thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
498 Commits 1 Branch 0 Tags
f1ad4819eaf5d6b24b2f65b22001225e8ea154a1
Commit Graph

498 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander Tomokhov
849b695aa4 auth: create a proper selfprivacy-api token via auth module 
- selfprivacy-api NixOS module can use selfprivacy.auth.clients option
  to configure its own client
- when "selfprivacy-api" OAuth ID name is used, read-write token is
  created and idm_admins membership is set
 2025-04-22 01:26:29 +04:00
Alexander Tomokhov
217fdce469 auth: kanidm.db migration to v1.5.0 for provisioning 
- ExecStartPre sqlite script for any kanidm version <= 1.5.0.
 2025-04-22 00:04:44 +04:00
Alexander Tomokhov
69a5103f8b refact auth: systemd.tmpfiles for /run/keys/selfprivacy-api; comments 2025-04-21 20:22:40 +04:00
Alexander Tomokhov
a96b6b8444 auth: add only roundcube kanidm service account to idm_mail_servers 2025-04-21 20:22:40 +04:00
Alexander Tomokhov
3f1a2b5baf fix nixpkgs-2411 in flake.lock 2025-04-21 20:22:40 +04:00
Alexander Tomokhov
f2e9623d7f auth: selfprivacy.sso.useKanidm_1_4 2025-04-18 21:16:24 +04:00
Alexander Tomokhov
43c3ea06ab nextcloud,auth: set originLanding to user_oidc/login 2025-04-18 21:16:24 +04:00
Alexander Tomokhov
eb5074ba82 nextcloud,auth: migrate to auth module 2025-04-18 21:16:24 +04:00
Alexander Tomokhov
043c192fb7 auth: upgrade kanidm to 1.5 2025-04-18 16:17:38 +03:00
Alexander Tomokhov
356f9ddb91 fix forgejo,auth: curl waiting failure condition 2025-04-18 16:15:21 +03:00
Alexander Tomokhov
952b660aae roundcube,auth: disable generation of a kanidm service token 2025-04-17 15:06:46 +04:00
Alexander Tomokhov
eb200cb792 refact dovecot,auth: tmpfiles, minor renames, config-paths-needed.json 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
90758a2652 fix mailserver,auth: OAuth client secret has only allowed characters 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
5f9be4130e roundcube,auth: migrate to auth module 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
46971cd2be auth:module: replace special symbols in generated secrets 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
791e551b93 forgejo,auth: change icon to sp-module's icon.svg 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
9a438aab13 forgejo,auth: display name (Forgejo) starts with capital letter 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
e92922d1a1 forgejo,auth: enablePkce when forgejo version is at least 8.0 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
9dc47e6143 fix forgejo,auth: apply oauth and ldap configurations 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
5cc23464d5 fix forgejo,auth: OAuth client secret filepath 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
56a56b67b4 auth: add imageFile option 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
1f67bb5a85 fix assertion message in sp-modules/simple-nixos-mailserver/config.nix 2025-04-17 13:20:07 +04:00
Inex Code
a38d426c19 chore: Update API 2025-04-14 17:14:27 +03:00
Inex Code
6f84778527 chore: Update API 2025-04-14 14:40:23 +03:00
nhnn
b605d07b52 feat: Vikunja to-do app (#128) 
Vikunja is fast self-hostable to-do app.

Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/128
Reviewed-by: Inex Code <inex.code@selfprivacy.org>
Co-authored-by: nhnn <nhnn@nhnn.dev>
Co-committed-by: nhnn <nhnn@nhnn.dev>
 2025-04-14 14:32:42 +03:00
Alexander Tomokhov
0fdcf8a791 nextcloud,auth: disable integration with Kanidm when sso is disabled 2025-04-12 15:57:01 +04:00
Alexander Tomokhov
9d7fa8ec7d clean auth/auth.nix and auth/auth-module.nix 2025-04-12 11:06:47 +04:00
Alexander Tomokhov
63ce4d9143 fix auth: name of /run/keys/* folder equals to linux group name 2025-04-11 21:25:11 +04:00
Alexander Tomokhov
b87c37afa2 auth: rewrite /run/keys/* creation to tmpfiles.d 2025-04-11 19:36:11 +04:00
Alexander Tomokhov
a5f497d9cf fix forgejo,auth: wait until OAuth2 discovery URL is online 
Previously, Forgejo systemd service failed quickly, because kanidm
reports a notice to systemd before discovery URL is ready.
 2025-04-11 14:07:40 +04:00
Inex Code
54bb84ca46 chore: Fix API not handling unfree licenses 2025-04-08 13:21:54 +03:00
Inex Code
84461021d7 chore: Update API 2025-04-08 11:50:26 +03:00
Alexander Tomokhov
5e3bb329bd autoUpgrade: change hardcoded selfprivacy-nixos-config git ref to "sso" 2025-04-07 01:08:11 +04:00
Alexander Tomokhov
010c11ade0 redirect stderr to systemd journal in sp-nixos-* modules 2025-04-04 16:38:00 +04:00
Inex Code
f516d2e722 chore: Update Nextcloud to version 30 2025-03-31 19:37:38 +03:00
Alexander Tomokhov
74d7f7ef43 dovecot:auth: fix OAuth client secret generation 2025-03-29 03:59:56 +04:00
Inex Code
339dafb3fd fix: Password email auth was broken 2025-03-29 01:13:00 +03:00
Alexander Tomokhov
c118802155 roundcube:auth: fix OAuth client secret generation and copy order 2025-03-29 01:35:00 +04:00
Inex Code
f3593156dc fix: Turn on email SSO by default 2025-03-28 23:47:38 +03:00
Alexander Tomokhov
a10d9cdfb9 forgejo:auth: fix recognition of an admin user 2025-03-29 00:44:10 +04:00
Inex Code
537d916ea9 fix: Presumably unused secrets file for Nextcloud 2025-03-28 23:17:47 +03:00
Inex Code
11da3e69ce fix: API was confused by empty persons list 2025-03-28 22:50:29 +03:00
Inex Code
71b73b02d4 chore: Use sso branch during server upgrades 2025-03-28 22:13:31 +03:00
Inex Code
882e24fba0 fix: API reported old version of itself 2025-03-28 21:53:07 +03:00
nhnn
4dd08c942a fix: disable root login using password 2025-03-28 21:35:40 +03:00
Inex Code
0f605401a8 fix: Ecxlude DeSEC from dns propagation check exceptions 2025-03-28 21:35:28 +03:00
Inex Code
c2e1fa41e9 refactor: rename accessGroup to userGroup 2025-03-28 17:41:04 +03:00
Inex Code
a2d184a62c chore: Use the recent beta build of SelfPrivacy API 2025-03-28 17:24:45 +03:00
Inex Code
cdcc40d2a7 feat: Disallow access to /internal path of API 2025-03-28 17:23:54 +03:00
Inex Code
d902a0f3f6 feat: allow plain login to dovecot 
The password backend is provided by SelfPrivacy API module at the moment
 2025-03-28 17:23:41 +03:00