, because it would contain OAuth
client secret right in the URL. OAuth clients contruct URLs on its own.
 2025-01-31 14:26:58 +04:00
Alexander Tomokhov
f1d2119f62 define selfprivacy.passthru option (type = types.submodule) 
Stock NixOS passthru option cannot be defined in multiple places. But we
need to pass arbitrary parameters between SP modules.
 2025-01-31 14:24:09 +04:00
Alexander Tomokhov
67a943c829 fix roundcube: ['oauth_client_secret'] = file_get_contents... 2025-01-29 14:30:18 +04:00
Alexander Tomokhov
857d6729ef fix nextcloud when sp.modules.auth.enable is true 2025-01-29 13:21:36 +04:00
Alexander Tomokhov
2cc5743152 fix sp-modules: configPathsNeeded, requiring passthru.selfprivacy.auth 2025-01-29 12:53:44 +04:00
Alexander Tomokhov
2ed4cc0dee passthru.selfprivacy.auth.admins-group = "sp.admins" 2025-01-25 23:20:00 +04:00
Alexander Tomokhov
d008fbcc17 auth: sp.full_users group 2025-01-25 01:24:28 +04:00
Alexander Tomokhov
d8d1a1e86f fix mailserver: evaluate without auth module 2025-01-25 01:08:41 +04:00
Alexander Tomokhov
0c7a8d51b0 fix gitea,nextcloud,roundcube: evaluate without auth module 2025-01-24 16:27:48 +04:00
Alexander Tomokhov
f795bc977f fix auth: config.selfprivacy.modules.auth.enable or false 2025-01-17 16:12:22 +04:00
Alexander Tomokhov
f43ec2686d fix nextcloud: get rid of extra user_ldap configs; other fixes 2025-01-17 16:10:40 +04:00
Alexander Tomokhov
56fe5690c1 fix roundcube: OAuth secret, ExecStartPost ignore failure 2025-01-17 16:10:40 +04:00
Alexander Tomokhov
89d788aab2 fix nextcloud: OAuth secret, ExecStartPost ignore failure 2025-01-17 16:10:38 +04:00
Alexander Tomokhov
5cb3be9a36 fix forgejo: OAuth secret, ExecStartPost ignore failure, subdomain 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
ed10508ed9 auth: create sp.selfprivacy-api.service-account 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
0e7b113ce0 fix(nextcloud): user_oidc mapping-uid is preferred_username 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
bf8fb31065 chore(mailserver): less hardcode 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
041479a48b fix(auth,forgejo): recognize admins 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
153e1c12d5 feat(auth,nextcloud): OAuth2 and LDAP integration 2025-01-17 16:09:22 +04:00
Alexander Tomokhov
a45cf792e5 fix(auth): rename oauth2-provider-name 2025-01-17 15:58:51 +04:00
Alexander Tomokhov
8db13dfccf feat auth,forgejo: OAuth2 and LDAP integration 2025-01-17 15:58:49 +04:00
Alexander Tomokhov
7f9f7a4db2 fix auth: sp.{service}.admins groups provisioning 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
bc8f998176 fix(auth): debug and enable options 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
dd4a356ae7 feat(auth,roundcube): sp.roundcube.admins inherits sp.roundcube.users 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
c127145425 feat(auth,roundcube): members of sp.admins group become admins 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
69c69dfb46 chore dovecot&postfix: rename nix files, disable debug 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
f07b867af2 security: harden some SP modules NixOS config evaluation permissions 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
3a904f599e chore: restructure LDAP related nix files 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
5d76f456c1 auth: ldap-dovecot.nix, clean code 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
ad6d3d6970 WIP: LDAP: Dovecot&Postfix works, but Postfix sends to 25 port 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
b5de64105c kanidm 1.4.0 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
f388e18ef0 minimal kanidm setup 
Only Roundcube and Dovecot communicate with Kanidm.
 2025-01-17 15:56:47 +04:00
Inex Code
bf299b19b8 fix: Remove lib.mkForce from allowed ports as it prevents SP modules from opening required ports 2024-12-26 18:19:21 +03:00
Inex Code
5bc89e3359 fix: Missing nix input 2024-12-26 11:07:00 +03:00
Inex Code
0a698cebe5 fix: Ensure mumble's folder ownership 2024-12-26 11:04:43 +03:00
Inex Code
a4d2c06c64 refactor: Even clearer naming for the manifest version 2024-12-24 21:07:29 +03:00
Inex Code
a13a9fe839 refactor: Clearer naming for the manifest version 2024-12-24 20:55:19 +03:00
Inex Code
02a29c896f chore: update nixpkgs 2024-12-24 20:47:15 +03:00
Inex Code
1f8c183760 feat: API 3.5.0 2024-12-24 20:47:09 +03:00
Inex Code
c0f965fb8e fix: Pleroma startup 2024-12-24 20:46:59 +03:00
Inex Code
f678df0074 fix: Wrong script name 2024-12-24 20:46:58 +03:00
Inex Code
de3ebdffb1 chore: Remove leftovers 2024-12-24 20:46:56 +03:00
Inex Code
cc553d5d64 fix: Remote fetcher used wrong path 2024-12-24 20:46:43 +03:00
Inex Code
486b338069 fix: Back up Roundcube database 2024-12-24 20:46:05 +03:00
Inex Code
e348a491b0 feat: PostgreSQL migration 2024-12-24 20:44:41 +03:00
Inex Code
cca51699ee feat: Dynamic templating 2024-12-24 20:40:45 +03:00
Inex Code
7b69b39bff chore: Update API to 3.4.0 2024-12-15 16:44:27 +03:00
Inex Code
af2f0014c5 feat: Filter userdata.json input so we don't pass undefined items 2024-12-15 03:45:46 +03:00
Inex Code
8276d8c8ce fix: API didn't start after reboot 2024-12-07 20:18:54 +03:00
Inex Code
dff2f515e3 fix: Wrong systemd deps on api 2024-12-07 18:51:20 +03:00