Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 77554bb0ff28
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 42c85f251da7
Choose a head ref

Commits on Apr 21, 2020

  1. Copy the full SHA
    cb62bf4 View commit details
  2. python.pkgs.pyrad: init at 2.3

    globin committed Apr 21, 2020
    Copy the full SHA
    7a68da6 View commit details
  3. Copy the full SHA
    1a2852b View commit details
  4. Copy the full SHA
    38c5add View commit details
  5. Copy the full SHA
    fb0c261 View commit details
  6. Copy the full SHA
    546b31b View commit details
  7. Copy the full SHA
    6cbdd86 View commit details
  8. privacyidea module: init

    globin committed Apr 21, 2020
    Copy the full SHA
    134c66b View commit details

Commits on May 7, 2020

  1. gspeech: init at 0.9.2

    mothsART committed May 7, 2020
    Copy the full SHA
    f36cbdc View commit details

Commits on May 9, 2020

  1. privacyidea: address reviews

    globin committed May 9, 2020
    Copy the full SHA
    f1f0e82 View commit details

Commits on May 10, 2020

  1. syslogng: 3.26.1 -> 3.27.1

    r-ryantm committed May 10, 2020
    Copy the full SHA
    6b1ab0f View commit details
  2. vttest: 20200303 -> 20200420

    r-ryantm committed May 10, 2020
    Copy the full SHA
    bc30ca0 View commit details

Commits on May 11, 2020

  1. gitAndTools.git-machete: 2.13.6 -> 2.14.0

    ###### Motivation for this change
    Update to latest upstream version
    
    ###### Things done
     * [ ]  Tested using sandboxing ([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS, or option `sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file) on non-NixOS linux)
     * Built on platform(s)
    
       * [x]  NixOS
       * [ ]  macOS
       * [ ]  other Linux distributions
     * [ ]  Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
     * [ ]  Tested compilation of all pkgs that depend on this change using `nix-shell -p nix-review --run "nix-review wip"`
     * [x]  Tested execution of all binary files (usually in `./result/bin/`)
     * [ ]  Determined the impact on package closure size (by running `nix path-info -S` before and after)
     * [ ]  Ensured that relevant documentation is up to date
     * [x]  Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md).
    
    ###### Notify maintainers
    cc @worldofpeace @tfc @jtraue
    Travis CI committed May 11, 2020
    Copy the full SHA
    c2350ba View commit details

Commits on May 12, 2020

  1. monolith: 2.2.4 -> 2.2.5

    Br1ght0ne committed May 12, 2020
    Copy the full SHA
    0581aa6 View commit details
  2. wasmer: 0.16.2 -> 0.17.0

    Br1ght0ne committed May 12, 2020
    Copy the full SHA
    e2a5709 View commit details
  3. skopeo: add wrapper

    wrap fuse-overlayfs for storage compatibility with the podman wrapper
    zowoq committed May 12, 2020
    Copy the full SHA
    5a3ba0e View commit details
  4. Copy the full SHA
    f01d716 View commit details
  5. eksctl: 0.18.0 -> 0.19.0

    amarrella committed May 12, 2020
    Copy the full SHA
    d656b9f View commit details

Commits on May 13, 2020

  1. Copy the full SHA
    6007ba5 View commit details
  2. Copy the full SHA
    ff720ad View commit details
  3. znc: 1.7.5 -> 1.8.0

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    bef44fc View commit details
  4. wxmaxima: 20.02.4 -> 20.04.0

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    e07dfd3 View commit details
  5. xpra: 3.0.8 -> 3.0.9

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    057383b View commit details
  6. urlwatch: 2.17 -> 2.18

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    9c93daa View commit details
  7. zotero: 5.0.83 -> 5.0.85

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    2a9ae48 View commit details
  8. tautulli: 2.2.1 -> 2.2.3

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    dd1beb3 View commit details
  9. wpgtk: 6.0.13 -> 6.1.0

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    f88792c View commit details
  10. serviio: 2.0 -> 2.1

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    80e26e1 View commit details
  11. skrooge: 2.21.1 -> 2.22.1

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    3355631 View commit details
  12. synthv1: 0.9.13 -> 0.9.14

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    0dfdd7e View commit details
  13. verilator: 4.032 -> 4.034

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    d11e5f1 View commit details
  14. liburcu: 0.11.1 -> 0.12.1

    r-ryantm authored and Jon committed May 13, 2020
    Copy the full SHA
    b633120 View commit details
  15. Merge pull request #87649 from filalex77/wasmer-0.17.0

    wasmer: 0.16.2 -> 0.17.0
    marsam authored May 13, 2020
    Copy the full SHA
    6a16787 View commit details
  16. Merge pull request #87558 from r-ryantm/auto-update/vttest

    vttest: 20200303 -> 20200420
    marsam authored May 13, 2020
    Copy the full SHA
    d3815f3 View commit details
  17. Merge pull request #87648 from filalex77/monolith-2.2.5

    monolith: 2.2.4 -> 2.2.5
    marsam authored May 13, 2020
    Copy the full SHA
    120d1e0 View commit details
  18. Merge pull request #87490 from r-ryantm/auto-update/syslog-ng

    syslogng: 3.26.1 -> 3.27.1
    marsam authored May 13, 2020
    Copy the full SHA
    410d6a7 View commit details
  19. nushell: 0.13.0 -> 0.14.0

    Br1ght0ne committed May 13, 2020
    Copy the full SHA
    e09e4a4 View commit details
  20. Copy the full SHA
    2548f8b View commit details
  21. Merge pull request #87713 from zowoq/minikube

    minikube: 1.10.0 -> 1.10.1
    marsam authored May 13, 2020
    Copy the full SHA
    d5a8dc3 View commit details
  22. Merge pull request #85687 from mayflower/privacyidea

    Init privacyIDEA packages and modules
    lheckemann authored May 13, 2020
    Copy the full SHA
    db010c5 View commit details
  23. Services,IPFS,Fix: Require the ipfs-migrator package for handling upg…

    …rades.
    
    Without it, the services get stuck on startup when the IPFS repo needs upgrades.
    Dietrich Daroch committed May 13, 2020
    Copy the full SHA
    735c9a7 View commit details
  24. Merge pull request #87709 from zowoq/conmon

    conmon: 2.0.15 -> 2.0.16
    marsam authored May 13, 2020
    Copy the full SHA
    8e09ba3 View commit details
  25. Copy the full SHA
    338a1af View commit details
  26. Merge pull request #86641 from mothsART/feature/new-package-gspeech

    gspeech: init at 0.9.2
    Lassulus authored May 13, 2020
    Copy the full SHA
    a7a7911 View commit details
  27. Merge pull request #87659 from zowoq/skopeo

    skopeo: add wrapper
    nlewo authored May 13, 2020
    Copy the full SHA
    a29c774 View commit details
  28. Merge pull request #87721 from filalex77/nushell-0.14.0

    nushell: 0.13.0 -> 0.14.0
    marsam authored May 13, 2020
    Copy the full SHA
    e908b2e View commit details
  29. Merge pull request #87720 from danieldk/sentencepiece-0.1.90

    sentencepiece: 0.1.86 -> 0.1.90
    marsam authored May 13, 2020
    Copy the full SHA
    f0bf82b View commit details
  30. Merge pull request #87675 from amarrella/update/eksctl

    eksctl: 0.18.0 -> 0.19.0
    marsam authored May 13, 2020
    Copy the full SHA
    7c0acf8 View commit details
  31. Merge pull request #87613 from VirtusLab/git-machete-2.14.0

    gitAndTools.git-machete: 2.13.6 -> 2.14.0
    tfc authored May 13, 2020
    Copy the full SHA
    42c85f2 View commit details
Showing with 669 additions and 51 deletions.
  1. +1 −0 nixos/modules/module-list.nix
  2. +3 −0 nixos/modules/services/network-filesystems/ipfs.nix
  3. +279 −0 nixos/modules/services/security/privacyidea.nix
  4. +1 −0 nixos/tests/all-tests.nix
  5. +36 −0 nixos/tests/privacyidea.nix
  6. +73 −0 pkgs/applications/audio/gspeech/default.nix
  7. +2 −2 pkgs/applications/audio/synthv1/default.nix
  8. +3 −3 pkgs/applications/networking/cluster/minikube/default.nix
  9. +2 −2 pkgs/applications/networking/znc/default.nix
  10. +2 −2 pkgs/applications/office/skrooge/default.nix
  11. +2 −2 pkgs/applications/office/zotero/default.nix
  12. +2 −2 pkgs/applications/science/electronics/verilator/default.nix
  13. +2 −2 pkgs/applications/science/math/wxmaxima/default.nix
  14. +2 −2 pkgs/applications/version-management/git-and-tools/git-machete/default.nix
  15. +2 −2 pkgs/applications/virtualization/conmon/default.nix
  16. +3 −3 pkgs/development/interpreters/wasmer/default.nix
  17. +2 −2 pkgs/development/libraries/liburcu/default.nix
  18. +2 −2 pkgs/development/libraries/sentencepiece/default.nix
  19. +23 −0 pkgs/development/python-modules/flask-versioned/default.nix
  20. +25 −0 pkgs/development/python-modules/huey/default.nix
  21. +51 −0 pkgs/development/python-modules/privacyidea/default.nix
  22. +27 −0 pkgs/development/python-modules/privacyidea/ldap-proxy.nix
  23. +27 −0 pkgs/development/python-modules/pyrad/default.nix
  24. +29 −0 pkgs/development/python-modules/smpplib/default.nix
  25. +21 −0 pkgs/development/python-modules/sqlsoup/default.nix
  26. +8 −1 pkgs/development/tools/skopeo/default.nix
  27. +2 −2 pkgs/servers/serviio/default.nix
  28. +2 −2 pkgs/servers/tautulli/default.nix
  29. +3 −3 pkgs/shells/nushell/default.nix
  30. +2 −2 pkgs/tools/X11/wpgtk/default.nix
  31. +2 −2 pkgs/tools/X11/xpra/default.nix
  32. +3 −3 pkgs/tools/admin/eksctl/default.nix
  33. +3 −3 pkgs/tools/backup/monolith/default.nix
  34. +1 −1 pkgs/tools/filesystems/fuse-overlayfs/default.nix
  35. +2 −2 pkgs/tools/misc/vttest/default.nix
  36. +2 −2 pkgs/tools/networking/urlwatch/default.nix
  37. +2 −2 pkgs/tools/system/syslog-ng/default.nix
  38. +2 −0 pkgs/top-level/all-packages.nix
  39. +13 −0 pkgs/top-level/python-packages.nix
1 change: 1 addition & 0 deletions nixos/modules/module-list.nix
Original file line number Diff line number Diff line change
@@ -792,6 +792,7 @@
./services/security/nginx-sso.nix
./services/security/oauth2_proxy.nix
./services/security/oauth2_proxy_nginx.nix
./services/security/privacyidea.nix
./services/security/physlock.nix
./services/security/shibboleth-sp.nix
./services/security/sks.nix
3 changes: 3 additions & 0 deletions nixos/modules/services/network-filesystems/ipfs.nix
Original file line number Diff line number Diff line change
@@ -217,6 +217,9 @@ in {
createHome = false;
uid = config.ids.uids.ipfs;
description = "IPFS daemon user";
packages = [
pkgs.ipfs-migrator
];
};
};

279 changes: 279 additions & 0 deletions nixos/modules/services/security/privacyidea.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,279 @@
{ config, lib, pkgs, ... }:

with lib;

let
cfg = config.services.privacyidea;

uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; };
python = uwsgi.python3;
penv = python.withPackages (ps: [ ps.privacyidea ]);
logCfg = pkgs.writeText "privacyidea-log.cfg" ''
[formatters]
keys=detail
[handlers]
keys=stream
[formatter_detail]
class=privacyidea.lib.log.SecureFormatter
format=[%(asctime)s][%(process)d][%(thread)d][%(levelname)s][%(name)s:%(lineno)d] %(message)s
[handler_stream]
class=StreamHandler
level=NOTSET
formatter=detail
args=(sys.stdout,)
[loggers]
keys=root,privacyidea
[logger_privacyidea]
handlers=stream
qualname=privacyidea
level=INFO
[logger_root]
handlers=stream
level=ERROR
'';

piCfgFile = pkgs.writeText "privacyidea.cfg" ''
SUPERUSER_REALM = [ '${concatStringsSep "', '" cfg.superuserRealm}' ]
SQLALCHEMY_DATABASE_URI = 'postgresql:///privacyidea'
SECRET_KEY = '${cfg.secretKey}'
PI_PEPPER = '${cfg.pepper}'
PI_ENCFILE = '${cfg.encFile}'
PI_AUDIT_KEY_PRIVATE = '${cfg.auditKeyPrivate}'
PI_AUDIT_KEY_PUBLIC = '${cfg.auditKeyPublic}'
PI_LOGCONFIG = '${logCfg}'
${cfg.extraConfig}
'';

in

{
options = {
services.privacyidea = {
enable = mkEnableOption "PrivacyIDEA";

stateDir = mkOption {
type = types.str;
default = "/var/lib/privacyidea";
description = ''
Directory where all PrivacyIDEA files will be placed by default.
'';
};

superuserRealm = mkOption {
type = types.listOf types.str;
default = [ "super" "administrators" ];
description = ''
The realm where users are allowed to login as administrators.
'';
};

secretKey = mkOption {
type = types.str;
example = "t0p s3cr3t";
description = ''
This is used to encrypt the auth_token.
'';
};

pepper = mkOption {
type = types.str;
example = "Never know...";
description = ''
This is used to encrypt the admin passwords.
'';
};

encFile = mkOption {
type = types.str;
default = "${cfg.stateDir}/enckey";
description = ''
This is used to encrypt the token data and token passwords
'';
};

auditKeyPrivate = mkOption {
type = types.str;
default = "${cfg.stateDir}/private.pem";
description = ''
Private Key for signing the audit log.
'';
};

auditKeyPublic = mkOption {
type = types.str;
default = "${cfg.stateDir}/public.pem";
description = ''
Public key for checking signatures of the audit log.
'';
};

adminPasswordFile = mkOption {
type = types.path;
description = "File containing password for the admin user";
};

adminEmail = mkOption {
type = types.str;
example = "admin@example.com";
description = "Mail address for the admin user";
};

extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Extra configuration options for pi.cfg.
'';
};

user = mkOption {
type = types.str;
default = "privacyidea";
description = "User account under which PrivacyIDEA runs.";
};

group = mkOption {
type = types.str;
default = "privacyidea";
description = "Group account under which PrivacyIDEA runs.";
};

ldap-proxy = {
enable = mkEnableOption "PrivacyIDEA LDAP Proxy";

configFile = mkOption {
type = types.path;
default = "";
description = ''
Path to PrivacyIDEA LDAP Proxy configuration (proxy.ini).
'';
};

user = mkOption {
type = types.str;
default = "pi-ldap-proxy";
description = "User account under which PrivacyIDEA LDAP proxy runs.";
};

group = mkOption {
type = types.str;
default = "pi-ldap-proxy";
description = "Group account under which PrivacyIDEA LDAP proxy runs.";
};
};
};
};

config = mkMerge [

(mkIf cfg.enable {

environment.systemPackages = [ python.pkgs.privacyidea ];

services.postgresql.enable = mkDefault true;

systemd.services.privacyidea = let
piuwsgi = pkgs.writeText "uwsgi.json" (builtins.toJSON {
uwsgi = {
plugins = [ "python3" ];
pythonpath = "${penv}/${uwsgi.python3.sitePackages}";
socket = "/run/privacyidea/socket";
uid = cfg.user;
gid = cfg.group;
chmod-socket = 770;
chown-socket = "${cfg.user}:nginx";
chdir = cfg.stateDir;
wsgi-file = "${penv}/etc/privacyidea/privacyideaapp.wsgi";
processes = 4;
harakiri = 60;
reload-mercy = 8;
stats = "/run/privacyidea/stats.socket";
max-requests = 2000;
limit-as = 1024;
reload-on-as = 512;
reload-on-rss = 256;
no-orphans = true;
vacuum = true;
};
});
in {
wantedBy = [ "multi-user.target" ];
after = [ "postgresql.service" ];
path = with pkgs; [ openssl ];
environment.PRIVACYIDEA_CONFIGFILE = piCfgFile;
preStart = let
pi-manage = "${pkgs.sudo}/bin/sudo -u privacyidea -HE ${penv}/bin/pi-manage";
pgsu = config.services.postgresql.superUser;
psql = config.services.postgresql.package;
in ''
mkdir -p ${cfg.stateDir} /run/privacyidea
chown ${cfg.user}:${cfg.group} -R ${cfg.stateDir} /run/privacyidea
if ! test -e "${cfg.stateDir}/db-created"; then
${pkgs.sudo}/bin/sudo -u ${pgsu} ${psql}/bin/createuser --no-superuser --no-createdb --no-createrole ${cfg.user}
${pkgs.sudo}/bin/sudo -u ${pgsu} ${psql}/bin/createdb --owner ${cfg.user} privacyidea
${pi-manage} create_enckey
${pi-manage} create_audit_keys
${pi-manage} createdb
${pi-manage} admin add admin -e ${cfg.adminEmail} -p "$(cat ${cfg.adminPasswordFile})"
${pi-manage} db stamp head -d ${penv}/lib/privacyidea/migrations
touch "${cfg.stateDir}/db-created"
chmod g+r "${cfg.stateDir}/enckey" "${cfg.stateDir}/private.pem"
fi
${pi-manage} db upgrade -d ${penv}/lib/privacyidea/migrations
'';
serviceConfig = {
Type = "notify";
ExecStart = "${uwsgi}/bin/uwsgi --json ${piuwsgi}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID";
NotifyAccess = "main";
KillSignal = "SIGQUIT";
StandardError = "syslog";
};
};

users.users.privacyidea = mkIf (cfg.user == "privacyidea") {
group = cfg.group;
};

users.groups.privacyidea = mkIf (cfg.group == "privacyidea") {};
})

(mkIf cfg.ldap-proxy.enable {

systemd.services.privacyidea-ldap-proxy = let
ldap-proxy-env = pkgs.python2.withPackages (ps: [ ps.privacyidea-ldap-proxy ]);
in {
description = "privacyIDEA LDAP proxy";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.ldap-proxy.user;
Group = cfg.ldap-proxy.group;
ExecStart = ''
${ldap-proxy-env}/bin/twistd \
--nodaemon \
--pidfile= \
-u ${cfg.ldap-proxy.user} \
-g ${cfg.ldap-proxy.group} \
ldap-proxy \
-c ${cfg.ldap-proxy.configFile}
'';
Restart = "always";
};
};

users.users.pi-ldap-proxy = mkIf (cfg.ldap-proxy.user == "pi-ldap-proxy") {
group = cfg.ldap-proxy.group;
};

users.groups.pi-ldap-proxy = mkIf (cfg.ldap-proxy.group == "pi-ldap-proxy") {};
})
];

}
1 change: 1 addition & 0 deletions nixos/tests/all-tests.nix
Original file line number Diff line number Diff line change
@@ -260,6 +260,7 @@ in
pppd = handleTest ./pppd.nix {};
predictable-interface-names = handleTest ./predictable-interface-names.nix {};
printing = handleTest ./printing.nix {};
privacyidea = handleTest ./privacyidea.nix {};
prometheus = handleTest ./prometheus.nix {};
prometheus-exporters = handleTest ./prometheus-exporters.nix {};
prosody = handleTest ./xmpp/prosody.nix {};
36 changes: 36 additions & 0 deletions nixos/tests/privacyidea.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Miscellaneous small tests that don't warrant their own VM run.

import ./make-test-python.nix ({ pkgs, ...} : rec {
name = "privacyidea";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ fpletz ];
};

machine = { ... }: {
virtualisation.cores = 2;
virtualisation.memorySize = 512;

services.privacyidea = {
enable = true;
secretKey = "testing";
pepper = "testing";
adminPasswordFile = pkgs.writeText "admin-password" "testing";
adminEmail = "root@localhost";
};
services.nginx = {
enable = true;
virtualHosts."_".locations."/".extraConfig = ''
uwsgi_pass unix:/run/privacyidea/socket;
'';
};
};

testScript = ''
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("curl --fail http://localhost | grep privacyIDEA")
machine.succeed(
"curl --fail http://localhost/auth -F username=admin -F password=testing | grep token"
)
'';
})
Loading