feat(tei): update to kanidm-develop

OAuth 2.0 localhost redirects aren't part of a kanidm release yet.
2026-02-09 12:29:19 -08:00 · 2024-01-21 17:01:06 -08:00 · 2024-01-21 17:01:06 -08:00 · 2039c1a9dd
commit 2039c1a9dd
parent c1faa39712
5 changed files with 23 additions and 3 deletions
--- a/ci/flake-cron.nix
+++ b/ci/flake-cron.nix
@ -22,6 +22,7 @@ in {
  gh-actions.env.CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";

  nix.config = {
+    accept-flake-config = true;
    extra-platforms = ["aarch64-linux" "armv6l-linux" "armv7l-linux"];
    #extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext "${package}?") [bash qemu "/run/binfmt"];
  };
--- a/ci/nodes.nix
+++ b/ci/nodes.nix
@ -20,6 +20,7 @@ with lib; {
  channels.nixfiles.path = ../.;

  nix.config = {
+    accept-flake-config = true;
    extra-platforms = ["aarch64-linux" "armv6l-linux" "armv7l-linux"];
    #extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext "${package}?") [bash qemu "/run/binfmt"];
  };
--- a/flake.lock
+++ b/flake.lock
@ -3,11 +3,11 @@
    "arcexprs": {
      "flake": false,
      "locked": {
-        "lastModified": 1705947565,
-        "narHash": "sha256-L82r4wYC86SygCpUa7WNqyZGs0EtntsIhQoFTw7MmJs=",
+        "lastModified": 1706196577,
+        "narHash": "sha256-lFG8gaadISrBFAYRcdEeWMoZuZD1QWFLeP0fHCHQPIE=",
        "owner": "arcnmx",
        "repo": "nixexprs",
-        "rev": "e720dd2e934b4a36ba65087a469a56e2958b9093",
+        "rev": "d7ed162f0b61e1657955446d239e4eddba116f61",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -27,6 +27,16 @@
      };
    };
  };
+  nixConfig = {
+    extra-substituters = [
+      "https://arc.cachix.org"
+      "https://kittywitch.cachix.org"
+    ];
+    extra-trusted-public-keys = [
+      "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY="
+      "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0="
+    ];
+  };

  outputs = {
    self,
--- a/systems/tei/nixos.nix
+++ b/systems/tei/nixos.nix
@ -2,6 +2,7 @@
  config,
  lib,
  meta,
+  pkgs,
  ...
 }: let
  inherit (lib.modules) mkIf mkMerge;
@ -29,6 +30,13 @@ in {

  sops.defaultSopsFile = ./secrets.yaml;

+  services.kanidm = {
+    package = lib.warnIf
+      (pkgs.kanidm.version != "1.1.0-rc.15")
+      "upstream kanidm may have localhost oauth2 support now!"
+      pkgs.kanidm-develop;
+  };
+
  networking.firewall = {
    interfaces.local.allowedTCPPorts = mkMerge [
      (mkIf kanidm.enableServer [