thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
531 Commits 1 Branch 0 Tags
ff58cfa2f10db15099cea7a4002948ebc89cc099
Commit Graph

192 Commits

Author SHA1 Message Date
Alexander Tomokhov
9dc47e6143 fix forgejo,auth: apply oauth and ldap configurations 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
5cc23464d5 fix forgejo,auth: OAuth client secret filepath 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
56a56b67b4 auth: add imageFile option 2025-04-17 13:20:07 +04:00
Alexander Tomokhov
1f67bb5a85 fix assertion message in sp-modules/simple-nixos-mailserver/config.nix 2025-04-17 13:20:07 +04:00
nhnn
b605d07b52 feat: Vikunja to-do app (#128) 
Vikunja is fast self-hostable to-do app.

Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/128
Reviewed-by: Inex Code <inex.code@selfprivacy.org>
Co-authored-by: nhnn <nhnn@nhnn.dev>
Co-committed-by: nhnn <nhnn@nhnn.dev>
 2025-04-14 14:32:42 +03:00
Alexander Tomokhov
0fdcf8a791 nextcloud,auth: disable integration with Kanidm when sso is disabled 2025-04-12 15:57:01 +04:00
Alexander Tomokhov
a5f497d9cf fix forgejo,auth: wait until OAuth2 discovery URL is online 
Previously, Forgejo systemd service failed quickly, because kanidm
reports a notice to systemd before discovery URL is ready.
 2025-04-11 14:07:40 +04:00
Inex Code
f516d2e722 chore: Update Nextcloud to version 30 2025-03-31 19:37:38 +03:00
Alexander Tomokhov
74d7f7ef43 dovecot:auth: fix OAuth client secret generation 2025-03-29 03:59:56 +04:00
Alexander Tomokhov
c118802155 roundcube:auth: fix OAuth client secret generation and copy order 2025-03-29 01:35:00 +04:00
Inex Code
f3593156dc fix: Turn on email SSO by default 2025-03-28 23:47:38 +03:00
Alexander Tomokhov
a10d9cdfb9 forgejo:auth: fix recognition of an admin user 2025-03-29 00:44:10 +04:00
Inex Code
537d916ea9 fix: Presumably unused secrets file for Nextcloud 2025-03-28 23:17:47 +03:00
Inex Code
c2e1fa41e9 refactor: rename accessGroup to userGroup 2025-03-28 17:41:04 +03:00
Inex Code
d902a0f3f6 feat: allow plain login to dovecot 
The password backend is provided by SelfPrivacy API module at the moment
 2025-03-28 17:23:41 +03:00
Inex Code
fa9cd82739 fix: roundcube metadata 2025-03-28 17:21:08 +03:00
Inex Code
2b4a9e1f90 refactor: Remove redundant subdomain form ocrerv 2025-03-28 17:19:36 +03:00
Inex Code
aedc1a4297 fix: Nextcloud metadata 2025-03-28 17:18:16 +03:00
Inex Code
c528ea129f feat: Add SSO field to Forgeo SP mdoule metadata 2025-03-28 17:16:01 +03:00
Inex Code
3144e384a6 fix: Forgejo metadata 2025-03-28 17:15:20 +03:00
Alexander Tomokhov
2ee27353da auth,forgejo: fix originLanding 2025-03-26 15:59:23 +04:00
Alexander Tomokhov
8013f2e394 auth: module for easier integration of new services with Kanidm 
- Forgejo is migrated to this module.
 2025-03-21 16:40:18 +04:00
Alexander Tomokhov
1ff180ad1a add assertions: selfprivacy.sso.enable -> modules.*.enableSso 2025-02-03 02:17:54 +04:00
Alexander Tomokhov
331fa63b33 add options: selfprivacy.sso.enable && selfprivacy.sso.debug 
selfprivacy.sso.enable is true by default.
 2025-02-03 02:17:54 +04:00
Alexander Tomokhov
65548a1e73 SP modules do not depend on selfprivacy.modules.auth 2025-02-03 02:05:05 +04:00
Alexander Tomokhov
ea443d2150 gitea,nextcloud,roundcube,mailserver: depend on kanidm systemd service 2025-02-03 01:05:48 +04:00
Alexander Tomokhov
ee2e404eb8 passthru.selfprivacy -> selfprivacy.passthru 2025-02-03 01:05:48 +04:00
Alexander Tomokhov
29d1759186 merge auth SP module into main configuration; add enableSso option 
`enableSso` is being added to the following SP modules:
* gitea (forgejo)
* nextcloud
* roundcube
* simple-nixos-mailserver
 2025-02-03 00:10:05 +04:00
Alexander Tomokhov
3a8a3dfc95 fix auth meta: add meta to flake.nix and icon.svg 2025-02-01 18:36:01 +04:00
Alexander Tomokhov
70a946cc66 auth: add meta to all options 2025-01-31 14:37:58 +04:00
Alexander Tomokhov
4c6228d694 roundcube & mailserver: fix oauth: mailserver is an OAuth secret donor 
Both of them use the same client ID and client secret, but Roundcube
depends on mailserver generally, so mailserver is the one to share OAuth
client id and secret.
 2025-01-31 14:31:58 +04:00
Alexander Tomokhov
89e7145a01 auth: replace useless oauth2-introspection-url with prefix/postfix parts 
oauth2-introspection-url is useless, because it would contain OAuth
client secret right in the URL. OAuth clients contruct URLs on its own.
 2025-01-31 14:26:58 +04:00
Alexander Tomokhov
67a943c829 fix roundcube: ['oauth_client_secret'] = file_get_contents... 2025-01-29 14:30:18 +04:00
Alexander Tomokhov
857d6729ef fix nextcloud when sp.modules.auth.enable is true 2025-01-29 13:21:36 +04:00
Alexander Tomokhov
2cc5743152 fix sp-modules: configPathsNeeded, requiring passthru.selfprivacy.auth 2025-01-29 12:53:44 +04:00
Alexander Tomokhov
2ed4cc0dee passthru.selfprivacy.auth.admins-group = "sp.admins" 2025-01-25 23:20:00 +04:00
Alexander Tomokhov
d008fbcc17 auth: sp.full_users group 2025-01-25 01:24:28 +04:00
Alexander Tomokhov
d8d1a1e86f fix mailserver: evaluate without auth module 2025-01-25 01:08:41 +04:00
Alexander Tomokhov
0c7a8d51b0 fix gitea,nextcloud,roundcube: evaluate without auth module 2025-01-24 16:27:48 +04:00
Alexander Tomokhov
f795bc977f fix auth: config.selfprivacy.modules.auth.enable or false 2025-01-17 16:12:22 +04:00
Alexander Tomokhov
f43ec2686d fix nextcloud: get rid of extra user_ldap configs; other fixes 2025-01-17 16:10:40 +04:00
Alexander Tomokhov
56fe5690c1 fix roundcube: OAuth secret, ExecStartPost ignore failure 2025-01-17 16:10:40 +04:00
Alexander Tomokhov
89d788aab2 fix nextcloud: OAuth secret, ExecStartPost ignore failure 2025-01-17 16:10:38 +04:00
Alexander Tomokhov
5cb3be9a36 fix forgejo: OAuth secret, ExecStartPost ignore failure, subdomain 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
ed10508ed9 auth: create sp.selfprivacy-api.service-account 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
0e7b113ce0 fix(nextcloud): user_oidc mapping-uid is preferred_username 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
bf8fb31065 chore(mailserver): less hardcode 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
041479a48b fix(auth,forgejo): recognize admins 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
153e1c12d5 feat(auth,nextcloud): OAuth2 and LDAP integration 2025-01-17 16:09:22 +04:00
Alexander Tomokhov
a45cf792e5 fix(auth): rename oauth2-provider-name 2025-01-17 15:58:51 +04:00