The issue with activation script is the order is alphabetical, meaning
the order the script is assembled is not really set in stone.
Here, because the script had a name starting with `restic`, it was ran
before the `sops` secret generation script. And since the restic script
was trying to use the secrets, it failed.
And if the activation script fails, you get a kernel panic.
This PR continues the work started in
https://github.com/ibizaman/selfhostblocks/pull/314
I had to create my own PR since I couldn't add commits on the fork.
---------
Co-authored-by: sivertism <10866270+sivertism@users.noreply.github.com>
This rabbit hole of a task lead me to:
- Introduce a hardcoded secret module that is a secret provider
for tests.
- Update LDAP and SSO modules to use the secret contract.
- Refactor the replaceSecrets library function to correctly fail
when a secret file could not be read.
This makes the secret contract better (IMNSHO):
- Improves documentation, explains better the reasoning behind the
contract.
- Makes it easier to create an option implementing the secret contract.
This was not the root cause of Nginx not starting.
The root cause was the DNS server was restarting at the same time as
Nginx and wasn't ready yet.
There is no DNS block yet in Self Host Blocks so the code is removed for
now.
Automated changes by the
[update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock)
GitHub Action.
```
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/9ca3f649614213b2aaf5f1e16ec06952fe4c2632?narHash=sha256-7EXDb5WBw%2Bd004Agt%2BJHC/Oyh/KTUglOaQ4MNjBbo5w%3D' (2024-05-27)
→ 'github:nixos/nixpkgs/71e91c409d1e654808b2621f28a327acfdad8dc2?narHash=sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w%3D' (2024-08-28)
```
### Running GitHub Actions on this PR
GitHub Actions will not run workflows on pull requests which are opened
by a GitHub Action.
To run GitHub Actions workflows on this PR, run:
```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This PR irons out the last issues with the backup contract and the
Restic implementation.
I could check it works backing up files to a local folder and to
Backblaze on my server.
This is needed because v3 requires manual intervention to upgrade
otherwise Loki refuses to start. So until there's a fix, reverting is
the easiest fix.
- Fixes#126
- Generate a single oidc_clients.yaml to define all clients
- `public` property of OIDC clients is now a bool (as it should be), not a string.
- sed pattern changed to allow multiple replacements
fixes#22
This commit introduces:
- A few more optional options for the monitoring module, in particular
an SMTP option to setup sending alerts with an STMP server.
- 2 required options for adding a secure key for signing and for an
initial admin password. The latter is nice because at least you can
choose securely the initial admin password instead of it being just
"admin", adding a bit more security to the install process.
- Provisioning Grafana with dashboards, datasources, alerts, contact
points and notification policies.
- Documentation for monitoring in
[docs/blocks/monitoring.md](docs/blocks/monitoring.md).
- A NixOS test that makes sure provisioning did go well as expected.
Fixes#14
The tests actually showed a flaw in the implementation, we needed
"password" and not "trust" in the auth file.
Also, having the port defined at the same time as enabling listening for
TCP/IP connection made no sense.
I want to show how composable this project is. For example, you could
just use the Authelia module to add SSO to any service, not just those
provided here.