gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(ci): flake update

Browse source
This commit is contained in:
arcnmx 2024-07-02 07:50:38 -07:00
parent 46c14614a9
commit 1475714bce
4 changed files with 17 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

24
flake.lock generated
View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719079655, "lastModified": 1719854708,
"narHash": "sha256-FsiySRMULRlNPfP7s/FRj/V6GI+Y4Te4xvUAniaLXqQ=", "narHash": "sha256-EUjNXcLW6cN0UY89kkfncC/cVO0CY6qIUfKmlse/gLg=",
"owner": "arcnmx", "owner": "arcnmx",
"repo": "nixexprs", "repo": "nixexprs",
"rev": "3b861e91acd3ea56d3eb26bf17f1d3e3acb5b304", "rev": "5165118a5c43addcaace24579f0e62f5d1a792a7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -160,11 +160,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719677234, "lastModified": 1719827439,
"narHash": "sha256-qO9WZsj/0E6zcK4Ht1y/iJ8XfwbBzq7xdqhBh44OP/M=", "narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "36317d4d38887f7629876b0e43c8d9593c5cc48d", "rev": "59ce796b2563e19821361abbe2067c3bb4143a7d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -190,11 +190,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1719506693, "lastModified": 1719848872,
"narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=", "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a", "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -267,11 +267,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1719716556, "lastModified": 1719873517,
"narHash": "sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8+awNMyqs=", "narHash": "sha256-D1dxZmXf6M2h5lNE1m6orojuUawVPjogbGRsqSBX+1g=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "b5974d4331fb6c893e808977a2e1a6d34b3162d6", "rev": "a11224af8d824935f363928074b4717ca2e280db",
"type": "github" "type": "github"
}, },
"original": { "original": {

16
nixos/keycloak.nix
View file

@ -1,27 +1,17 @@
{ {
systemConfig,
access, access,
config, config,
gensokyo-zone,
lib, lib,
... ...
}: let }: let
inherit (lib.modules) mkIf mkForce mkDefault; inherit (lib.modules) mkIf mkForce mkDefault;
inherit (lib.lists) optional;
cfg = config.services.keycloak; cfg = config.services.keycloak;
cert = access.mkSnakeOil { cert = access.mkSnakeOil {
name = "keycloak-selfsigned"; name = "keycloak-selfsigned";
domain = hostname; domain = hostname;
}; };
hostname = "sso.${config.networking.domain}"; hostname = "sso.${config.networking.domain}";
hostname-strict = false;
inherit (gensokyo-zone.self.legacyPackages.${systemConfig.system}) patchedNixpkgs;
keycloakModulePath = "services/web-apps/keycloak.nix";
in { in {
# upstream keycloak makes an incorrect assumption in its assertions, so we patch it
disabledModules = optional (!hostname-strict) keycloakModulePath;
imports = optional (!hostname-strict) (patchedNixpkgs + "/nixos/modules/${keycloakModulePath}");
sops.secrets = let sops.secrets = let
commonSecret = { commonSecret = {
sopsFile = ./secrets/keycloak.yaml; sopsFile = ./secrets/keycloak.yaml;
@ -61,9 +51,11 @@ in {
useSSL = postgresql.ports.default.ssl; useSSL = postgresql.ports.default.ssl;
}; };
settings = { settings = let
hostname-strict = false;
in {
hostname = mkDefault ( hostname = mkDefault (
if hostname-strict if cfg.settings.hostname-strict
then hostname then hostname
else null else null
); );

2
outputs.nix
View file

@ -32,7 +32,7 @@
pkgs.__withSubBuilders; pkgs.__withSubBuilders;
patchedNixpkgs = let patchedNixpkgs = let
patches = [ patches = [
./packages/nixpkgs-keycloak-nullhostname.patch # XXX: no pending nixpkgs patches atm
]; ];
patchedNixpkgs = pkgs.applyPatches { patchedNixpkgs = pkgs.applyPatches {
name = "nixpkgs"; name = "nixpkgs";

23
packages/nixpkgs-keycloak-nullhostname.patch
View file

@ -1,23 +0,0 @@
diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix
--- a/nixos/modules/services/web-apps/keycloak.nix
+++ b/nixos/modules/services/web-apps/keycloak.nix
@@ -328,7 +328,7 @@ in
};
hostname = mkOption {
- type = str;
+ type = nullOr str;
example = "keycloak.example.com";
description = ''
The hostname part of the public URL used as base for
@@ -477,6 +477,10 @@ in
assertion = createLocalPostgreSQL -> config.services.postgresql.settings.standard_conforming_strings or true;
message = "Setting up a local PostgreSQL db for Keycloak requires `standard_conforming_strings` turned on to work reliably";
}
+ {
+ assertion = cfg.settings.hostname != null || ! cfg.settings.hostname-strict or true;
+ message = "Setting the Keycloak hostname is required, see `services.keycloak.settings.hostname`";
+ }
{
assertion = cfg.settings.hostname-url or null == null;
message = ''