feat: update kanidm and provisioning

2024-03-11 16:54:02 +01:00 · 2024-03-11 16:54:02 +01:00 · 1b0934b565
commit 1b0934b565
parent ee5556401c
6 changed files with 449 additions and 395 deletions
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -5,14 +5,31 @@
  (_final: prev: {
    deploy = prev.callPackage ./deploy.nix {};
    git-fuzzy = prev.callPackage ./git-fuzzy {};
+    kanidm = prev.kanidm.overrideAttrs (old: let
+      provisionSrc = prev.fetchFromGitHub {
+        owner = "oddlama";
+        repo = "kanidm-provision";
+        rev = "aa7a1c8ec04622745b385bd3b0462e1878f56b51";
+        hash = "sha256-NRolS3l2kARjkhWP7FYUG//KCEiueh48ZrADdCDb9Zg=";
+      };
+    in {
+      patches =
+        old.patches
+        ++ [
+          "${provisionSrc}/patches/${old.version}-oauth2-basic-secret-modify.patch"
+          "${provisionSrc}/patches/${old.version}-recover-account.patch"
+        ];
+      passthru.enableSecretProvisioning = true;
+    });
+    kanidm-provision = prev.callPackage ./kanidm-provision.nix {};
    kanidm-secret-manipulator = prev.callPackage ./kanidm-secret-manipulator.nix {};
    segoe-ui-ttf = prev.callPackage ./segoe-ui-ttf.nix {};
    zsh-histdb-skim = prev.callPackage ./zsh-skim-histdb.nix {};
    awakened-poe-trade = prev.callPackage ./awakened-poe-trade.nix {};
-    neovim-clean = prev.neovim-unwrapped.overrideAttrs (_neovimFinal: neovimPrev: {
-      nativeBuildInputs = (neovimPrev.nativeBuildInputs or []) ++ [prev.makeWrapper];
+    neovim-clean = prev.neovim-unwrapped.overrideAttrs (old: {
+      nativeBuildInputs = (old.nativeBuildInputs or []) ++ [prev.makeWrapper];
      postInstall =
-        (neovimPrev.postInstall or "")
+        (old.postInstall or "")
        + ''
          wrapProgram $out/bin/nvim --add-flags "--clean"
        '';
--- a/pkgs/deploy.nix
+++ b/pkgs/deploy.nix
@ -1,7 +1,5 @@
 {
  bc,
-  lib,
-  nvd,
  writeShellApplication,
 }: let
  deploy = writeShellApplication {
@ -109,7 +107,8 @@
        ssh "$host" -- "$store_path"/bin/switch-to-configuration "$ACTION" \
          || echo "Error while activating new system" >&2
        if [[ -n "$prev_system" ]]; then
-          ssh "$host" -- ${lib.getExe nvd} --color always diff "$prev_system" "$store_path" || true
+          # nvd must be installed on the target system for this to work
+          ssh "$host" -- nvd --color always diff "$prev_system" "$store_path" || true
        fi
        time_next
        echo "[1;32m     Applied [m✅ [34m$host[m [90min ''${T_LAST}s[m"
--- a/pkgs/kanidm-provision.nix
+++ b/pkgs/kanidm-provision.nix
@ -0,0 +1,26 @@
+{
+  lib,
+  rustPlatform,
+  fetchFromGitHub,
+}:
+rustPlatform.buildRustPackage rec {
+  pname = "kanidm-provision";
+  version = "1.0.0";
+
+  src = fetchFromGitHub {
+    owner = "oddlama";
+    repo = "kanidm-provision";
+    rev = "v${version}";
+    hash = "sha256-T6kiBUdOMHCWRUF/vepoPrvaULDQrUGYsd/3I11HCLY=";
+  };
+
+  cargoHash = "sha256-nHp3C6szJxOogH/kETIqcQQNhFqBCO0P66j7n3UHuwo=";
+
+  meta = with lib; {
+    description = "A small utility to help with kanidm provisioning";
+    homepage = "https://github.com/oddlama/kanidm-provision";
+    license = with licenses; [asl20 mit];
+    maintainers = with maintainers; [oddlama];
+    mainProgram = "kanidm-provision";
+  };
+}