Merge pull request #23 from privatevoid-net/updates-20220731
Updates 20220731
This commit is contained in:
commit
2c02820910
7 changed files with 26 additions and 79 deletions
36
flake.lock
36
flake.lock
|
@ -96,11 +96,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1654858401,
|
||||
"narHash": "sha256-53bw34DtVJ2bnF6WEwy6Tym+qY0pNEiEwARUlvmTZjs=",
|
||||
"lastModified": 1658746384,
|
||||
"narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
|
||||
"owner": "numtide",
|
||||
"repo": "devshell",
|
||||
"rev": "f55e05c6d3bbe9acc7363bc8fc739518b2f02976",
|
||||
"rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -143,11 +143,11 @@
|
|||
"pre-commit-hooks": "pre-commit-hooks"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1655326915,
|
||||
"narHash": "sha256-jh8HXBycUQ6JljIqPN53Q4p4kmaYnL5ZL7fu3WHK9dk=",
|
||||
"lastModified": 1657655129,
|
||||
"narHash": "sha256-qlxaGIkHKqDb5X0FdQ+eLak4fyIoMWMjQFfX9GC3B9A=",
|
||||
"owner": "nix-community",
|
||||
"repo": "dream2nix",
|
||||
"rev": "caa9c4b5ef1c2d6f81f2651927b01f246b3d78a9",
|
||||
"rev": "b83394e5f27c9f351d681e21374d2af7ed65c6c4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -235,11 +235,11 @@
|
|||
"pre-commit-hooks-nix": "pre-commit-hooks-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1655108975,
|
||||
"narHash": "sha256-BVE61UMEhmXTCkMLoIyuOfGjV0Z4yHNtIiC5VYe02FM=",
|
||||
"lastModified": 1658408533,
|
||||
"narHash": "sha256-gHORUY3B4EufNRokgex8gf+m9I+yEHioDfZpCQ3pvAo=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "hercules-ci-agent",
|
||||
"rev": "2ee7b49b01068d0fbd5bec61fdcd12b525dab5d7",
|
||||
"rev": "0d8c4f153e64c059d1d274306fb38da0ed870bb1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -315,11 +315,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1638883897,
|
||||
"narHash": "sha256-chkeli1ojkr3VfcAUxLueJ2zvF+DE+UPt7XtnmNWxK8=",
|
||||
"lastModified": 1656185874,
|
||||
"narHash": "sha256-sv7lsuARTT+LgMq0mFdFP73CHeqTeIvz2ZHzceQAK+0=",
|
||||
"owner": "mkaito",
|
||||
"repo": "nixos-modded-minecraft-servers",
|
||||
"rev": "429148ffe9f6730f8281671c8591796d3fc064ef",
|
||||
"rev": "74477f0041e76097a6800cda892744b4c4ab26d2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -383,11 +383,11 @@
|
|||
},
|
||||
"locked": {
|
||||
"host": "git.privatevoid.net",
|
||||
"lastModified": 1655504882,
|
||||
"narHash": "sha256-R3pRcYsxpHuCI4Z/XeiBle6qYQWt8IriZP3vz58OpMk=",
|
||||
"lastModified": 1659373312,
|
||||
"narHash": "sha256-ACyS/bZI8rT6MFQDs7B3ogsoMi79dIrN+mna1QiFJLU=",
|
||||
"owner": "max",
|
||||
"repo": "nix-super-fork",
|
||||
"rev": "6281f78ce2059dbbcc98319cff773de5d71fd327",
|
||||
"rev": "16eae95adfce8e781470748b95f32064028c0f27",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
|
@ -399,11 +399,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1655421536,
|
||||
"narHash": "sha256-CjPYLRJj/aglDiY+755CYazTugGco0quzlTo1arVil0=",
|
||||
"lastModified": 1659253578,
|
||||
"narHash": "sha256-9xjr2VFCQEpgCKdfZjOhiaLZ/XozLp+Y3UmUn44wYZg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "87d9c84817d7be81850c07e8f6a362b1dfc30feb",
|
||||
"rev": "ede02b4ccb13557b95058d66146640a2b0bb198f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, inputs, lib, pkgs, tools, ... }:
|
||||
{ config, lib, pkgs, tools, ... }:
|
||||
let
|
||||
inherit (tools.meta) domain;
|
||||
login = x: "https://login.${domain}/auth/realms/master/protocol/openid-connect/${x}";
|
||||
|
@ -17,7 +17,6 @@ in
|
|||
|
||||
services.oauth2_proxy = {
|
||||
enable = true;
|
||||
package = inputs.self.packages.${pkgs.system}.oauth2-proxy;
|
||||
approvalPrompt = "auto";
|
||||
provider = "keycloak";
|
||||
scope = "openid";
|
||||
|
|
|
@ -32,7 +32,6 @@ in
|
|||
|
||||
uptime-kuma.runtime-bugfixes = {
|
||||
patches = [
|
||||
./uptime-kuma/log-in-data-dir.patch
|
||||
./uptime-kuma/chmod-database.patch
|
||||
./uptime-kuma/data-dir-concat-with-slash.patch
|
||||
];
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
diff --git a/server/util-server.js b/server/util-server.js
|
||||
index 39a2d90..ecb404a 100644
|
||||
--- a/server/util-server.js
|
||||
+++ b/server/util-server.js
|
||||
@@ -528,7 +528,7 @@ exports.convertToUTF8 = (body) => {
|
||||
let logFile;
|
||||
|
||||
try {
|
||||
- logFile = fs.createWriteStream("./data/error.log", {
|
||||
+ logFile = fs.createWriteStream((process.env.DATA_DIR || ".") + "/error.log", {
|
||||
flags: "a"
|
||||
});
|
||||
} catch (_) { }
|
|
@ -33,8 +33,6 @@ super: rec {
|
|||
jre = jre17_standard;
|
||||
};
|
||||
|
||||
oauth2-proxy = patch super.oauth2-proxy "patches/base/oauth2-proxy";
|
||||
|
||||
tempo = super.tempo.overrideAttrs (_: {
|
||||
version = builtins.substring 1 (-1) pins.tempo.version;
|
||||
src = super.npins.mkSource pins.tempo;
|
||||
|
|
|
@ -22,9 +22,9 @@
|
|||
"repo": "searxng"
|
||||
},
|
||||
"branch": "master",
|
||||
"revision": "88733c0ce6e76a78593b8e4060e33a617cce3cd8",
|
||||
"url": "https://github.com/searxng/searxng/archive/88733c0ce6e76a78593b8e4060e33a617cce3cd8.tar.gz",
|
||||
"hash": "1pamar97lh0pbkbxqxn4grf9h98jg9xddrz98rgabvriz32rkn6l"
|
||||
"revision": "1fbb514a4ead209c95b4ddca0430f754a4c11554",
|
||||
"url": "https://github.com/searxng/searxng/archive/1fbb514a4ead209c95b4ddca0430f754a4c11554.tar.gz",
|
||||
"hash": "1wllmb7s69fi7pgslkbq4sxxkrywfvi8pj78ichsh2md52idclmq"
|
||||
},
|
||||
"stevenblack-hosts": {
|
||||
"type": "GitRelease",
|
||||
|
@ -63,10 +63,10 @@
|
|||
},
|
||||
"pre_releases": false,
|
||||
"version_upper_bound": null,
|
||||
"version": "1.15.0",
|
||||
"revision": "751924b3355ca44d24ceede1cfdd983383426f5f",
|
||||
"url": "https://api.github.com/repos/louislam/uptime-kuma/tarball/1.15.0",
|
||||
"hash": "0yylwz4xa98d6szp3bk9sy4p6h2fimq8nq4yczw0jd5r81a1dmx9"
|
||||
"version": "1.17.1",
|
||||
"revision": "0ecaa2cbd7131a7a04ff47454ae8ddb903ce1cf6",
|
||||
"url": "https://api.github.com/repos/louislam/uptime-kuma/tarball/1.17.1",
|
||||
"hash": "1v104csjlwmb14yklfyil9h28q3cfl4g3rdjn8cmq8m964ddd84a"
|
||||
}
|
||||
},
|
||||
"version": 2
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
From 0c932b61febe8a458d4bf4ff075feeffb02efc02 Mon Sep 17 00:00:00 2001
|
||||
From: Cullen Walsh <ckwalsh@cullenwalsh.com>
|
||||
Date: Mon, 3 Jan 2022 17:32:33 -0800
|
||||
Subject: [PATCH 1/2] Unbreak oauth2-proxy for keycloak provider after 2c668a
|
||||
|
||||
With 2c668a, oauth2-proxy fails a request if the token validation fails.
|
||||
Token validation always fails with the keycloak provider, due to the
|
||||
valudation request passing the token via the URL, and keycloak not
|
||||
parsing the url for tokens.
|
||||
|
||||
This is fixed by forcing the validation request to pass the token via a
|
||||
header.
|
||||
|
||||
This code taken from the DigitalOcean provider, which presumably forcing
|
||||
the token to be passed via header for the same reason.
|
||||
|
||||
Test plan: I was unable to build a docker image to test the fix, but I
|
||||
believe it is relatively simple, and it passes the "looks good to me"
|
||||
test plan.
|
||||
---
|
||||
providers/keycloak.go | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/providers/keycloak.go b/providers/keycloak.go
|
||||
index c1a873529..4a8af231a 100644
|
||||
--- a/providers/keycloak.go
|
||||
+++ b/providers/keycloak.go
|
||||
@@ -100,3 +100,8 @@ func (p *KeycloakProvider) EnrichSession(ctx context.Context, s *sessions.Sessio
|
||||
|
||||
return nil
|
||||
}
|
||||
+
|
||||
+// ValidateSession validates the AccessToken
|
||||
+func (p *KeycloakProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
|
||||
+ return validateToken(ctx, p, s.AccessToken, makeOIDCHeader(s.AccessToken))
|
||||
+}
|
Loading…
Reference in a new issue