add roadmap
This commit is contained in:
parent
36c9fe23c3
commit
28625e764f
3 changed files with 17 additions and 9 deletions
12
README.md
12
README.md
|
@ -232,6 +232,12 @@ disnix-lock -u
|
|||
|
||||
In rough order of highest to lowest priority.
|
||||
|
||||
Roadmap for V1:
|
||||
- [ ] Have Vaultwarden deployable behind Haproxy with Keycloak and
|
||||
oauth2proxy as SSO.
|
||||
- [ ] Have example for Vaultwarden working.
|
||||
- [ ] Have integration tests for Vaultwarden.
|
||||
|
||||
- Misc
|
||||
- [x] Function to generate haproxy config
|
||||
- [ ] Handle Nixops 2 (nixops_unstable)
|
||||
|
@ -240,6 +246,9 @@ In rough order of highest to lowest priority.
|
|||
- [ ] Add configuration examples
|
||||
- [ ] Merge all keycloak services into one definition
|
||||
- [ ] Run tests on Hercules-CI
|
||||
- [ ] Explain how to setup secret keys.
|
||||
- [ ] Switch to using modules https://nixos.wiki/wiki/NixOS_modules
|
||||
to setup configuration.
|
||||
- Dev
|
||||
- [ ] Automatically pull client credentials from keycloak to
|
||||
populate oauth2proxy's clientsecret key.
|
||||
|
@ -265,6 +274,3 @@ In rough order of highest to lowest priority.
|
|||
- [ ] Move a few packages installed through network.nix into services.nix.
|
||||
- [ ] Use something else than `pass` to retrieve secrets. Or better,
|
||||
allow multiple options.
|
||||
- [ ] Explain how to setup secret keys.
|
||||
- [ ] Switch to using modules https://nixos.wiki/wiki/NixOS_modules
|
||||
to setup configuration.
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
, system ? builtins.currentSystem
|
||||
, pkgs ? import <nixpkgs> { inherit system; }
|
||||
, utils ? null
|
||||
, secret ? null
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -32,7 +33,7 @@ let
|
|||
keycloak = callPackage ./keycloak {inherit utils customPkgs;};
|
||||
|
||||
ttrss = callPackage ./ttrss {inherit utils customPkgs;};
|
||||
vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs;};
|
||||
vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs secret;};
|
||||
};
|
||||
in
|
||||
customPkgs
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ customPkgs
|
||||
, pkgs
|
||||
, utils
|
||||
, secret
|
||||
}:
|
||||
{ serviceName ? "Vaultwarden"
|
||||
, subdomain ? "vaultwarden"
|
||||
|
@ -236,15 +237,15 @@ rec {
|
|||
|
||||
deployKeys = domain: {
|
||||
"${serviceName}_oauth2proxy_cookiesecret".text = ''
|
||||
OAUTH2_PROXY_COOKIE_SECRET="${builtins.extraBuiltins.pass "${domain}/${subdomain}/${cookieSecretName}"}"
|
||||
OAUTH2_PROXY_COOKIE_SECRET="${secret "${domain}/${subdomain}/${cookieSecretName}"}"
|
||||
'';
|
||||
"${serviceName}_oauth2proxy_clientsecret".text = ''
|
||||
OAUTH2_PROXY_CLIENT_SECRET="${builtins.extraBuiltins.pass "${domain}/${subdomain}/${clientSecretName}"}"
|
||||
OAUTH2_PROXY_CLIENT_SECRET="${secret "${domain}/${subdomain}/${clientSecretName}"}"
|
||||
'';
|
||||
"${serviceName}_smtp_all".text = ''
|
||||
SMTP_HOST="${builtins.extraBuiltins.pass "${domain}/mailgun.com/smtp_hostname"}"
|
||||
SMTP_USERNAME="${builtins.extraBuiltins.pass "${domain}/mailgun.com/smtp_login"}"
|
||||
SMTP_PASSWORD="${builtins.extraBuiltins.pass "${domain}/mailgun.com/password"}"
|
||||
SMTP_HOST="${secret "${domain}/mailgun.com/smtp_hostname"}"
|
||||
SMTP_USERNAME="${secret "${domain}/mailgun.com/smtp_login"}"
|
||||
SMTP_PASSWORD="${secret "${domain}/mailgun.com/password"}"
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue