xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

massicot: fix strict redirect url matching enforced by kanidm 1.4.0

Browse source
This commit is contained in:
xinyangli 2024-11-14 19:02:15 +08:00
parent 40b1e9ff23
commit 5f40031b58
Signed by: xin
SSH key fingerprint: SHA256:UU5pRTl7NiLFJbWJZa+snLylZSXIz5rgHmwjzv8v4oE
4 changed files with 59 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
flake.lock generated
View file

@ -18,16 +18,12 @@
"colmena": { "colmena": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": [ "flake-utils": "flake-utils",
"flake-utils"
],
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"stable": [ "stable": "stable"
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1731527002, "lastModified": 1731527002,
@ -152,6 +148,21 @@
} }
}, },
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
}, },
@ -169,7 +180,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
}, },
@ -502,11 +513,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1731570228, "lastModified": 1731581203,
"narHash": "sha256-mLuo8lZViwYdQQkA+hs6kTCPzAw1VR6O0jtXS1eC+Yc=", "narHash": "sha256-HQptSjjAO++AEsXbF6iQowqi8ZNf6EcOvDdW+deHTn0=",
"owner": "xinyangli", "owner": "xinyangli",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8cb7e7a9ead084be01f290e26602f40815ea36fe", "rev": "6dd93cda0500329e9aaff1ce03c020724235073f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -544,11 +555,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1731569820, "lastModified": 1731575915,
"narHash": "sha256-5i2hiBMnhqLVXpnmPwvLJKB5Tn816Z+9UmC5EcL2av4=", "narHash": "sha256-nSbj83pXsHXUkd/bqc2hlCFhn4b580R4yKgPLURdq5Q=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "6e804f7059440328e36f002f6eead1fd9b8eef43", "rev": "3f6157ceb966a93bf67c669780cde85e53b8d484",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -559,7 +570,7 @@
}, },
"nuschtosSearch": { "nuschtosSearch": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"ixx": "ixx", "ixx": "ixx",
"nixpkgs": [ "nixpkgs": [
"my-nixvim", "my-nixvim",
@ -585,7 +596,7 @@
"inputs": { "inputs": {
"catppuccin": "catppuccin", "catppuccin": "catppuccin",
"colmena": "colmena", "colmena": "colmena",
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"home-manager": "home-manager", "home-manager": "home-manager",
"my-nixvim": "my-nixvim", "my-nixvim": "my-nixvim",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
@ -618,6 +629,22 @@
"type": "github" "type": "github"
} }
}, },
"stable": {
"locked": {
"lastModified": 1730883749,
"narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

4
flake.nix
View file

@ -34,9 +34,7 @@
colmena = { colmena = {
url = "github:zhaofengli/colmena"; url = "github:zhaofengli/colmena";
inputs.stable.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
}; };
nix-index-database = { nix-index-database = {
@ -264,7 +262,7 @@
packages = with pkgs; [ packages = with pkgs; [
nix nix
git git
colmena inputs.colmena.packages.${system}.colmena
sops sops
nix-output-monitor nix-output-monitor
nil nil

4
machines/massicot/default.nix
View file

@ -54,6 +54,10 @@
git git
]; ];
# Disable docs on servers
documentation.nixos.enable = false;
documentation.man.enable = false;
system.stateVersion = "22.11"; system.stateVersion = "22.11";
networking = { networking = {

23
machines/massicot/kanidm-provision.nix
View file

@ -73,8 +73,8 @@
systems.oauth2 = { systems.oauth2 = {
forgejo = { forgejo = {
displayName = "ForgeJo"; displayName = "ForgeJo";
originUrl = "https://git.xinyang.life/"; originUrl = "https://git.xinyang.life/user/oauth2/kanidm/callback";
originLanding = "https://git.xinyang.life/user/oauth2/kandim"; originLanding = "https://git.xinyang.life/user/oauth2/kanidm";
allowInsecureClientDisablePkce = true; allowInsecureClientDisablePkce = true;
scopeMaps = { scopeMaps = {
forgejo-access = [ forgejo-access = [
@ -96,8 +96,8 @@
}; };
gts = { gts = {
displayName = "GoToSocial"; displayName = "GoToSocial";
originUrl = "https://xinyang.life/"; originUrl = "https://xinyang.life/auth/callback";
originLanding = "https://xinyang.life/"; originLanding = "https://xinyang.life/auth/callback";
allowInsecureClientDisablePkce = true; allowInsecureClientDisablePkce = true;
scopeMaps = { scopeMaps = {
gts-users = [ gts-users = [
@ -133,7 +133,7 @@
hedgedoc = { hedgedoc = {
displayName = "HedgeDoc"; displayName = "HedgeDoc";
originUrl = "https://docs.xinyang.life/"; originUrl = "https://docs.xinyang.life/auth/oauth2/callback";
originLanding = "https://docs.xinyang.life/auth/oauth2"; originLanding = "https://docs.xinyang.life/auth/oauth2";
allowInsecureClientDisablePkce = true; allowInsecureClientDisablePkce = true;
scopeMaps = { scopeMaps = {
@ -147,9 +147,9 @@
immich = { immich = {
displayName = "Immich"; displayName = "Immich";
originUrl = [ originUrl = [
"https://immich.xinyang.life:8000/api/oauth/mobile-redirect/" "https://immich.xinyang.life:8000/api/oauth/mobile-redirect"
"https://immich.xinyang.life:8000/auth/login/" "https://immich.xinyang.life:8000/auth/login"
"https://immich.xinyang.life:8000/user-settings/" "https://immich.xinyang.life:8000/user-settings"
]; ];
originLanding = "https://immich.xinyang.life:8000/auth/login?autoLaunch=0"; originLanding = "https://immich.xinyang.life:8000/auth/login?autoLaunch=0";
allowInsecureClientDisablePkce = true; allowInsecureClientDisablePkce = true;
@ -163,8 +163,9 @@
}; };
miniflux = { miniflux = {
displayName = "Miniflux"; displayName = "Miniflux";
originUrl = "https://rss.xinyang.life/"; originUrl = "https://rss.xinyang.life/oauth2/oidc/callback";
originLanding = "https://rss.xinyang.life/";
originLanding = "https://rss.xinyang.life/oauth2/oidc/redirect";
scopeMaps = { scopeMaps = {
miniflux-users = [ miniflux-users = [
"openid" "openid"
@ -175,7 +176,7 @@
}; };
grafana = { grafana = {
displayName = "Grafana"; displayName = "Grafana";
originUrl = "https://grafana.xinyang.life/"; originUrl = "https://grafana.xinyang.life/login/generic_oauth";
originLanding = "https://grafana.xinyang.life/"; originLanding = "https://grafana.xinyang.life/";
scopeMaps = { scopeMaps = {
grafana-users = [ grafana-users = [