This rabbit hole of a task lead me to:
- Introduce a hardcoded secret module that is a secret provider
for tests.
- Update LDAP and SSO modules to use the secret contract.
- Refactor the replaceSecrets library function to correctly fail
when a secret file could not be read.
Automated changes by the
[update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock)
GitHub Action.
```
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/9ca3f649614213b2aaf5f1e16ec06952fe4c2632?narHash=sha256-7EXDb5WBw%2Bd004Agt%2BJHC/Oyh/KTUglOaQ4MNjBbo5w%3D' (2024-05-27)
→ 'github:nixos/nixpkgs/71e91c409d1e654808b2621f28a327acfdad8dc2?narHash=sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w%3D' (2024-08-28)
```
### Running GitHub Actions on this PR
GitHub Actions will not run workflows on pull requests which are opened
by a GitHub Action.
To run GitHub Actions workflows on this PR, run:
```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
PR to add grocy as a service.
I think LDAP should be [relatively
simple](https://www.reddit.com/r/grocy/comments/18avtb7/sso_tutorial/)
to add, but couldn't find good information on SSO.
Will test this out for a while to make sure it really works before this
can be merged.
---------
Co-authored-by: ibizaman <ibizapeanut@gmail.com>
Co-authored-by: Pierre Penninckx <github@pierre.tiserbox.com>
Hi,
I tried adding [Audiobookshelf](https://www.audiobookshelf.org/) as a
new service to SHB.
Not sure whether you want this service in SHB at all, but thought I'd
create a PR just in case.
The service runs, but seemingly fails to add an entry to the nginx
config, so it is not reachable. I created the service by basically just
copying deluge and then adapting. Any idea why the nginx subdomain isn't
being created?
The config I used to add this to my SHB server is:
```nix
shb.audiobookshelf = {
enable = true;
domain = "sliper.xyz";
subdomain = "abs";
dataDir = "audiobookshelf"; #turns out this is actually the working dir of the service (/var/lib/<dataDir>)
authEndpoint = "https://auth.sliper.xyz";
};
// ... in shb.authelia.oidcClients
redirect_uris = [ "https://deluge.sliper.xyz" "https://abs.sliper.xyz" ];
```
ps. I also need to fix tabs->spaces. Forgot to set up nvim.
---------
Co-authored-by: sivert <nei@nei.nei>
Co-authored-by: ibizaman <ibizapeanut@gmail.com>
Co-authored-by: Pierre Penninckx <github@pierre.tiserbox.com>
fixes #22
This commit introduces:
- A few more optional options for the monitoring module, in particular
an SMTP option to setup sending alerts with an STMP server.
- 2 required options for adding a secure key for signing and for an
initial admin password. The latter is nice because at least you can
choose securely the initial admin password instead of it being just
"admin", adding a bit more security to the install process.
- Provisioning Grafana with dashboards, datasources, alerts, contact
points and notification policies.
- Documentation for monitoring in
[docs/blocks/monitoring.md](docs/blocks/monitoring.md).
- A NixOS test that makes sure provisioning did go well as expected.
Fixes #14
The tests actually showed a flaw in the implementation, we needed
"password" and not "trust" in the auth file.
Also, having the port defined at the same time as enabling listening for
TCP/IP connection made no sense.
I want to show how composable this project is. For example, you could
just use the Authelia module to add SSO to any service, not just those
provided here.
