SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git synced 2025-03-12 17:03:49 +00:00
Code Issues Projects Releases Wiki Activity
383 commits 33 branches 0 tags 1.3 MiB
Commit graph

120 commits

Author SHA1 Message Date
Alexander Tomokhov
1ff180ad1a add assertions: selfprivacy.sso.enable -> modules.*.enableSso 2025-02-03 02:17:54 +04:00
Alexander Tomokhov
331fa63b33 add options: selfprivacy.sso.enable && selfprivacy.sso.debug 
selfprivacy.sso.enable is true by default.
 2025-02-03 02:17:54 +04:00
Alexander Tomokhov
65548a1e73 SP modules do not depend on selfprivacy.modules.auth 2025-02-03 02:05:05 +04:00
Alexander Tomokhov
ea443d2150 gitea,nextcloud,roundcube,mailserver: depend on kanidm systemd service 2025-02-03 01:05:48 +04:00
Alexander Tomokhov
ee2e404eb8 passthru.selfprivacy -> selfprivacy.passthru 2025-02-03 01:05:48 +04:00
Alexander Tomokhov
29d1759186 merge auth SP module into main configuration; add enableSso option 
`enableSso` is being added to the following SP modules:
* gitea (forgejo)
* nextcloud
* roundcube
* simple-nixos-mailserver
 2025-02-03 00:10:05 +04:00
Alexander Tomokhov
3a8a3dfc95 fix auth meta: add meta to flake.nix and icon.svg 2025-02-01 18:36:01 +04:00
Alexander Tomokhov
70a946cc66 auth: add meta to all options 2025-01-31 14:37:58 +04:00
Alexander Tomokhov
4c6228d694 roundcube & mailserver: fix oauth: mailserver is an OAuth secret donor 
Both of them use the same client ID and client secret, but Roundcube
depends on mailserver generally, so mailserver is the one to share OAuth
client id and secret.
 2025-01-31 14:31:58 +04:00
Alexander Tomokhov
89e7145a01 auth: replace useless oauth2-introspection-url with prefix/postfix parts 
oauth2-introspection-url is useless, because it would contain OAuth
client secret right in the URL. OAuth clients contruct URLs on its own.
 2025-01-31 14:26:58 +04:00
Alexander Tomokhov
67a943c829 fix roundcube: ['oauth_client_secret'] = file_get_contents... 2025-01-29 14:30:18 +04:00
Alexander Tomokhov
857d6729ef fix nextcloud when sp.modules.auth.enable is true 2025-01-29 13:21:36 +04:00
Alexander Tomokhov
2cc5743152 fix sp-modules: configPathsNeeded, requiring passthru.selfprivacy.auth 2025-01-29 12:53:44 +04:00
Alexander Tomokhov
2ed4cc0dee passthru.selfprivacy.auth.admins-group = "sp.admins" 2025-01-25 23:20:00 +04:00
Alexander Tomokhov
d008fbcc17 auth: sp.full_users group 2025-01-25 01:24:28 +04:00
Alexander Tomokhov
d8d1a1e86f fix mailserver: evaluate without auth module 2025-01-25 01:08:41 +04:00
Alexander Tomokhov
0c7a8d51b0 fix gitea,nextcloud,roundcube: evaluate without auth module 2025-01-24 16:27:48 +04:00
Alexander Tomokhov
f795bc977f fix auth: config.selfprivacy.modules.auth.enable or false 2025-01-17 16:12:22 +04:00
Alexander Tomokhov
f43ec2686d fix nextcloud: get rid of extra user_ldap configs; other fixes 2025-01-17 16:10:40 +04:00
Alexander Tomokhov
56fe5690c1 fix roundcube: OAuth secret, ExecStartPost ignore failure 2025-01-17 16:10:40 +04:00
Alexander Tomokhov
89d788aab2 fix nextcloud: OAuth secret, ExecStartPost ignore failure 2025-01-17 16:10:38 +04:00
Alexander Tomokhov
5cb3be9a36 fix forgejo: OAuth secret, ExecStartPost ignore failure, subdomain 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
ed10508ed9 auth: create sp.selfprivacy-api.service-account 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
0e7b113ce0 fix(nextcloud): user_oidc mapping-uid is preferred_username 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
bf8fb31065 chore(mailserver): less hardcode 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
041479a48b fix(auth,forgejo): recognize admins 2025-01-17 16:09:25 +04:00
Alexander Tomokhov
153e1c12d5 feat(auth,nextcloud): OAuth2 and LDAP integration 2025-01-17 16:09:22 +04:00
Alexander Tomokhov
a45cf792e5 fix(auth): rename oauth2-provider-name 2025-01-17 15:58:51 +04:00
Alexander Tomokhov
8db13dfccf feat auth,forgejo: OAuth2 and LDAP integration 2025-01-17 15:58:49 +04:00
Alexander Tomokhov
7f9f7a4db2 fix auth: sp.{service}.admins groups provisioning 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
bc8f998176 fix(auth): debug and enable options 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
dd4a356ae7 feat(auth,roundcube): sp.roundcube.admins inherits sp.roundcube.users 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
c127145425 feat(auth,roundcube): members of sp.admins group become admins 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
69c69dfb46 chore dovecot&postfix: rename nix files, disable debug 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
f07b867af2 security: harden some SP modules NixOS config evaluation permissions 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
3a904f599e chore: restructure LDAP related nix files 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
5d76f456c1 auth: ldap-dovecot.nix, clean code 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
ad6d3d6970 WIP: LDAP: Dovecot&Postfix works, but Postfix sends to 25 port 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
b5de64105c kanidm 1.4.0 2025-01-17 15:56:47 +04:00
Alexander Tomokhov
f388e18ef0 minimal kanidm setup 
Only Roundcube and Dovecot communicate with Kanidm.
 2025-01-17 15:56:47 +04:00
Inex Code
5bc89e3359
fix: Missing nix input 2024-12-26 11:07:00 +03:00
Inex Code
0a698cebe5
fix: Ensure mumble's folder ownership 2024-12-26 11:04:43 +03:00
Inex Code
a4d2c06c64
refactor: Even clearer naming for the manifest version 2024-12-24 21:07:29 +03:00
Inex Code
a13a9fe839
refactor: Clearer naming for the manifest version 2024-12-24 20:55:19 +03:00
Inex Code
486b338069
fix: Back up Roundcube database 2024-12-24 20:46:05 +03:00
Inex Code
e348a491b0
feat: PostgreSQL migration 2024-12-24 20:44:41 +03:00
Inex Code
cca51699ee
feat: Dynamic templating 2024-12-24 20:40:45 +03:00
Alan Urmancheev
d830288068 feat: NextCloud: add the enableImagemagick option 2024-11-29 17:38:03 +04:00
Inex Code
f8723bf4f9 fix: Allow JitsiMeet to build 2024-10-02 16:36:42 +03:00
Inex Code
4b6807d78f chore: Update Nextcloud 2024-10-02 16:18:57 +03:00