Compare commits
2 commits
9bba502b46
...
86c239d44c
Author | SHA1 | Date | |
---|---|---|---|
b12f | 86c239d44c | ||
b12f | 760d6e3458 |
|
@ -7,6 +7,7 @@
|
||||||
|
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
|
./email.nix
|
||||||
#./backups.nix
|
#./backups.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
45
hosts/metronom/email.nix
Normal file
45
hosts/metronom/email.nix
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{ config, flake, ... }: {
|
||||||
|
age.secrets.mail-hensoko.file = "${flake.self}/secrets/mail/hensoko.age";
|
||||||
|
age.secrets.mail-teutat3s.file = "${flake.self}/secrets/mail/teutat3s.age";
|
||||||
|
age.secrets.mail-admins.file = "${flake.self}/secrets/mail/admins.age";
|
||||||
|
age.secrets.mail-bot.file = "${flake.self}/secrets/mail/bot.age";
|
||||||
|
age.secrets.mail-crew.file = "${flake.self}/secrets/mail/crew.age";
|
||||||
|
age.secrets.mail-erpnext.file = "${flake.self}/secrets/mail/erpnext.age";
|
||||||
|
age.secrets.mail-hakkonaut.file = "${flake.self}/secrets/mail/hakkonaut.age";
|
||||||
|
|
||||||
|
mailserver = {
|
||||||
|
# A list of all login accounts. To create the password hashes, use
|
||||||
|
# nix-shell -p mkpasswd --run 'mkpasswd -R11 -m bcrypt'
|
||||||
|
loginAccounts = {
|
||||||
|
"admins@${config.pub-solar-os.networking.domain}" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-admins.path;
|
||||||
|
};
|
||||||
|
"hakkonaut@${config.pub-solar-os.networking.domain}" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-hakkonaut.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
"hensoko@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-hensoko.path;
|
||||||
|
quota = "2G";
|
||||||
|
};
|
||||||
|
"teutat3s@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-teutat3s.path;
|
||||||
|
quota = "2G";
|
||||||
|
};
|
||||||
|
"bot@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-bot.path;
|
||||||
|
quota = "2G";
|
||||||
|
aliases = [ "hackernews-bot@pub.solar" ];
|
||||||
|
};
|
||||||
|
"crew@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-crew.path;
|
||||||
|
quota = "2G";
|
||||||
|
aliases = [ "moderation@pub.solar" ];
|
||||||
|
};
|
||||||
|
"erpnext@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-erpnext.path;
|
||||||
|
quota = "2G";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,53 +0,0 @@
|
||||||
{ flake, lib, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./backups.nix
|
|
||||||
./apps/nginx.nix
|
|
||||||
|
|
||||||
./apps/collabora.nix
|
|
||||||
./apps/coturn.nix
|
|
||||||
./apps/forgejo.nix
|
|
||||||
./apps/keycloak.nix
|
|
||||||
./apps/mailman.nix
|
|
||||||
./apps/mastodon.nix
|
|
||||||
./apps/mediawiki.nix
|
|
||||||
./apps/nextcloud.nix
|
|
||||||
./apps/nginx-mastodon.nix
|
|
||||||
./apps/nginx-mastodon-files.nix
|
|
||||||
./apps/nginx-prometheus-exporters.nix
|
|
||||||
./apps/nginx-website.nix
|
|
||||||
./apps/nginx-website-miom.nix
|
|
||||||
./apps/opensearch.nix
|
|
||||||
./apps/owncast.nix
|
|
||||||
./apps/postgresql.nix
|
|
||||||
./apps/prometheus-exporters.nix
|
|
||||||
./apps/promtail.nix
|
|
||||||
./apps/searx.nix
|
|
||||||
./apps/tmate.nix
|
|
||||||
|
|
||||||
./apps/matrix/irc.nix
|
|
||||||
./apps/matrix/mautrix-telegram.nix
|
|
||||||
./apps/matrix/synapse.nix
|
|
||||||
./apps/nginx-matrix.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
|
|
||||||
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
||||||
security.acme.preliminarySelfsigned = true;
|
|
||||||
|
|
||||||
networking.useDHCP = true;
|
|
||||||
networking.interfaces."enp35s0".ipv4.addresses = [
|
|
||||||
{
|
|
||||||
address = "10.0.0.1";
|
|
||||||
prefixLength = 26;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
networking.interfaces."enp35s0".ipv6.addresses = [
|
|
||||||
{
|
|
||||||
address = "2a01:4f8:172:1c25::1";
|
|
||||||
prefixLength = 64;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,62 +1,28 @@
|
||||||
{ config, flake, ... }:
|
{ config, ... }: {
|
||||||
|
|
||||||
{
|
|
||||||
age.secrets.mail-hensoko.file = "${flake.self}/secrets/mail/hensoko.age";
|
|
||||||
age.secrets.mail-teutat3s.file = "${flake.self}/secrets/mail/teutat3s.age";
|
|
||||||
age.secrets.mail-admins.file = "${flake.self}/secrets/mail/admins.age";
|
|
||||||
age.secrets.mail-bot.file = "${flake.self}/secrets/mail/bot.age";
|
|
||||||
age.secrets.mail-crew.file = "${flake.self}/secrets/mail/crew.age";
|
|
||||||
age.secrets.mail-erpnext.file = "${flake.self}/secrets/mail/erpnext.age";
|
|
||||||
age.secrets.mail-hakkonaut.file = "${flake.self}/secrets/mail/hakkonaut.age";
|
|
||||||
|
|
||||||
mailserver = {
|
mailserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = "mail.pub.solar";
|
fqdn = "mail.${config.pub-solar-os.networking.domain}";
|
||||||
domains = [ "pub.solar" ];
|
domains = [ config.pub-solar-os.networking.domain ];
|
||||||
|
|
||||||
# A list of all login accounts. To create the password hashes, use
|
# A list of all login accounts. To create the password hashes, use
|
||||||
# nix-shell -p mkpasswd --run 'mkpasswd -R11 -m bcrypt'
|
# nix-shell -p mkpasswd --run 'mkpasswd -R11 -m bcrypt'
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"hensoko@pub.solar" = {
|
"admins@${config.pub-solar-os.networking.domain}" = {
|
||||||
hashedPasswordFile = config.age.secrets.mail-hensoko.path;
|
|
||||||
quota = "2G";
|
|
||||||
};
|
|
||||||
"teutat3s@pub.solar" = {
|
|
||||||
hashedPasswordFile = config.age.secrets.mail-teutat3s.path;
|
|
||||||
quota = "2G";
|
|
||||||
};
|
|
||||||
"admins@pub.solar" = {
|
|
||||||
hashedPasswordFile = config.age.secrets.mail-admins.path;
|
|
||||||
quota = "2G";
|
quota = "2G";
|
||||||
aliases = [
|
aliases = [
|
||||||
"abuse@pub.solar"
|
"abuse@${config.pub-solar-os.networking.domain}"
|
||||||
"alerts@pub.solar"
|
"alerts@${config.pub-solar-os.networking.domain}"
|
||||||
"forgejo@pub.solar"
|
"forgejo@${config.pub-solar-os.networking.domain}"
|
||||||
"keycloak@pub.solar"
|
"keycloak@${config.pub-solar-os.networking.domain}"
|
||||||
"mastodon-notifications@pub.solar"
|
"mastodon-notifications@${config.pub-solar-os.networking.domain}"
|
||||||
"matrix@pub.solar"
|
"matrix@${config.pub-solar-os.networking.domain}"
|
||||||
"postmaster@pub.solar"
|
"postmaster@${config.pub-solar-os.networking.domain}"
|
||||||
"nextcloud@pub.solar"
|
"nextcloud@${config.pub-solar-os.networking.domain}"
|
||||||
"no-reply@pub.solar"
|
"no-reply@${config.pub-solar-os.networking.domain}"
|
||||||
"security@pub.solar"
|
"security@${config.pub-solar-os.networking.domain}"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
"bot@pub.solar" = {
|
"hakkonaut@${config.pub-solar-os.networking.domain}" = {
|
||||||
hashedPasswordFile = config.age.secrets.mail-bot.path;
|
|
||||||
quota = "2G";
|
|
||||||
aliases = [ "hackernews-bot@pub.solar" ];
|
|
||||||
};
|
|
||||||
"crew@pub.solar" = {
|
|
||||||
hashedPasswordFile = config.age.secrets.mail-crew.path;
|
|
||||||
quota = "2G";
|
|
||||||
aliases = [ "moderation@pub.solar" ];
|
|
||||||
};
|
|
||||||
"erpnext@pub.solar" = {
|
|
||||||
hashedPasswordFile = config.age.secrets.mail-erpnext.path;
|
|
||||||
quota = "2G";
|
|
||||||
};
|
|
||||||
"hakkonaut@pub.solar" = {
|
|
||||||
hashedPasswordFile = config.age.secrets.mail-hakkonaut.path;
|
|
||||||
quota = "2G";
|
quota = "2G";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -66,5 +32,5 @@
|
||||||
certificateScheme = "acme-nginx";
|
certificateScheme = "acme-nginx";
|
||||||
};
|
};
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
security.acme.defaults.email = "security@pub.solar";
|
security.acme.defaults.email = "security@${config.pub-solar-os.networking.domain}";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
self,
|
self,
|
||||||
|
system,
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
|
@ -20,21 +21,10 @@ in
|
||||||
node.specialArgs = self.outputs.nixosConfigurations.nachtigall._module.specialArgs;
|
node.specialArgs = self.outputs.nixosConfigurations.nachtigall._module.specialArgs;
|
||||||
|
|
||||||
nodes = {
|
nodes = {
|
||||||
acme-server = {
|
dns-server.imports = [ ./support/dns-server.nix ];
|
||||||
imports = [
|
acme-server.imports = [ ./support/acme-server.nix ];
|
||||||
self.nixosModules.home-manager
|
mail-server.imports = [ ./support/mail-server.nix ];
|
||||||
self.nixosModules.core
|
client.imports = [ ./support/client.nix ];
|
||||||
./support/ca.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
client = {
|
|
||||||
imports = [
|
|
||||||
self.nixosModules.home-manager
|
|
||||||
self.nixosModules.core
|
|
||||||
./support/client.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
nachtigall = {
|
nachtigall = {
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -57,63 +47,30 @@ in
|
||||||
database-password-file = "/tmp/dbf";
|
database-password-file = "/tmp/dbf";
|
||||||
};
|
};
|
||||||
services.keycloak.database.createLocally = true;
|
services.keycloak.database.createLocally = true;
|
||||||
|
services.keycloak.initialAdminPassword = "password";
|
||||||
networking.interfaces.eth0.ipv4.addresses = [
|
|
||||||
{
|
|
||||||
address = "192.168.1.3";
|
|
||||||
prefixLength = 32;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
testScript =
|
testScript = { ... }: ''
|
||||||
{ ... }: ''
|
|
||||||
def puppeteer_run(cmd):
|
def puppeteer_run(cmd):
|
||||||
client.succeed(f'puppeteer-run \'{cmd}\' ')
|
client.succeed(f'puppeteer-run \'{cmd}\' ')
|
||||||
|
|
||||||
start_all()
|
start_all()
|
||||||
|
|
||||||
|
acme_server.wait_for_unit("system.slice")
|
||||||
|
mail_server.wait_for_unit("dovecot2.service")
|
||||||
|
mail_server.wait_for_unit("postfix.service")
|
||||||
nachtigall.wait_for_unit("system.slice")
|
nachtigall.wait_for_unit("system.slice")
|
||||||
nachtigall.succeed("ping 127.0.0.1 -c 2")
|
nachtigall.succeed("ping 127.0.0.1 -c 2")
|
||||||
nachtigall.wait_for_unit("nginx.service")
|
nachtigall.wait_for_unit("nginx.service")
|
||||||
|
|
||||||
nachtigall.systemctl("stop keycloak.service")
|
|
||||||
nachtigall.wait_until_succeeds("if (($(ps aux | grep 'Dkc.home.dir=/run/keycloak' | grep -v grep | wc -l) == 0)); then true; else false; fi")
|
|
||||||
nachtigall.succeed("${pkgs.keycloak}/bin/kc.sh --verbose import --optimized --file=${realm-export}")
|
|
||||||
nachtigall.systemctl("start keycloak.service")
|
|
||||||
nachtigall.sleep(30)
|
|
||||||
nachtigall.wait_until_succeeds("curl http://127.0.0.1:8080/")
|
nachtigall.wait_until_succeeds("curl http://127.0.0.1:8080/")
|
||||||
nachtigall.wait_until_succeeds("curl https://auth.test.pub.solar/")
|
nachtigall.wait_until_succeeds("curl https://auth.test.pub.solar/")
|
||||||
|
nachtigall.succeed("${pkgs.keycloak}/bin/kcadm.sh create realms -f ${realm-export} --server http://localhost:8080 --realm master --user admin --password password --no-config")
|
||||||
|
|
||||||
client.wait_for_unit("system.slice")
|
client.wait_for_unit("system.slice")
|
||||||
client.wait_for_file("/tmp/puppeteer.sock")
|
client.wait_for_file("/tmp/puppeteer.sock")
|
||||||
|
|
||||||
puppeteer_run('page.goto("https://auth.test.pub.solar/admin/master/console")')
|
|
||||||
puppeteer_run('page.waitForNetworkIdle()')
|
|
||||||
client.screenshot("admin-initial")
|
|
||||||
puppeteer_run('page.locator("[name=username]").fill("admin")')
|
|
||||||
puppeteer_run('page.locator("::-p-text(Sign In)").click()')
|
|
||||||
puppeteer_run('page.waitForNetworkIdle()')
|
|
||||||
client.screenshot("admin-password")
|
|
||||||
puppeteer_run('page.locator("[name=password]").fill("password")')
|
|
||||||
puppeteer_run('page.locator("::-p-text(Sign In)").click()')
|
|
||||||
puppeteer_run('page.waitForNetworkIdle()')
|
|
||||||
client.screenshot("admin-login")
|
|
||||||
puppeteer_run('page.locator("::-p-text(Realm settings)").click()')
|
|
||||||
puppeteer_run('page.waitForNetworkIdle()')
|
|
||||||
client.screenshot("admin-theme")
|
|
||||||
puppeteer_run('page.locator("::-p-text(Themes)").click()')
|
|
||||||
puppeteer_run('page.waitForNetworkIdle()')
|
|
||||||
puppeteer_run('page.locator("#kc-login-theme").click()')
|
|
||||||
client.screenshot("admin-theme-changed")
|
|
||||||
puppeteer_run('page.locator("li button::-p-text(pub.solar)").click()')
|
|
||||||
puppeteer_run('page.locator("::-p-text(Save)").click()')
|
|
||||||
puppeteer_run('page.waitForNetworkIdle()')
|
|
||||||
client.screenshot("admin-theme-saved")
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
puppeteer_run('page.goto("https://auth.test.pub.solar")')
|
puppeteer_run('page.goto("https://auth.test.pub.solar")')
|
||||||
puppeteer_run('page.waitForNetworkIdle()')
|
puppeteer_run('page.waitForNetworkIdle()')
|
||||||
client.screenshot("initial")
|
client.screenshot("initial")
|
||||||
|
@ -131,5 +88,7 @@ in
|
||||||
puppeteer_run('page.locator("button::-p-text(Register)").click()')
|
puppeteer_run('page.locator("button::-p-text(Register)").click()')
|
||||||
puppeteer_run('page.waitForNetworkIdle()')
|
puppeteer_run('page.waitForNetworkIdle()')
|
||||||
client.screenshot("after-register")
|
client.screenshot("after-register")
|
||||||
|
|
||||||
|
client.succeed("offlineimap")
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,21 +1,19 @@
|
||||||
{
|
{
|
||||||
|
flake,
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
imports = [ ./global.nix ];
|
imports = [
|
||||||
|
flake.self.nixosModules.home-manager
|
||||||
|
flake.self.nixosModules.core
|
||||||
|
./global.nix
|
||||||
|
];
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [ "f /tmp/step-ca-intermediate-pw 1777 root root 10d password" ];
|
systemd.tmpfiles.rules = [ "f /tmp/step-ca-intermediate-pw 1777 root root 10d password" ];
|
||||||
|
|
||||||
networking.interfaces.eth0.ipv4.addresses = [
|
|
||||||
{
|
|
||||||
address = "192.168.1.1";
|
|
||||||
prefixLength = 32;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
services.step-ca =
|
services.step-ca =
|
||||||
let
|
let
|
||||||
certificates = pkgs.stdenv.mkDerivation {
|
certificates = pkgs.stdenv.mkDerivation {
|
|
@ -1,4 +1,5 @@
|
||||||
{
|
{
|
||||||
|
flake,
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
|
@ -9,7 +10,11 @@ let
|
||||||
puppeteer-run = (pkgs.callPackage (import ./puppeteer-socket/puppeteer-run.nix) { });
|
puppeteer-run = (pkgs.callPackage (import ./puppeteer-socket/puppeteer-run.nix) { });
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ ./global.nix ];
|
imports = [
|
||||||
|
flake.self.nixosModules.home-manager
|
||||||
|
flake.self.nixosModules.core
|
||||||
|
./global.nix
|
||||||
|
];
|
||||||
|
|
||||||
security.polkit.enable = true;
|
security.polkit.enable = true;
|
||||||
|
|
||||||
|
@ -40,12 +45,25 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
networking.interfaces.eth0.ipv4.addresses = [
|
accounts.email.accounts."test-user@${config.pub-solar-os.networking.domain}" = {
|
||||||
{
|
primary = true;
|
||||||
address = "192.168.1.2";
|
address = "test-user@${config.pub-solar-os.networking.domain}";
|
||||||
prefixLength = 32;
|
userName = "test-user@${config.pub-solar-os.networking.domain}";
|
||||||
}
|
passwordCommand = "echo password";
|
||||||
];
|
realName = "Test User";
|
||||||
|
imap = {
|
||||||
|
host = "mail.${config.pub-solar-os.networking.domain}";
|
||||||
|
port = 993;
|
||||||
|
};
|
||||||
|
smtp = {
|
||||||
|
host = "mail.${config.pub-solar-os.networking.domain}";
|
||||||
|
port = 587;
|
||||||
|
tls.useStartTls = true;
|
||||||
|
};
|
||||||
|
getmail.enable = true;
|
||||||
|
getmail.mailboxes = [ "ALL" ];
|
||||||
|
msmtp.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
70
tests/support/dns-server.nix
Normal file
70
tests/support/dns-server.nix
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
flake,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
flake.self.nixosModules.home-manager
|
||||||
|
flake.self.nixosModules.core
|
||||||
|
./global.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.nameservers = lib.mkForce [
|
||||||
|
"193.110.81.0" #dns0.eu
|
||||||
|
"2a0f:fc80::" #dns0.eu
|
||||||
|
"185.253.5.0" #dns0.eu
|
||||||
|
"2a0f:fc81::" #dns0.eu
|
||||||
|
];
|
||||||
|
|
||||||
|
services.resolved.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
networking.firewall.allowedUDPPorts = [53];
|
||||||
|
networking.firewall.allowedTCPPorts = [53];
|
||||||
|
|
||||||
|
networking.interfaces.eth1.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.1.254";
|
||||||
|
prefixLength = 32;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
services.unbound = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
interface = [
|
||||||
|
"192.168.1.254"
|
||||||
|
];
|
||||||
|
access-control = [
|
||||||
|
"0.0.0.0/0 allow"
|
||||||
|
];
|
||||||
|
local-zone = [
|
||||||
|
"\"pub.solar\" transparent"
|
||||||
|
];
|
||||||
|
local-data = [
|
||||||
|
"\"mail.${config.pub-solar-os.networking.domain}. 10800 IN CNAME mail-server\""
|
||||||
|
"\"ca.${config.pub-solar-os.networking.domain}. 10800 IN CNAME acme-server\""
|
||||||
|
"\"${config.pub-solar-os.networking.domain}. 10800 IN CNAME nachtigall\""
|
||||||
|
"\"www.${config.pub-solar-os.networking.domain}. 10800 IN CNAME nachtigall\""
|
||||||
|
"\"auth.${config.pub-solar-os.networking.domain}. 10800 IN CNAME nachtigall\""
|
||||||
|
];
|
||||||
|
|
||||||
|
tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
|
||||||
|
};
|
||||||
|
|
||||||
|
forward-zone = [
|
||||||
|
{
|
||||||
|
name = ".";
|
||||||
|
forward-addr = [
|
||||||
|
"193.110.81.0#dns0.eu"
|
||||||
|
"2a0f:fc80::#dns0.eu"
|
||||||
|
"185.253.5.0#dns0.eu"
|
||||||
|
"2a0f:fc81::#dns0.eu"
|
||||||
|
];
|
||||||
|
forward-tls-upstream = "yes";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -23,28 +23,13 @@
|
||||||
|
|
||||||
security.pam.services.sshd.allowNullPassword = true;
|
security.pam.services.sshd.allowNullPassword = true;
|
||||||
|
|
||||||
virtualisation.forwardPorts =
|
services.resolved.extraConfig = lib.mkForce ''
|
||||||
let
|
DNS=192.168.1.254
|
||||||
address = (builtins.elemAt config.networking.interfaces.eth0.ipv4.addresses 0).address;
|
Domains=~.
|
||||||
lastAddressPart = builtins.elemAt (lib.strings.splitString "." address) 3;
|
'';
|
||||||
in
|
|
||||||
[
|
|
||||||
{
|
|
||||||
from = "host";
|
|
||||||
host.port = 2000 + (lib.strings.toInt lastAddressPart);
|
|
||||||
guest.port = 22;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.interfaces.eth0.useDHCP = false;
|
environment.systemPackages = [
|
||||||
|
pkgs.dig
|
||||||
networking.hosts = {
|
|
||||||
"192.168.1.1" = [ "ca.${config.pub-solar-os.networking.domain}" ];
|
|
||||||
"192.168.1.2" = [ "client.${config.pub-solar-os.networking.domain}" ];
|
|
||||||
"192.168.1.3" = [
|
|
||||||
"${config.pub-solar-os.networking.domain}"
|
|
||||||
"www.${config.pub-solar-os.networking.domain}"
|
|
||||||
"auth.${config.pub-solar-os.networking.domain}"
|
|
||||||
];
|
];
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,4 +2,4 @@
|
||||||
|
|
||||||
1. Export realm settings from keycloak, you'll get a file called `realm-export.json`.
|
1. Export realm settings from keycloak, you'll get a file called `realm-export.json`.
|
||||||
2. Install dependencies for this package: `npm ci`
|
2. Install dependencies for this package: `npm ci`
|
||||||
3. Clean the exported file: `npm start $downloadedExportJSON > realm-export.json
|
3. Clean the exported file: `node src/index.mjs $downloadedExportJSON > realm-export.json
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"id": "8cd6ddbb-d0d3-40ff-9f1e-efdfce05fa6e",
|
"id": "8cd6ddbb-d0d3-40ff-9f1e-efdfce05fa6e",
|
||||||
"realm": "test.test.pub.solar",
|
"realm": "test.pub.solar",
|
||||||
"notBefore": 0,
|
"notBefore": 0,
|
||||||
"defaultSignatureAlgorithm": "RS256",
|
"defaultSignatureAlgorithm": "RS256",
|
||||||
"revokeRefreshToken": false,
|
"revokeRefreshToken": false,
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": "2e271b49-ed2b-4dc0-a578-47e7571a2934",
|
"id": "2e271b49-ed2b-4dc0-a578-47e7571a2934",
|
||||||
"name": "default-roles-test.test.pub.solar",
|
"name": "default-roles-test.pub.solar",
|
||||||
"description": "${role_default-roles}",
|
"description": "${role_default-roles}",
|
||||||
"composite": true,
|
"composite": true,
|
||||||
"composites": {
|
"composites": {
|
||||||
|
@ -434,7 +434,7 @@
|
||||||
"groups": [],
|
"groups": [],
|
||||||
"defaultRole": {
|
"defaultRole": {
|
||||||
"id": "2e271b49-ed2b-4dc0-a578-47e7571a2934",
|
"id": "2e271b49-ed2b-4dc0-a578-47e7571a2934",
|
||||||
"name": "default-roles-test.test.pub.solar",
|
"name": "default-roles-test.pub.solar",
|
||||||
"description": "${role_default-roles}",
|
"description": "${role_default-roles}",
|
||||||
"composite": true,
|
"composite": true,
|
||||||
"clientRole": false,
|
"clientRole": false,
|
||||||
|
@ -494,7 +494,7 @@
|
||||||
"disableableCredentialTypes": [],
|
"disableableCredentialTypes": [],
|
||||||
"requiredActions": [],
|
"requiredActions": [],
|
||||||
"realmRoles": [
|
"realmRoles": [
|
||||||
"default-roles-test.test.pub.solar"
|
"default-roles-test.pub.solar"
|
||||||
],
|
],
|
||||||
"clientRoles": {
|
"clientRoles": {
|
||||||
"realm-management": [
|
"realm-management": [
|
||||||
|
@ -533,7 +533,7 @@
|
||||||
"disableableCredentialTypes": [],
|
"disableableCredentialTypes": [],
|
||||||
"requiredActions": [],
|
"requiredActions": [],
|
||||||
"realmRoles": [
|
"realmRoles": [
|
||||||
"default-roles-test.test.pub.solar"
|
"default-roles-test.pub.solar"
|
||||||
],
|
],
|
||||||
"clientRoles": {
|
"clientRoles": {
|
||||||
"matrix": [
|
"matrix": [
|
||||||
|
@ -571,13 +571,13 @@
|
||||||
"description": "",
|
"description": "",
|
||||||
"rootUrl": "${authBaseUrl}",
|
"rootUrl": "${authBaseUrl}",
|
||||||
"adminUrl": "",
|
"adminUrl": "",
|
||||||
"baseUrl": "/realms/test.test.pub.solar/account/",
|
"baseUrl": "/realms/test.pub.solar/account/",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
"clientAuthenticatorType": "client-secret",
|
"clientAuthenticatorType": "client-secret",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"/realms/test.test.pub.solar/account/*"
|
"/realms/test.pub.solar/account/*"
|
||||||
],
|
],
|
||||||
"webOrigins": [],
|
"webOrigins": [],
|
||||||
"notBefore": 0,
|
"notBefore": 0,
|
||||||
|
@ -628,13 +628,13 @@
|
||||||
"description": "",
|
"description": "",
|
||||||
"rootUrl": "${authBaseUrl}",
|
"rootUrl": "${authBaseUrl}",
|
||||||
"adminUrl": "",
|
"adminUrl": "",
|
||||||
"baseUrl": "/realms/test.test.pub.solar/account/",
|
"baseUrl": "/realms/test.pub.solar/account/",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
"clientAuthenticatorType": "client-secret",
|
"clientAuthenticatorType": "client-secret",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"/realms/test.test.pub.solar/account/*"
|
"/realms/test.pub.solar/account/*"
|
||||||
],
|
],
|
||||||
"webOrigins": [],
|
"webOrigins": [],
|
||||||
"notBefore": 0,
|
"notBefore": 0,
|
||||||
|
@ -829,19 +829,19 @@
|
||||||
"clientId": "gitea",
|
"clientId": "gitea",
|
||||||
"name": "",
|
"name": "",
|
||||||
"description": "",
|
"description": "",
|
||||||
"rootUrl": "https://git.test.test.pub.solar",
|
"rootUrl": "https://git.test.pub.solar",
|
||||||
"adminUrl": "https://git.test.test.pub.solar",
|
"adminUrl": "https://git.test.pub.solar",
|
||||||
"baseUrl": "https://git.test.test.pub.solar",
|
"baseUrl": "https://git.test.pub.solar",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
"clientAuthenticatorType": "client-secret",
|
"clientAuthenticatorType": "client-secret",
|
||||||
"secret": "secret",
|
"secret": "secret",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"https://git.test.test.pub.solar/*"
|
"https://git.test.pub.solar/*"
|
||||||
],
|
],
|
||||||
"webOrigins": [
|
"webOrigins": [
|
||||||
"https://git.test.test.pub.solar"
|
"https://git.test.pub.solar"
|
||||||
],
|
],
|
||||||
"notBefore": 0,
|
"notBefore": 0,
|
||||||
"bearerOnly": false,
|
"bearerOnly": false,
|
||||||
|
@ -889,9 +889,9 @@
|
||||||
"id": "b016fab5-bced-404a-93ba-c084d360701f",
|
"id": "b016fab5-bced-404a-93ba-c084d360701f",
|
||||||
"clientId": "grafana",
|
"clientId": "grafana",
|
||||||
"name": "",
|
"name": "",
|
||||||
"description": "https://grafana.test.test.pub.solar",
|
"description": "https://grafana.test.pub.solar",
|
||||||
"rootUrl": "https://grafana.test.test.pub.solar",
|
"rootUrl": "https://grafana.test.pub.solar",
|
||||||
"adminUrl": "https://grafana.test.test.pub.solar",
|
"adminUrl": "https://grafana.test.pub.solar",
|
||||||
"baseUrl": "/login/generic_oauth",
|
"baseUrl": "/login/generic_oauth",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
|
@ -899,10 +899,10 @@
|
||||||
"clientAuthenticatorType": "client-secret",
|
"clientAuthenticatorType": "client-secret",
|
||||||
"secret": "secret",
|
"secret": "secret",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"https://grafana.test.test.pub.solar/login/generic_oauth"
|
"https://grafana.test.pub.solar/login/generic_oauth"
|
||||||
],
|
],
|
||||||
"webOrigins": [
|
"webOrigins": [
|
||||||
"https://grafana.test.test.pub.solar"
|
"https://grafana.test.pub.solar"
|
||||||
],
|
],
|
||||||
"notBefore": 0,
|
"notBefore": 0,
|
||||||
"bearerOnly": false,
|
"bearerOnly": false,
|
||||||
|
@ -945,9 +945,9 @@
|
||||||
"clientId": "mastodon",
|
"clientId": "mastodon",
|
||||||
"name": "mastodon",
|
"name": "mastodon",
|
||||||
"description": "",
|
"description": "",
|
||||||
"rootUrl": "https://mastodon.test.test.pub.solar",
|
"rootUrl": "https://mastodon.test.pub.solar",
|
||||||
"adminUrl": "",
|
"adminUrl": "",
|
||||||
"baseUrl": "https://mastodon.test.test.pub.solar",
|
"baseUrl": "https://mastodon.test.pub.solar",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
|
@ -955,10 +955,10 @@
|
||||||
"secret": "secret",
|
"secret": "secret",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"",
|
"",
|
||||||
"https://mastodon.test.test.pub.solar/auth/auth/openid_connect/callback"
|
"https://mastodon.test.pub.solar/auth/auth/openid_connect/callback"
|
||||||
],
|
],
|
||||||
"webOrigins": [
|
"webOrigins": [
|
||||||
"https://mastodon.test.test.pub.solar/auth/openid_connect/callback"
|
"https://mastodon.test.pub.solar/auth/openid_connect/callback"
|
||||||
],
|
],
|
||||||
"notBefore": 0,
|
"notBefore": 0,
|
||||||
"bearerOnly": false,
|
"bearerOnly": false,
|
||||||
|
@ -1006,17 +1006,17 @@
|
||||||
"clientId": "matrix",
|
"clientId": "matrix",
|
||||||
"name": "",
|
"name": "",
|
||||||
"description": "",
|
"description": "",
|
||||||
"rootUrl": "https://chat.test.test.pub.solar",
|
"rootUrl": "https://chat.test.pub.solar",
|
||||||
"adminUrl": "",
|
"adminUrl": "",
|
||||||
"baseUrl": "https://chat.test.test.pub.solar",
|
"baseUrl": "https://chat.test.pub.solar",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
"clientAuthenticatorType": "client-secret",
|
"clientAuthenticatorType": "client-secret",
|
||||||
"secret": "secret",
|
"secret": "secret",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"https://matrix.test.test.pub.solar/_synapse/client/oidc/callback",
|
"https://matrix.test.pub.solar/_synapse/client/oidc/callback",
|
||||||
"https://matrix.test.test.test.pub.solar/_synapse/client/oidc/callback"
|
"https://matrix.test.test.pub.solar/_synapse/client/oidc/callback"
|
||||||
],
|
],
|
||||||
"webOrigins": [],
|
"webOrigins": [],
|
||||||
"notBefore": 0,
|
"notBefore": 0,
|
||||||
|
@ -1038,7 +1038,7 @@
|
||||||
"tls-client-certificate-bound-access-tokens": "false",
|
"tls-client-certificate-bound-access-tokens": "false",
|
||||||
"oidc.ciba.grant.enabled": "false",
|
"oidc.ciba.grant.enabled": "false",
|
||||||
"backchannel.logout.session.required": "true",
|
"backchannel.logout.session.required": "true",
|
||||||
"backchannel.logout.url": "https://chat.test.test.pub.solar/_synapse/client/oidc/backchannel_logout",
|
"backchannel.logout.url": "https://chat.test.pub.solar/_synapse/client/oidc/backchannel_logout",
|
||||||
"client_credentials.use_refresh_token": "false",
|
"client_credentials.use_refresh_token": "false",
|
||||||
"acr.loa.map": "{}",
|
"acr.loa.map": "{}",
|
||||||
"require.pushed.authorization.requests": "false",
|
"require.pushed.authorization.requests": "false",
|
||||||
|
@ -1111,9 +1111,9 @@
|
||||||
"clientId": "matrix-authentication-service",
|
"clientId": "matrix-authentication-service",
|
||||||
"name": "",
|
"name": "",
|
||||||
"description": "Used for our hosted https://github.com/matrix-org/matrix-authentication-service",
|
"description": "Used for our hosted https://github.com/matrix-org/matrix-authentication-service",
|
||||||
"rootUrl": "https://matrix.test.test.pub.solar/",
|
"rootUrl": "https://matrix.test.pub.solar/",
|
||||||
"adminUrl": "https://matrix.test.test.pub.solar/",
|
"adminUrl": "https://matrix.test.pub.solar/",
|
||||||
"baseUrl": "https://matrix.test.test.pub.solar/",
|
"baseUrl": "https://matrix.test.pub.solar/",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
|
@ -1166,19 +1166,19 @@
|
||||||
"clientId": "mediawiki",
|
"clientId": "mediawiki",
|
||||||
"name": "",
|
"name": "",
|
||||||
"description": "",
|
"description": "",
|
||||||
"rootUrl": "https://wiki.test.test.pub.solar",
|
"rootUrl": "https://wiki.test.pub.solar",
|
||||||
"adminUrl": "https://wiki.test.test.pub.solar",
|
"adminUrl": "https://wiki.test.pub.solar",
|
||||||
"baseUrl": "https://wiki.test.test.pub.solar",
|
"baseUrl": "https://wiki.test.pub.solar",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
"clientAuthenticatorType": "client-secret",
|
"clientAuthenticatorType": "client-secret",
|
||||||
"secret": "secret",
|
"secret": "secret",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"https://wiki.test.test.pub.solar/*"
|
"https://wiki.test.pub.solar/*"
|
||||||
],
|
],
|
||||||
"webOrigins": [
|
"webOrigins": [
|
||||||
"https://wiki.test.test.pub.solar"
|
"https://wiki.test.pub.solar"
|
||||||
],
|
],
|
||||||
"notBefore": 0,
|
"notBefore": 0,
|
||||||
"bearerOnly": false,
|
"bearerOnly": false,
|
||||||
|
@ -1221,19 +1221,19 @@
|
||||||
"clientId": "nextcloud",
|
"clientId": "nextcloud",
|
||||||
"name": "",
|
"name": "",
|
||||||
"description": "",
|
"description": "",
|
||||||
"rootUrl": "https://cloud.test.test.pub.solar",
|
"rootUrl": "https://cloud.test.pub.solar",
|
||||||
"adminUrl": "https://cloud.test.test.pub.solar",
|
"adminUrl": "https://cloud.test.pub.solar",
|
||||||
"baseUrl": "https://cloud.test.test.pub.solar",
|
"baseUrl": "https://cloud.test.pub.solar",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
"clientAuthenticatorType": "client-secret",
|
"clientAuthenticatorType": "client-secret",
|
||||||
"secret": "secret",
|
"secret": "secret",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"https://cloud.test.test.pub.solar/apps/user_oidc/code"
|
"https://cloud.test.pub.solar/apps/user_oidc/code"
|
||||||
],
|
],
|
||||||
"webOrigins": [
|
"webOrigins": [
|
||||||
"https://cloud.test.test.pub.solar"
|
"https://cloud.test.pub.solar"
|
||||||
],
|
],
|
||||||
"notBefore": 0,
|
"notBefore": 0,
|
||||||
"bearerOnly": false,
|
"bearerOnly": false,
|
||||||
|
@ -1247,14 +1247,14 @@
|
||||||
"protocol": "openid-connect",
|
"protocol": "openid-connect",
|
||||||
"attributes": {
|
"attributes": {
|
||||||
"client.secret.creation.time": 1724762383467,
|
"client.secret.creation.time": 1724762383467,
|
||||||
"post.logout.redirect.uris": "https://cloud.test.test.pub.solar##https://cloud.test.test.pub.solar/##https://cloud.test.test.pub.solar/*",
|
"post.logout.redirect.uris": "https://cloud.test.pub.solar##https://cloud.test.pub.solar/##https://cloud.test.pub.solar/*",
|
||||||
"oauth2.device.authorization.grant.enabled": "false",
|
"oauth2.device.authorization.grant.enabled": "false",
|
||||||
"backchannel.logout.revoke.offline.tokens": "false",
|
"backchannel.logout.revoke.offline.tokens": "false",
|
||||||
"use.refresh.tokens": "true",
|
"use.refresh.tokens": "true",
|
||||||
"tls-client-certificate-bound-access-tokens": "false",
|
"tls-client-certificate-bound-access-tokens": "false",
|
||||||
"oidc.ciba.grant.enabled": "false",
|
"oidc.ciba.grant.enabled": "false",
|
||||||
"backchannel.logout.session.required": "true",
|
"backchannel.logout.session.required": "true",
|
||||||
"backchannel.logout.url": "https://cloud.test.test.pub.solar/apps/user_oidc/backchannel-logout/test.test.pub.solar%20ID",
|
"backchannel.logout.url": "https://cloud.test.pub.solar/apps/user_oidc/backchannel-logout/test.pub.solar%20ID",
|
||||||
"client_credentials.use_refresh_token": "false",
|
"client_credentials.use_refresh_token": "false",
|
||||||
"require.pushed.authorization.requests": "false",
|
"require.pushed.authorization.requests": "false",
|
||||||
"acr.loa.map": "{}",
|
"acr.loa.map": "{}",
|
||||||
|
@ -1283,16 +1283,16 @@
|
||||||
"clientId": "openbikesensor-portal",
|
"clientId": "openbikesensor-portal",
|
||||||
"name": "",
|
"name": "",
|
||||||
"description": "",
|
"description": "",
|
||||||
"rootUrl": "https://obs-portal.test.test.pub.solar",
|
"rootUrl": "https://obs-portal.test.pub.solar",
|
||||||
"adminUrl": "",
|
"adminUrl": "",
|
||||||
"baseUrl": "https://obs-portal.test.test.pub.solar",
|
"baseUrl": "https://obs-portal.test.pub.solar",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
"clientAuthenticatorType": "client-secret",
|
"clientAuthenticatorType": "client-secret",
|
||||||
"secret": "secret",
|
"secret": "secret",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"https://obs-portal.test.test.pub.solar/*"
|
"https://obs-portal.test.pub.solar/*"
|
||||||
],
|
],
|
||||||
"webOrigins": [
|
"webOrigins": [
|
||||||
"+"
|
"+"
|
||||||
|
@ -1382,13 +1382,13 @@
|
||||||
"clientId": "security-admin-console",
|
"clientId": "security-admin-console",
|
||||||
"name": "${client_security-admin-console}",
|
"name": "${client_security-admin-console}",
|
||||||
"rootUrl": "${authAdminUrl}",
|
"rootUrl": "${authAdminUrl}",
|
||||||
"baseUrl": "/admin/test.test.pub.solar/console/",
|
"baseUrl": "/admin/test.pub.solar/console/",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
"clientAuthenticatorType": "client-secret",
|
"clientAuthenticatorType": "client-secret",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"/admin/test.test.pub.solar/console/*"
|
"/admin/test.pub.solar/console/*"
|
||||||
],
|
],
|
||||||
"webOrigins": [
|
"webOrigins": [
|
||||||
"+"
|
"+"
|
||||||
|
@ -1498,19 +1498,19 @@
|
||||||
"clientId": "tt-rss",
|
"clientId": "tt-rss",
|
||||||
"name": "tt-rss",
|
"name": "tt-rss",
|
||||||
"description": "",
|
"description": "",
|
||||||
"rootUrl": "https://rss.test.test.pub.solar",
|
"rootUrl": "https://rss.test.pub.solar",
|
||||||
"adminUrl": "https://rss.test.test.pub.solar",
|
"adminUrl": "https://rss.test.pub.solar",
|
||||||
"baseUrl": "https://rss.test.test.pub.solar",
|
"baseUrl": "https://rss.test.pub.solar",
|
||||||
"surrogateAuthRequired": false,
|
"surrogateAuthRequired": false,
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
"clientAuthenticatorType": "client-secret",
|
"clientAuthenticatorType": "client-secret",
|
||||||
"secret": "secret",
|
"secret": "secret",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"https://rss.test.test.pub.solar"
|
"https://rss.test.pub.solar"
|
||||||
],
|
],
|
||||||
"webOrigins": [
|
"webOrigins": [
|
||||||
"https://rss.test.test.pub.solar"
|
"https://rss.test.pub.solar"
|
||||||
],
|
],
|
||||||
"notBefore": 0,
|
"notBefore": 0,
|
||||||
"bearerOnly": false,
|
"bearerOnly": false,
|
||||||
|
@ -2095,23 +2095,23 @@
|
||||||
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
||||||
},
|
},
|
||||||
"smtpServer": {
|
"smtpServer": {
|
||||||
"password": "**********",
|
"password": "password",
|
||||||
"replyToDisplayName": "test.test.pub.solar Support",
|
"replyToDisplayName": "test.pub.solar Support",
|
||||||
"starttls": "false",
|
"starttls": "false",
|
||||||
"auth": "true",
|
"auth": "true",
|
||||||
"port": "465",
|
"port": "465",
|
||||||
"replyTo": "admins@test.test.pub.solar",
|
"replyTo": "admins@test.pub.solar",
|
||||||
"host": "mail.test.test.pub.solar",
|
"host": "mail.test.pub.solar",
|
||||||
"from": "keycloak@test.test.pub.solar",
|
"from": "keycloak@test.pub.solar",
|
||||||
"fromDisplayName": "test.test.pub.solar ID",
|
"fromDisplayName": "test.pub.solar ID",
|
||||||
"envelopeFrom": "",
|
"envelopeFrom": "",
|
||||||
"ssl": "true",
|
"ssl": "true",
|
||||||
"user": "admins@test.test.pub.solar"
|
"user": "admins@test.pub.solar"
|
||||||
},
|
},
|
||||||
"loginTheme": "test.test.pub.solar",
|
"loginTheme": "pub.solar",
|
||||||
"accountTheme": "test.test.pub.solar",
|
"accountTheme": "pub.solar",
|
||||||
"adminTheme": "test.test.pub.solar",
|
"adminTheme": "pub.solar",
|
||||||
"emailTheme": "test.test.pub.solar",
|
"emailTheme": "pub.solar",
|
||||||
"eventsEnabled": false,
|
"eventsEnabled": false,
|
||||||
"eventsListeners": [
|
"eventsListeners": [
|
||||||
"jboss-logging"
|
"jboss-logging"
|
||||||
|
|
|
@ -60,11 +60,23 @@ const changeIds = (node) => {
|
||||||
return node;
|
return node;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const setExtra = (data) => ({
|
||||||
|
...data,
|
||||||
|
loginTheme: "pub.solar",
|
||||||
|
accountTheme: "pub.solar",
|
||||||
|
adminTheme: "pub.solar",
|
||||||
|
emailTheme: "pub.solar",
|
||||||
|
smtpServer: {
|
||||||
|
...data.smtpServer,
|
||||||
|
password: "password",
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
(async () => {
|
(async () => {
|
||||||
const fileContents = await readFile(filePath, { encoding: 'utf8' });
|
const fileContents = await readFile(filePath, { encoding: 'utf8' });
|
||||||
const data = JSON.parse(renameDomain(fileContents));
|
const data = JSON.parse(renameDomain(fileContents));
|
||||||
|
|
||||||
const newData = changeIds(cleanClients(data));
|
const newData = setExtra(changeIds(cleanClients(data)));
|
||||||
|
|
||||||
console.log(JSON.stringify(newData, null, 2));
|
console.log(JSON.stringify(newData, null, 2));
|
||||||
})();
|
})();
|
||||||
|
|
31
tests/support/mail-server.nix
Normal file
31
tests/support/mail-server.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
flake,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
flake.self.nixosModules.home-manager
|
||||||
|
flake.self.nixosModules.core
|
||||||
|
flake.self.nixosModules.mail
|
||||||
|
flake.inputs.simple-nixos-mailserver.nixosModule
|
||||||
|
./global.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# password is password
|
||||||
|
systemd.tmpfiles.rules = [ "f /tmp/emailpw 1777 root root 10d $2b$11$NV75HGZzMcIwrnVUZKXtxexX9DN52HayDW4eKrD1A8O3uIPnCquQ2" ];
|
||||||
|
|
||||||
|
mailserver = {
|
||||||
|
loginAccounts = {
|
||||||
|
"admins@${config.pub-solar-os.networking.domain}" = {
|
||||||
|
hashedPasswordFile = "/tmp/emailpw";
|
||||||
|
};
|
||||||
|
"hakkonaut@${config.pub-solar-os.networking.domain}" = {
|
||||||
|
hashedPasswordFile = "/tmp/emailpw";
|
||||||
|
};
|
||||||
|
"test-user@${config.pub-solar-os.networking.domain}" = {
|
||||||
|
quota = "1G";
|
||||||
|
hashedPasswordFile = "/tmp/emailpw";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -14,13 +14,7 @@
|
||||||
node.specialArgs = self.outputs.nixosConfigurations.nachtigall._module.specialArgs;
|
node.specialArgs = self.outputs.nixosConfigurations.nachtigall._module.specialArgs;
|
||||||
|
|
||||||
nodes = {
|
nodes = {
|
||||||
acme-server = {
|
acme-server.imports = [ ./support/acme-server.nix ];
|
||||||
imports = [
|
|
||||||
self.nixosModules.home-manager
|
|
||||||
self.nixosModules.core
|
|
||||||
./support/ca.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
nachtigall = {
|
nachtigall = {
|
||||||
imports = [
|
imports = [
|
||||||
|
|
Loading…
Reference in a new issue