This rabbit hole of a task lead me to:
- Introduce a hardcoded secret module that is a secret provider
for tests.
- Update LDAP and SSO modules to use the secret contract.
- Refactor the replaceSecrets library function to correctly fail
when a secret file could not be read.
This makes the secret contract better (IMNSHO):
- Improves documentation, explains better the reasoning behind the
contract.
- Makes it easier to create an option implementing the secret contract.
This was not the root cause of Nginx not starting.
The root cause was the DNS server was restarting at the same time as
Nginx and wasn't ready yet.
There is no DNS block yet in Self Host Blocks so the code is removed for
now.
Automated changes by the
[update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock)
GitHub Action.
```
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/9ca3f649614213b2aaf5f1e16ec06952fe4c2632?narHash=sha256-7EXDb5WBw%2Bd004Agt%2BJHC/Oyh/KTUglOaQ4MNjBbo5w%3D' (2024-05-27)
→ 'github:nixos/nixpkgs/71e91c409d1e654808b2621f28a327acfdad8dc2?narHash=sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w%3D' (2024-08-28)
```
### Running GitHub Actions on this PR
GitHub Actions will not run workflows on pull requests which are opened
by a GitHub Action.
To run GitHub Actions workflows on this PR, run:
```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This PR irons out the last issues with the backup contract and the
Restic implementation.
I could check it works backing up files to a local folder and to
Backblaze on my server.
This is needed because v3 requires manual intervention to upgrade
otherwise Loki refuses to start. So until there's a fix, reverting is
the easiest fix.
- Fixes #126
- Generate a single oidc_clients.yaml to define all clients
- `public` property of OIDC clients is now a bool (as it should be), not a string.
- sed pattern changed to allow multiple replacements
