This rabbit hole of a task lead me to:
- Introduce a hardcoded secret module that is a secret provider
for tests.
- Update LDAP and SSO modules to use the secret contract.
- Refactor the replaceSecrets library function to correctly fail
when a secret file could not be read.
This makes the secret contract better (IMNSHO):
- Improves documentation, explains better the reasoning behind the
contract.
- Makes it easier to create an option implementing the secret contract.
Automated changes by the
[update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock)
GitHub Action.
```
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/9ca3f649614213b2aaf5f1e16ec06952fe4c2632?narHash=sha256-7EXDb5WBw%2Bd004Agt%2BJHC/Oyh/KTUglOaQ4MNjBbo5w%3D' (2024-05-27)
→ 'github:nixos/nixpkgs/71e91c409d1e654808b2621f28a327acfdad8dc2?narHash=sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w%3D' (2024-08-28)
```
### Running GitHub Actions on this PR
GitHub Actions will not run workflows on pull requests which are opened
by a GitHub Action.
To run GitHub Actions workflows on this PR, run:
```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This PR irons out the last issues with the backup contract and the
Restic implementation.
I could check it works backing up files to a local folder and to
Backblaze on my server.
PR to add grocy as a service.
I think LDAP should be [relatively
simple](https://www.reddit.com/r/grocy/comments/18avtb7/sso_tutorial/)
to add, but couldn't find good information on SSO.
Will test this out for a while to make sure it really works before this
can be merged.
---------
Co-authored-by: ibizaman <ibizapeanut@gmail.com>
Co-authored-by: Pierre Penninckx <github@pierre.tiserbox.com>
Hi,
I tried adding [Audiobookshelf](https://www.audiobookshelf.org/) as a
new service to SHB.
Not sure whether you want this service in SHB at all, but thought I'd
create a PR just in case.
The service runs, but seemingly fails to add an entry to the nginx
config, so it is not reachable. I created the service by basically just
copying deluge and then adapting. Any idea why the nginx subdomain isn't
being created?
The config I used to add this to my SHB server is:
```nix
shb.audiobookshelf = {
enable = true;
domain = "sliper.xyz";
subdomain = "abs";
dataDir = "audiobookshelf"; #turns out this is actually the working dir of the service (/var/lib/<dataDir>)
authEndpoint = "https://auth.sliper.xyz";
};
// ... in shb.authelia.oidcClients
redirect_uris = [ "https://deluge.sliper.xyz" "https://abs.sliper.xyz" ];
```
ps. I also need to fix tabs->spaces. Forgot to set up nvim.
---------
Co-authored-by: sivert <nei@nei.nei>
Co-authored-by: ibizaman <ibizapeanut@gmail.com>
Co-authored-by: Pierre Penninckx <github@pierre.tiserbox.com>
- Fixes #126
- Generate a single oidc_clients.yaml to define all clients
- `public` property of OIDC clients is now a bool (as it should be), not a string.
- sed pattern changed to allow multiple replacements