sp-config

Author	SHA1	Message	Date
Alexander Tomokhov	a5f497d9cf	fix forgejo,auth: wait until OAuth2 discovery URL is online Previously, Forgejo systemd service failed quickly, because kanidm reports a notice to systemd before discovery URL is ready.	2025-04-11 14:07:40 +04:00
Inex Code	54bb84ca46	chore: Fix API not handling unfree licenses	2025-04-08 13:21:54 +03:00
Inex Code	84461021d7	chore: Update API	2025-04-08 11:50:26 +03:00
Alexander Tomokhov	5e3bb329bd	autoUpgrade: change hardcoded selfprivacy-nixos-config git ref to "sso"	2025-04-07 01:08:11 +04:00
Alexander Tomokhov	010c11ade0	redirect stderr to systemd journal in sp-nixos-* modules	2025-04-04 16:38:00 +04:00
Inex Code	f516d2e722	chore: Update Nextcloud to version 30	2025-03-31 19:37:38 +03:00
Alexander Tomokhov	74d7f7ef43	dovecot:auth: fix OAuth client secret generation	2025-03-29 03:59:56 +04:00
Inex Code	339dafb3fd	fix: Password email auth was broken	2025-03-29 01:13:00 +03:00
Alexander Tomokhov	c118802155	roundcube:auth: fix OAuth client secret generation and copy order	2025-03-29 01:35:00 +04:00
Inex Code	f3593156dc	fix: Turn on email SSO by default	2025-03-28 23:47:38 +03:00
Alexander Tomokhov	a10d9cdfb9	forgejo:auth: fix recognition of an admin user	2025-03-29 00:44:10 +04:00
Inex Code	537d916ea9	fix: Presumably unused secrets file for Nextcloud	2025-03-28 23:17:47 +03:00
Inex Code	11da3e69ce	fix: API was confused by empty persons list	2025-03-28 22:50:29 +03:00
Inex Code	71b73b02d4	chore: Use sso branch during server upgrades	2025-03-28 22:13:31 +03:00
Inex Code	882e24fba0	fix: API reported old version of itself	2025-03-28 21:53:07 +03:00
nhnn	4dd08c942a	fix: disable root login using password	2025-03-28 21:35:40 +03:00
Inex Code	0f605401a8	fix: Ecxlude DeSEC from dns propagation check exceptions	2025-03-28 21:35:28 +03:00
Inex Code	c2e1fa41e9	refactor: rename accessGroup to userGroup	2025-03-28 17:41:04 +03:00
Inex Code	a2d184a62c	chore: Use the recent beta build of SelfPrivacy API	2025-03-28 17:24:45 +03:00
Inex Code	cdcc40d2a7	feat: Disallow access to /internal path of API	2025-03-28 17:23:54 +03:00
Inex Code	d902a0f3f6	feat: allow plain login to dovecot The password backend is provided by SelfPrivacy API module at the moment	2025-03-28 17:23:41 +03:00
Inex Code	fa9cd82739	fix: roundcube metadata	2025-03-28 17:21:08 +03:00
Inex Code	2b4a9e1f90	refactor: Remove redundant subdomain form ocrerv	2025-03-28 17:19:36 +03:00
Inex Code	aedc1a4297	fix: Nextcloud metadata	2025-03-28 17:18:16 +03:00
Inex Code	c528ea129f	feat: Add SSO field to Forgeo SP mdoule metadata	2025-03-28 17:16:01 +03:00
Inex Code	3144e384a6	fix: Forgejo metadata	2025-03-28 17:15:20 +03:00
Inex Code	d08a5e1ba3	fix: Mark 'idm_all_persons' as a known group for provisioning	2025-03-28 17:09:01 +03:00
Inex Code	e79af804f1	feat: Allow services to communicate with Kanidm even when there is no DNS record yet	2025-03-28 17:08:37 +03:00
Inex Code	b571449efe	refactor: Disable SSH login using password	2025-03-28 17:08:09 +03:00
Alexander Tomokhov	2ee27353da	auth,forgejo: fix originLanding	2025-03-26 15:59:23 +04:00
Alexander Tomokhov	3f95b80c3c	auth module: add originLanding option	2025-03-26 15:57:59 +04:00
Alexander Tomokhov	838b5dc204	auth: add missing nixpkgs-2411 input to flake.lock	2025-03-26 14:58:02 +04:00
Alexander Tomokhov	8013f2e394	auth: module for easier integration of new services with Kanidm - Forgejo is migrated to this module.	2025-03-21 16:40:18 +04:00
Alexander Tomokhov	403c4b31b1	refact: auth: variable for generated keys path in auth.nix	2025-03-16 19:50:41 +04:00
Alexander Tomokhov	c49a93bf9c	auth: generate kanidm API token for selfprivacy in /run/keys/...	2025-02-12 15:50:19 +04:00
Alexander Tomokhov	1ff180ad1a	add assertions: selfprivacy.sso.enable -> modules.*.enableSso	2025-02-03 02:17:54 +04:00
Alexander Tomokhov	331fa63b33	add options: selfprivacy.sso.enable && selfprivacy.sso.debug selfprivacy.sso.enable is true by default.	2025-02-03 02:17:54 +04:00
Alexander Tomokhov	65548a1e73	SP modules do not depend on selfprivacy.modules.auth	2025-02-03 02:05:05 +04:00
Alexander Tomokhov	ea443d2150	gitea,nextcloud,roundcube,mailserver: depend on kanidm systemd service	2025-02-03 01:05:48 +04:00
Alexander Tomokhov	ee2e404eb8	passthru.selfprivacy -> selfprivacy.passthru	2025-02-03 01:05:48 +04:00
Alexander Tomokhov	365e01a4e3	fix selfprivacy.passthru: allow any types	2025-02-03 01:05:48 +04:00
Alexander Tomokhov	29d1759186	merge auth SP module into main configuration; add `enableSso` option `enableSso` is being added to the following SP modules: * gitea (forgejo) * nextcloud * roundcube * simple-nixos-mailserver	2025-02-03 00:10:05 +04:00
Alexander Tomokhov	3a8a3dfc95	fix auth meta: add meta to flake.nix and icon.svg	2025-02-01 18:36:01 +04:00
Alexander Tomokhov	70a946cc66	auth: add meta to all options	2025-01-31 14:37:58 +04:00
Alexander Tomokhov	4c6228d694	roundcube & mailserver: fix oauth: mailserver is an OAuth secret donor Both of them use the same client ID and client secret, but Roundcube depends on mailserver generally, so mailserver is the one to share OAuth client id and secret.	2025-01-31 14:31:58 +04:00
Alexander Tomokhov	89e7145a01	auth: replace useless oauth2-introspection-url with prefix/postfix parts oauth2-introspection-url is useless, because it would contain OAuth client secret right in the URL. OAuth clients contruct URLs on its own.	2025-01-31 14:26:58 +04:00
Alexander Tomokhov	f1d2119f62	define selfprivacy.passthru option (type = types.submodule) Stock NixOS passthru option cannot be defined in multiple places. But we need to pass arbitrary parameters between SP modules.	2025-01-31 14:24:09 +04:00
Alexander Tomokhov	67a943c829	fix roundcube: ['oauth_client_secret'] = file_get_contents...	2025-01-29 14:30:18 +04:00
Alexander Tomokhov	857d6729ef	fix nextcloud when sp.modules.auth.enable is true	2025-01-29 13:21:36 +04:00
Alexander Tomokhov	2cc5743152	fix sp-modules: configPathsNeeded, requiring passthru.selfprivacy.auth	2025-01-29 12:53:44 +04:00

1 2 3 4 5 ...

417 Commits