thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
465 Commits 1 Branch 0 Tags
c12025a5de80fc69935c36942bf9bc7d428bf6a7
Commit Graph

465 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander Tomokhov
010c11ade0 redirect stderr to systemd journal in sp-nixos-* modules 2025-04-04 16:38:00 +04:00
Inex Code
f516d2e722 chore: Update Nextcloud to version 30 2025-03-31 19:37:38 +03:00
Alexander Tomokhov
74d7f7ef43 dovecot:auth: fix OAuth client secret generation 2025-03-29 03:59:56 +04:00
Inex Code
339dafb3fd fix: Password email auth was broken 2025-03-29 01:13:00 +03:00
Alexander Tomokhov
c118802155 roundcube:auth: fix OAuth client secret generation and copy order 2025-03-29 01:35:00 +04:00
Inex Code
f3593156dc fix: Turn on email SSO by default 2025-03-28 23:47:38 +03:00
Alexander Tomokhov
a10d9cdfb9 forgejo:auth: fix recognition of an admin user 2025-03-29 00:44:10 +04:00
Inex Code
537d916ea9 fix: Presumably unused secrets file for Nextcloud 2025-03-28 23:17:47 +03:00
Inex Code
11da3e69ce fix: API was confused by empty persons list 2025-03-28 22:50:29 +03:00
Inex Code
71b73b02d4 chore: Use sso branch during server upgrades 2025-03-28 22:13:31 +03:00
Inex Code
882e24fba0 fix: API reported old version of itself 2025-03-28 21:53:07 +03:00
nhnn
4dd08c942a fix: disable root login using password 2025-03-28 21:35:40 +03:00
Inex Code
0f605401a8 fix: Ecxlude DeSEC from dns propagation check exceptions 2025-03-28 21:35:28 +03:00
Inex Code
c2e1fa41e9 refactor: rename accessGroup to userGroup 2025-03-28 17:41:04 +03:00
Inex Code
a2d184a62c chore: Use the recent beta build of SelfPrivacy API 2025-03-28 17:24:45 +03:00
Inex Code
cdcc40d2a7 feat: Disallow access to /internal path of API 2025-03-28 17:23:54 +03:00
Inex Code
d902a0f3f6 feat: allow plain login to dovecot 
The password backend is provided by SelfPrivacy API module at the moment
 2025-03-28 17:23:41 +03:00
Inex Code
fa9cd82739 fix: roundcube metadata 2025-03-28 17:21:08 +03:00
Inex Code
2b4a9e1f90 refactor: Remove redundant subdomain form ocrerv 2025-03-28 17:19:36 +03:00
Inex Code
aedc1a4297 fix: Nextcloud metadata 2025-03-28 17:18:16 +03:00
Inex Code
c528ea129f feat: Add SSO field to Forgeo SP mdoule metadata 2025-03-28 17:16:01 +03:00
Inex Code
3144e384a6 fix: Forgejo metadata 2025-03-28 17:15:20 +03:00
Inex Code
d08a5e1ba3 fix: Mark 'idm_all_persons' as a known group for provisioning 2025-03-28 17:09:01 +03:00
Inex Code
e79af804f1 feat: Allow services to communicate with Kanidm even when there is no DNS record yet 2025-03-28 17:08:37 +03:00
Inex Code
b571449efe refactor: Disable SSH login using password 2025-03-28 17:08:09 +03:00
Alexander Tomokhov
2ee27353da auth,forgejo: fix originLanding 2025-03-26 15:59:23 +04:00
Alexander Tomokhov
3f95b80c3c auth module: add originLanding option 2025-03-26 15:57:59 +04:00
Alexander Tomokhov
838b5dc204 auth: add missing nixpkgs-2411 input to flake.lock 2025-03-26 14:58:02 +04:00
Alexander Tomokhov
8013f2e394 auth: module for easier integration of new services with Kanidm 
- Forgejo is migrated to this module.
 2025-03-21 16:40:18 +04:00
nhnn
381468ad16 fix: disable root login using password 2025-03-20 12:48:41 +03:00
Alexander Tomokhov
403c4b31b1 refact: auth: variable for generated keys path in auth.nix 2025-03-16 19:50:41 +04:00
Inex Code
6d0271a9fe fix: Ecxlude DeSEC from dns propagation check exceptions 2025-02-13 06:16:05 +03:00
Alexander Tomokhov
c49a93bf9c auth: generate kanidm API token for selfprivacy in /run/keys/... 2025-02-12 15:50:19 +04:00
Alexander Tomokhov
1ff180ad1a add assertions: selfprivacy.sso.enable -> modules.*.enableSso 2025-02-03 02:17:54 +04:00
Alexander Tomokhov
331fa63b33 add options: selfprivacy.sso.enable && selfprivacy.sso.debug 
selfprivacy.sso.enable is true by default.
 2025-02-03 02:17:54 +04:00
Alexander Tomokhov
65548a1e73 SP modules do not depend on selfprivacy.modules.auth 2025-02-03 02:05:05 +04:00
Alexander Tomokhov
ea443d2150 gitea,nextcloud,roundcube,mailserver: depend on kanidm systemd service 2025-02-03 01:05:48 +04:00
Alexander Tomokhov
ee2e404eb8 passthru.selfprivacy -> selfprivacy.passthru 2025-02-03 01:05:48 +04:00
Alexander Tomokhov
365e01a4e3 fix selfprivacy.passthru: allow any types 2025-02-03 01:05:48 +04:00
Alexander Tomokhov
29d1759186 merge auth SP module into main configuration; add enableSso option 
`enableSso` is being added to the following SP modules:
* gitea (forgejo)
* nextcloud
* roundcube
* simple-nixos-mailserver
 2025-02-03 00:10:05 +04:00
Alexander Tomokhov
3a8a3dfc95 fix auth meta: add meta to flake.nix and icon.svg 2025-02-01 18:36:01 +04:00
Alexander Tomokhov
70a946cc66 auth: add meta to all options 2025-01-31 14:37:58 +04:00
Alexander Tomokhov
4c6228d694 roundcube & mailserver: fix oauth: mailserver is an OAuth secret donor 
Both of them use the same client ID and client secret, but Roundcube
depends on mailserver generally, so mailserver is the one to share OAuth
client id and secret.
 2025-01-31 14:31:58 +04:00
Alexander Tomokhov
89e7145a01 auth: replace useless oauth2-introspection-url with prefix/postfix parts 
oauth2-introspection-url is useless, because it would contain OAuth
client secret right in the URL. OAuth clients contruct URLs on its own.
 2025-01-31 14:26:58 +04:00
Alexander Tomokhov
f1d2119f62 define selfprivacy.passthru option (type = types.submodule) 
Stock NixOS passthru option cannot be defined in multiple places. But we
need to pass arbitrary parameters between SP modules.
 2025-01-31 14:24:09 +04:00
Alexander Tomokhov
67a943c829 fix roundcube: ['oauth_client_secret'] = file_get_contents... 2025-01-29 14:30:18 +04:00
Alexander Tomokhov
857d6729ef fix nextcloud when sp.modules.auth.enable is true 2025-01-29 13:21:36 +04:00
Alexander Tomokhov
2cc5743152 fix sp-modules: configPathsNeeded, requiring passthru.selfprivacy.auth 2025-01-29 12:53:44 +04:00
Alexander Tomokhov
2ed4cc0dee passthru.selfprivacy.auth.admins-group = "sp.admins" 2025-01-25 23:20:00 +04:00
Alexander Tomokhov
d008fbcc17 auth: sp.full_users group 2025-01-25 01:24:28 +04:00