1
0
Fork 0

add roadmap

This commit is contained in:
ibizaman 2023-04-04 00:18:25 -07:00
parent 36c9fe23c3
commit 28625e764f
3 changed files with 17 additions and 9 deletions

View file

@ -232,6 +232,12 @@ disnix-lock -u
In rough order of highest to lowest priority.
Roadmap for V1:
- [ ] Have Vaultwarden deployable behind Haproxy with Keycloak and
oauth2proxy as SSO.
- [ ] Have example for Vaultwarden working.
- [ ] Have integration tests for Vaultwarden.
- Misc
- [x] Function to generate haproxy config
- [ ] Handle Nixops 2 (nixops_unstable)
@ -240,6 +246,9 @@ In rough order of highest to lowest priority.
- [ ] Add configuration examples
- [ ] Merge all keycloak services into one definition
- [ ] Run tests on Hercules-CI
- [ ] Explain how to setup secret keys.
- [ ] Switch to using modules https://nixos.wiki/wiki/NixOS_modules
to setup configuration.
- Dev
- [ ] Automatically pull client credentials from keycloak to
populate oauth2proxy's clientsecret key.
@ -265,6 +274,3 @@ In rough order of highest to lowest priority.
- [ ] Move a few packages installed through network.nix into services.nix.
- [ ] Use something else than `pass` to retrieve secrets. Or better,
allow multiple options.
- [ ] Explain how to setup secret keys.
- [ ] Switch to using modules https://nixos.wiki/wiki/NixOS_modules
to setup configuration.

View file

@ -3,6 +3,7 @@
, system ? builtins.currentSystem
, pkgs ? import <nixpkgs> { inherit system; }
, utils ? null
, secret ? null
}:
let
@ -32,7 +33,7 @@ let
keycloak = callPackage ./keycloak {inherit utils customPkgs;};
ttrss = callPackage ./ttrss {inherit utils customPkgs;};
vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs;};
vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs secret;};
};
in
customPkgs

View file

@ -1,6 +1,7 @@
{ customPkgs
, pkgs
, utils
, secret
}:
{ serviceName ? "Vaultwarden"
, subdomain ? "vaultwarden"
@ -236,15 +237,15 @@ rec {
deployKeys = domain: {
"${serviceName}_oauth2proxy_cookiesecret".text = ''
OAUTH2_PROXY_COOKIE_SECRET="${builtins.extraBuiltins.pass "${domain}/${subdomain}/${cookieSecretName}"}"
OAUTH2_PROXY_COOKIE_SECRET="${secret "${domain}/${subdomain}/${cookieSecretName}"}"
'';
"${serviceName}_oauth2proxy_clientsecret".text = ''
OAUTH2_PROXY_CLIENT_SECRET="${builtins.extraBuiltins.pass "${domain}/${subdomain}/${clientSecretName}"}"
OAUTH2_PROXY_CLIENT_SECRET="${secret "${domain}/${subdomain}/${clientSecretName}"}"
'';
"${serviceName}_smtp_all".text = ''
SMTP_HOST="${builtins.extraBuiltins.pass "${domain}/mailgun.com/smtp_hostname"}"
SMTP_USERNAME="${builtins.extraBuiltins.pass "${domain}/mailgun.com/smtp_login"}"
SMTP_PASSWORD="${builtins.extraBuiltins.pass "${domain}/mailgun.com/password"}"
SMTP_HOST="${secret "${domain}/mailgun.com/smtp_hostname"}"
SMTP_USERNAME="${secret "${domain}/mailgun.com/smtp_login"}"
SMTP_PASSWORD="${secret "${domain}/mailgun.com/password"}"
'';
};