1
0
Fork 0
selfhostblocks/CHANGELOG.md
Pierre Penninckx 5a0ae36c85
update secret contract (#311)
This makes the secret contract better (IMNSHO):

- Improves documentation, explains better the reasoning behind the
contract.
- Makes it easier to create an option implementing the secret contract.
2024-10-01 21:01:00 +00:00

4.6 KiB

Upcoming Release

Breaking Changes

  • Remove dependency on sops-nix.
  • Rename shb.nginx.autheliaProtect to shb.nginx.vhosts. Indeed, the option allows to define a vhost with optional Authelia protection but the former name made it look like Authelia protection was enforced.
  • Rename all shb.arr.*.APIKey to shb.arr.*.ApiKey.
  • Remove shb.vaultwarden.ldapEndpoint option because it was not used in the implementation anyway.
  • Bump Nextcloud default version from 27 to 28. Add support for version 29.
  • Deluge config breaks the authFile into an attrset of user to password file. Also deluge has tests now.
  • Nextcloud now configures the LDAP app to use the user_id from LLDAP as the user ID used in Nextcloud. This makes all source of user - internal, LDAP and SSO - agree on the user ID.
  • Authelia options changed:
    • shb.authelia.oidcClients.id -> shb.authelia.oidcClients.client_id
    • shb.authelia.oidcClients.description -> shb.authelia.oidcClients.client_name
    • shb.authelia.oidcClients.secret -> shb.authelia.oidcClients.client_secret
    • shb.authelia.ldapEndpoint -> shb.authelia.ldapHostname and shb.authelia.ldapPort
  • Make Nextcloud automatically disable maintenance mode upon service restart.
  • shb.ldap.ldapUserPasswordFile -> shb.ldap.ldapUserPassword.result.path
  • shb.ldap.jwtSecretFile -> shb.ldap.jwtSecret.result.path

User Facing Backwards Compatible Changes

  • Add mount contract.
  • Export torrent metrics.
  • Bump chunkSize in Nextcloud to boost performance.
  • Fix home-assistant onboarding file generation. Added new VM test.
  • OIDC and SMTP config are now optional in Vaultwarden. Added new VM test.
  • Add default OIDC config for Authelia. This way, Authelia can start even with no config or only forward auth configs.
  • Fix replaceSecrets function. It wasn't working correctly with functions from lib.generators and pkgs.pkgs-lib.formats. Also more test coverage.
  • Add udev extra rules to allow smartctl Prometheus exporter to find NVMe drives.
  • Revert Loki to major version 2 because upgrading to version 3 required manual intervention as Loki refuses to start. So until this issue is tackled, reverting is the best immediate fix. See 8f95320f39
  • Add prometheus deluge exporter support. It just needs the shb.deluge.prometheusScraperPasswordFile option to be set.

Other Changes

  • Add pretty printing of test errors. Instead of:
    error: testRadarr failed: expected {"services":{"bazarr":{},"jackett":{},"lidarr":{},"nginx":{"enable":true},"radarr":{"dataDir":"/var/lib/radarr","enable":true,"group":"radarr","user":"radarr"},"readarr":{},"sonarr":{}},"shb":{"backup":{"instances":{"radarr":{"excludePatterns":[".db-shm",".db-wal",".mono"],"sourceDirectories":["/var/lib/radarr"]}}},"nginx":{"autheliaProtect":[{"authEndpoint":"https://oidc.example.com","autheliaRules":[{"domain":"radarr.example.com","policy":"bypass","resources":["^/api.*"]},{"domain":"radarr.example.com","policy":"two_factor","subject":["group:arr_user"]}],"domain":"example.com","ssl":null,"subdomain":"radarr","upstream":"http://127.0.0.1:7878"}]}},"systemd":{"services":{"radarr":{"serviceConfig":{"StateDirectoryMode":"0750","UMask":"0027"}}},"tmpfiles":{"rules":["d '/var/lib/radarr' 0750 radarr radarr - -"]}},"users":{"groups":{"radarr":{"members":["backup"]}}}}, but got {"services":{"bazarr":{},"jackett":{},"lidarr":{},"nginx":{"enable":true},"radarr":{"dataDir":"/var/lib/radarr","enable":true,"group":"radarr","user":"radarr"},"readarr":{},"sonarr":{}},"shb":{"backup":{"instances":{"radarr":{"excludePatterns":[".db-shm",".db-wal",".mono"],"sourceDirectories":["/var/lib/radarr"]}}},"nginx":{"vhosts":[{"authEndpoint":"https://oidc.example.com","autheliaRules":[{"domain":"radarr.example.com","policy":"bypass","resources":["^/api.*"]},{"domain":"radarr.example.com","policy":"two_factor","subject":["group:arr_user"]}],"domain":"example.com","ssl":null,"subdomain":"radarr","upstream":"http://127.0.0.1:7878"}]}},"systemd":{"services":{"radarr":{"serviceConfig":{"StateDirectoryMode":"0750","UMask":"0027"}}},"tmpfiles":{"rules":["d '/var/lib/radarr' 0750 radarr radarr - -"]}},"users":{"groups":{"radarr":{"members":["backup"]}}}}
    
    You now see:
    error: testRadarr failed (- expected, + result)
     {
       "dictionary_item_added": [
         "root['shb']['nginx']['vhosts']"
       ],
       "dictionary_item_removed": [
         "root['shb']['nginx']['authEndpoint']"
       ]
     }
    
  • Made Nextcloud LDAP setup use a hardcoded configID. This makes the detection of an existing config much more robust.

0.1.0

Creation of CHANGELOG.md