dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

kanidm: allow hydra to cache alternative build with secret provisioning

Browse Source
This commit is contained in:
oddlama 2024-11-24 19:24:43 +01:00
parent 924dd67481
commit 91cbd96ffe
No known key found for this signature in database
GPG Key ID: 14EFE510775FE39A
3 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/security/kanidm.nix
View File

@ -734,7 +734,7 @@ in
-> cfg.package.enableSecretProvisioning;
message = ''
Specifying an admin account password or oauth2 basicSecretFile requires kanidm to be built with the secret provisioning patches.
You may want to set `services.kanidm.package = pkgs.kanidm.withSecretProvisioning;`.
You may want to set `services.kanidm.package = pkgs.kanidmWithSecretProvisioning;`.
'';
}
# Entity names must be globally unique:

2
nixos/tests/kanidm-provisioning.nix
View File

@ -23,7 +23,7 @@ import ./make-test-python.nix (
{ pkgs, lib, ... }:
{
services.kanidm = {
package = pkgs.kanidm.withSecretProvisioning;
package = pkgs.kanidmWithSecretProvisioning;
enableServer = true;
serverSettings = {
origin = "https://${serverDomain}";

4
pkgs/top-level/all-packages.nix
View File

@ -11761,6 +11761,10 @@ with pkgs;
jitsi-videobridge = callPackage ../servers/jitsi-videobridge { };
kanidmWithSecretProvisioning = callPackage ../by-name/ka/kanidm/package.nix {
enableSecretProvisioning = true;
};
knot-resolver = callPackage ../servers/dns/knot-resolver {
systemd = systemdMinimal; # in closure already anyway
};