SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git synced 2025-03-12 17:03:49 +00:00
Code Issues Projects Releases Wiki Activity

auth: sp.full_users group

Browse source
This commit is contained in:
Alexander Tomokhov 2025-01-25 01:24:28 +04:00
parent d8d1a1e86f
commit d008fbcc17
4 changed files with 9 additions and 3 deletions
sp-modules
auth
module.nix
gitea
module.nix
nextcloud
module.nix
roundcube
module.nix

3
sp-modules/auth/module.nix
View file

@ -98,6 +98,7 @@ in
enable = true;
autoRemove = true; # if false, obsolete oauth2 scopeMaps remain
groups."sp.admins".present = true;
groups.${passthru.full-users-group}.present = true;
};
enableClient = true;
clientSettings = {
@ -184,6 +185,8 @@ in
(lib.strings.splitString "." domain);
ldap-host = "127.0.0.1";
ldap-port = 3636;
full-users-group = "sp.full_users";
};
};
}

3
sp-modules/gitea/module.nix
View file

@ -414,7 +414,8 @@ in
services.kanidm.provision = {
groups = {
"${admins-group}".members = [ "sp.admins" ];
"${users-group}".members = [ admins-group ];
"${users-group}".members =
[ admins-group auth-passthru.full-users-group ];
};
systems.oauth2.forgejo = {
displayName = "Forgejo";

3
sp-modules/nextcloud/module.nix
View file

@ -383,7 +383,8 @@ in
services.kanidm.provision = {
groups = {
"${admins-group}".members = [ "sp.admins" ];
"${users-group}".members = [ admins-group ];
"${users-group}".members =
[ admins-group auth-passthru.full-users-group ];
};
systems.oauth2.${oauth-client-id} = {
displayName = "Nextcloud";

3
sp-modules/roundcube/module.nix
View file

@ -102,7 +102,8 @@ in
services.kanidm.provision = {
groups = {
"sp.roundcube.admins".members = [ "sp.admins" ];
"sp.roundcube.users".members = [ "sp.roundcube.admins" ];
"sp.roundcube.users".members =
[ "sp.roundcube.admins" auth-passthru.full-users-group ];
};
systems.oauth2.roundcube = {
displayName = "Roundcube";