thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 043c192fb7 auth: upgrade kanidm to 1.5 Alexander Tomokhov 2025-04-18 16:17:38 +03:00
  • 356f9ddb91 fix forgejo,auth: curl waiting failure condition Alexander Tomokhov 2025-04-18 01:26:41 +04:00
  • 952b660aae roundcube,auth: disable generation of a kanidm service token Alexander Tomokhov 2025-04-17 15:06:42 +04:00
  • eb200cb792 refact dovecot,auth: tmpfiles, minor renames, config-paths-needed.json Alexander Tomokhov 2025-04-17 13:12:23 +04:00
  • 90758a2652 fix mailserver,auth: OAuth client secret has only allowed characters Alexander Tomokhov 2025-04-17 12:49:50 +04:00
  • 5f9be4130e roundcube,auth: migrate to auth module Alexander Tomokhov 2025-04-17 12:48:02 +04:00
  • 46971cd2be auth:module: replace special symbols in generated secrets Alexander Tomokhov 2025-04-17 12:42:46 +04:00
  • 791e551b93 forgejo,auth: change icon to sp-module's icon.svg Alexander Tomokhov 2025-04-16 22:31:33 +04:00
  • 9a438aab13 forgejo,auth: display name (Forgejo) starts with capital letter Alexander Tomokhov 2025-04-16 22:24:42 +04:00
  • e92922d1a1 forgejo,auth: enablePkce when forgejo version is at least 8.0 Alexander Tomokhov 2025-04-16 22:23:30 +04:00
  • 9dc47e6143 fix forgejo,auth: apply oauth and ldap configurations Alexander Tomokhov 2025-04-16 22:17:23 +04:00
  • 5cc23464d5 fix forgejo,auth: OAuth client secret filepath Alexander Tomokhov 2025-04-16 21:48:33 +04:00
  • 56a56b67b4 auth: add imageFile option Alexander Tomokhov 2025-04-16 14:55:55 +04:00
  • 1f67bb5a85 fix assertion message in sp-modules/simple-nixos-mailserver/config.nix Alexander Tomokhov 2025-04-16 12:57:26 +04:00
  • a38d426c19 chore: Update API Inex Code 2025-04-14 17:14:27 +03:00
  • 6f84778527 chore: Update API Inex Code 2025-04-14 14:40:23 +03:00
  • b605d07b52 feat: Vikunja to-do app (#128) nhnn 2025-04-14 14:32:42 +03:00
  • 0fdcf8a791 nextcloud,auth: disable integration with Kanidm when sso is disabled Alexander Tomokhov 2025-04-12 15:56:54 +04:00
  • 9d7fa8ec7d clean auth/auth.nix and auth/auth-module.nix Alexander Tomokhov 2025-04-11 20:59:02 +04:00
  • 63ce4d9143 fix auth: name of /run/keys/* folder equals to linux group name Alexander Tomokhov 2025-04-11 16:34:50 +04:00
  • b87c37afa2 auth: rewrite /run/keys/* creation to tmpfiles.d Alexander Tomokhov 2025-04-11 16:13:59 +04:00
  • a5f497d9cf fix forgejo,auth: wait until OAuth2 discovery URL is online Alexander Tomokhov 2025-04-11 14:06:06 +04:00
  • 54bb84ca46 chore: Fix API not handling unfree licenses Inex Code 2025-04-08 13:11:29 +03:00
  • 84461021d7 chore: Update API Inex Code 2025-04-08 11:50:26 +03:00
  • 5e3bb329bd autoUpgrade: change hardcoded selfprivacy-nixos-config git ref to "sso" Alexander Tomokhov 2025-04-07 01:07:39 +04:00
  • 010c11ade0 redirect stderr to systemd journal in sp-nixos-* modules Alexander Tomokhov 2025-04-04 16:38:00 +04:00
  • f516d2e722 chore: Update Nextcloud to version 30 Inex Code 2025-03-31 19:37:38 +03:00
  • 74d7f7ef43 dovecot:auth: fix OAuth client secret generation Alexander Tomokhov 2025-03-29 03:53:09 +04:00
  • 339dafb3fd fix: Password email auth was broken Inex Code 2025-03-29 01:13:00 +03:00
  • c118802155 roundcube:auth: fix OAuth client secret generation and copy order Alexander Tomokhov 2025-03-29 01:34:26 +04:00
  • f3593156dc fix: Turn on email SSO by default Inex Code 2025-03-28 23:47:38 +03:00
  • a10d9cdfb9 forgejo:auth: fix recognition of an admin user Alexander Tomokhov 2025-03-29 00:44:10 +04:00
  • 537d916ea9 fix: Presumably unused secrets file for Nextcloud Inex Code 2025-03-28 23:17:47 +03:00
  • 11da3e69ce fix: API was confused by empty persons list Inex Code 2025-03-28 22:50:29 +03:00
  • 71b73b02d4 chore: Use sso branch during server upgrades Inex Code 2025-03-28 22:13:31 +03:00
  • 882e24fba0 fix: API reported old version of itself Inex Code 2025-03-28 21:53:07 +03:00
  • 4dd08c942a fix: disable root login using password nhnn 2025-03-20 12:48:41 +03:00
  • 0f605401a8 fix: Ecxlude DeSEC from dns propagation check exceptions Inex Code 2025-02-13 06:16:05 +03:00
  • c2e1fa41e9 refactor: rename accessGroup to userGroup Inex Code 2025-03-28 17:41:04 +03:00
  • a2d184a62c chore: Use the recent beta build of SelfPrivacy API Inex Code 2025-03-28 17:24:45 +03:00
  • cdcc40d2a7 feat: Disallow access to /internal path of API Inex Code 2025-03-28 17:23:54 +03:00
  • d902a0f3f6 feat: allow plain login to dovecot Inex Code 2025-03-28 17:23:41 +03:00
  • fa9cd82739 fix: roundcube metadata Inex Code 2025-03-28 17:21:08 +03:00
  • 2b4a9e1f90 refactor: Remove redundant subdomain form ocrerv Inex Code 2025-03-28 17:19:36 +03:00
  • aedc1a4297 fix: Nextcloud metadata Inex Code 2025-03-28 17:18:16 +03:00
  • c528ea129f feat: Add SSO field to Forgeo SP mdoule metadata Inex Code 2025-03-28 17:16:01 +03:00
  • 3144e384a6 fix: Forgejo metadata Inex Code 2025-03-28 17:15:20 +03:00
  • d08a5e1ba3 fix: Mark 'idm_all_persons' as a known group for provisioning Inex Code 2025-03-28 17:09:01 +03:00
  • e79af804f1 feat: Allow services to communicate with Kanidm even when there is no DNS record yet Inex Code 2025-03-28 17:08:37 +03:00
  • b571449efe refactor: Disable SSH login using password Inex Code 2025-03-28 17:08:09 +03:00
  • 2ee27353da auth,forgejo: fix originLanding Alexander Tomokhov 2025-03-26 15:59:23 +04:00
  • 3f95b80c3c auth module: add originLanding option Alexander Tomokhov 2025-03-26 15:57:59 +04:00
  • 838b5dc204 auth: add missing nixpkgs-2411 input to flake.lock Alexander Tomokhov 2025-03-26 14:58:02 +04:00
  • 8013f2e394 auth: module for easier integration of new services with Kanidm Alexander Tomokhov 2025-03-16 19:51:18 +04:00
  • 381468ad16 fix: disable root login using password nhnn 2025-03-20 12:48:41 +03:00
  • 403c4b31b1 refact: auth: variable for generated keys path in auth.nix Alexander Tomokhov 2025-03-16 19:50:41 +04:00
  • 6d0271a9fe fix: Ecxlude DeSEC from dns propagation check exceptions Inex Code 2025-02-13 06:16:05 +03:00
  • c49a93bf9c auth: generate kanidm API token for selfprivacy in /run/keys/... Alexander Tomokhov 2025-02-12 15:50:15 +04:00
  • 1ff180ad1a add assertions: selfprivacy.sso.enable -> modules.*.enableSso Alexander Tomokhov 2025-02-03 01:51:19 +04:00
  • 331fa63b33 add options: selfprivacy.sso.enable && selfprivacy.sso.debug Alexander Tomokhov 2025-02-03 01:35:21 +04:00
  • 65548a1e73 SP modules do not depend on selfprivacy.modules.auth Alexander Tomokhov 2025-02-03 02:03:20 +04:00
  • ea443d2150 gitea,nextcloud,roundcube,mailserver: depend on kanidm systemd service Alexander Tomokhov 2025-02-03 01:04:19 +04:00
  • ee2e404eb8 passthru.selfprivacy -> selfprivacy.passthru Alexander Tomokhov 2025-02-03 00:57:08 +04:00
  • 365e01a4e3 fix selfprivacy.passthru: allow any types Alexander Tomokhov 2025-02-03 00:56:12 +04:00
  • 29d1759186 merge auth SP module into main configuration; add enableSso option Alexander Tomokhov 2025-01-29 18:17:17 +04:00
  • 3a8a3dfc95 fix auth meta: add meta to flake.nix and icon.svg Alexander Tomokhov 2025-02-01 18:36:01 +04:00
  • 70a946cc66 auth: add meta to all options Alexander Tomokhov 2025-01-31 14:37:58 +04:00
  • 4c6228d694 roundcube & mailserver: fix oauth: mailserver is an OAuth secret donor Alexander Tomokhov 2025-01-31 14:31:09 +04:00
  • 89e7145a01 auth: replace useless oauth2-introspection-url with prefix/postfix parts Alexander Tomokhov 2025-01-31 14:26:55 +04:00
  • f1d2119f62 define selfprivacy.passthru option (type = types.submodule) Alexander Tomokhov 2025-01-31 14:24:05 +04:00
  • 67a943c829 fix roundcube: ['oauth_client_secret'] = file_get_contents... Alexander Tomokhov 2025-01-29 14:30:18 +04:00
  • 857d6729ef fix nextcloud when sp.modules.auth.enable is true Alexander Tomokhov 2025-01-29 13:21:36 +04:00
  • 2cc5743152 fix sp-modules: configPathsNeeded, requiring passthru.selfprivacy.auth Alexander Tomokhov 2025-01-29 12:53:32 +04:00
  • 2ed4cc0dee passthru.selfprivacy.auth.admins-group = "sp.admins" Alexander Tomokhov 2025-01-25 23:20:00 +04:00
  • d008fbcc17 auth: sp.full_users group Alexander Tomokhov 2025-01-25 01:24:28 +04:00
  • d8d1a1e86f fix mailserver: evaluate without auth module Alexander Tomokhov 2025-01-25 01:08:41 +04:00
  • 0c7a8d51b0 fix gitea,nextcloud,roundcube: evaluate without auth module Alexander Tomokhov 2025-01-24 16:27:48 +04:00
  • f795bc977f fix auth: config.selfprivacy.modules.auth.enable or false Alexander Tomokhov 2025-01-17 15:53:21 +04:00
  • f43ec2686d fix nextcloud: get rid of extra user_ldap configs; other fixes Alexander Tomokhov 2025-01-17 15:04:08 +04:00
  • 56fe5690c1 fix roundcube: OAuth secret, ExecStartPost ignore failure Alexander Tomokhov 2025-01-15 18:03:19 +04:00
  • 89d788aab2 fix nextcloud: OAuth secret, ExecStartPost ignore failure Alexander Tomokhov 2025-01-15 15:15:46 +04:00
  • 5cb3be9a36 fix forgejo: OAuth secret, ExecStartPost ignore failure, subdomain Alexander Tomokhov 2025-01-15 14:57:23 +04:00
  • ed10508ed9 auth: create sp.selfprivacy-api.service-account Alexander Tomokhov 2025-01-15 14:53:58 +04:00
  • 0e7b113ce0 fix(nextcloud): user_oidc mapping-uid is preferred_username Alexander Tomokhov 2025-01-10 20:39:07 +04:00
  • bf8fb31065 chore(mailserver): less hardcode Alexander Tomokhov 2024-12-30 05:44:47 +04:00
  • 041479a48b fix(auth,forgejo): recognize admins Alexander Tomokhov 2024-12-30 05:13:28 +04:00
  • 153e1c12d5 feat(auth,nextcloud): OAuth2 and LDAP integration Alexander Tomokhov 2024-12-30 04:22:50 +04:00
  • a45cf792e5 fix(auth): rename oauth2-provider-name Alexander Tomokhov 2024-12-30 00:39:08 +04:00
  • 8db13dfccf feat auth,forgejo: OAuth2 and LDAP integration Alexander Tomokhov 2024-12-29 02:21:57 +04:00
  • 7f9f7a4db2 fix auth: sp.{service}.admins groups provisioning Alexander Tomokhov 2024-12-29 02:20:54 +04:00
  • bc8f998176 fix(auth): debug and enable options Alexander Tomokhov 2024-12-28 20:52:50 +04:00
  • dd4a356ae7 feat(auth,roundcube): sp.roundcube.admins inherits sp.roundcube.users Alexander Tomokhov 2024-12-27 08:07:45 +04:00
  • c127145425 feat(auth,roundcube): members of sp.admins group become admins Alexander Tomokhov 2024-12-27 07:49:31 +04:00
  • 69c69dfb46 chore dovecot&postfix: rename nix files, disable debug Alexander Tomokhov 2024-12-27 07:46:36 +04:00
  • f07b867af2 security: harden some SP modules NixOS config evaluation permissions Alexander Tomokhov 2024-12-26 18:42:41 +04:00
  • 3a904f599e chore: restructure LDAP related nix files Alexander Tomokhov 2024-12-26 18:27:25 +04:00
  • 5d76f456c1 auth: ldap-dovecot.nix, clean code Alexander Tomokhov 2024-12-20 18:41:07 +04:00
  • ad6d3d6970 WIP: LDAP: Dovecot&Postfix works, but Postfix sends to 25 port Alexander Tomokhov 2024-12-20 16:13:59 +04:00
  • b5de64105c kanidm 1.4.0 Alexander Tomokhov 2024-11-05 23:02:01 +04:00
  • f388e18ef0 minimal kanidm setup Alexander Tomokhov 2024-11-01 21:26:34 +04:00