fricloud/server-configs
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

rallly: patch to remove other login methods

Browse source
This commit is contained in:
eyjhb 2025-03-02 17:05:43 +01:00
parent 300efecc13
commit 46f12e25b0
Signed by: eyjhb
GPG key ID: 609F508E3239F920
4 changed files with 110 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

146
machines/gerd/services/rallly/default.nix Normal file
View file

@ -0,0 +1,146 @@
{ config, lib, pkgs, ... }:
let
svc_name = "rallly";
svc_domain = "${svc_name}.${config.mine.shared.settings.domain}";
psqlSocket = "/run/postgresql";
user = "rallly";
port = 7384;
ralllyPkgsOrig = pkgs.callPackage ./../../../../shared/pkgs/rallly {};
ralllyPkgs = ralllyPkgsOrig.overrideAttrs (old: {
patches = (if old ? patches then old.patches else []) ++ [
./patches/remove-login-register.patch
];
});
in {
# setup rallly service
systemd.services.rallly = {
description = "rallly";
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" ];
# configuration
environment = let
rallly-prisma-engines = ralllyPkgs.passthru.rallly-prisma-engines;
in rec {
HOSTNAME = "localhost";
PORT = builtins.toString port;
DATABASE_URL = "postgresql://${user}@localhost/${user}?host=${psqlSocket}";
NEXT_PUBLIC_BASE_URL = "https://${svc_domain}";
NEXTAUTH_URL = NEXT_PUBLIC_BASE_URL;
# SECRET_PASSWORD = "specified-in-env";
# limit signup even further
ALLOWED_EMAILS = "*@${config.mine.shared.settings.domain}";
# email
SUPPORT_EMAIL = "${svc_name}@${config.mine.shared.settings.domain}";
SMTP_HOST = config.mine.shared.settings.mail.domain_smtp;
SMTP_PORT = builtins.toString config.mine.shared.settings.mail.ports.submissions;
SMTP_SECURE = "true";
SMTP_USER = svc_name;
# SMTP_PWD = "specified-in-env";
# OIDC
OIDC_NAME = "Authelia";
OIDC_DISCOVERY_URL = "https://${config.mine.shared.settings.authelia.domain}/.well-known/openid-configuration";
OIDC_CLIENT_ID = "rallly";
# OIDC_CLIENT_SECRET = "specified-in-env";
# prisma things (database will not work without, needs to match version in rallly deps as well)
PRISMA_SCHEMA_ENGINE_BINARY = "${rallly-prisma-engines}/bin/schema-engine";
PRISMA_QUERY_ENGINE_BINARY = "${rallly-prisma-engines}/bin/query-engine";
PRISMA_QUERY_ENGINE_LIBRARY = "${rallly-prisma-engines}/lib/libquery_engine.node";
PRISMA_INTROSPECTION_ENGINE_BINARY = "${rallly-prisma-engines}/bin/introspection-engine";
PRISMA_FMT_BINARY = "${rallly-prisma-engines}/bin/prisma-fmt";
};
# add, otherwise we get warnings
path = [ pkgs.openssl ];
serviceConfig = {
ExecStartPre = [
# clear cache on each boot, otherwise we might have
# issues when updating it.
"${pkgs.findutils}/bin/find -L /var/cache/${svc_name} -mindepth 1 -delete"
# run db migration each boot
"${ralllyPkgs}/bin/rallly-prisma migrate deploy"
];
ExecStart = "${ralllyPkgs}/bin/rallly";
# secret configurations
EnvironmentFile = [ config.age.secrets.rallly-env.path ];
CacheDirectory = svc_name;
CacheDirectoryMode = "0750";
User = user;
DynamicUser = true;
Restart = "always";
};
};
# setup postgresql
services.postgresql = {
ensureDatabases = [ user ];
ensureUsers = [{
name = user;
ensureDBOwnership = true;
}];
};
# setup ldap user for email
services.lldap.provision.users = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
"${svc_name}" = llib.mkProvisionUserSystem "${svc_name}" config.age.secrets.rallly-ldap-pass.path;
});
# authelia
services.authelia.instances.main.settings.identity_providers.oidc.clients = [{
client_id = "rallly";
client_name = "Rallly";
client_secret = "$pbkdf2-sha512$310000$KB4UqeuVr86lEOoISSE92w$i2YGpz3wRwceiRfYnMUhZ0MboutkDPPYVWnXqiw6tUt./mgZ5kfV1ES.kcdsHhMdavhCrJfWvVTPQRJKImuUrQ";
redirect_uris = [ "https://${svc_domain}/api/auth/callback/oidc" ];
scopes = [
"openid"
"email"
"profile"
];
}];
# nginx
services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${builtins.toString port}";
};
# try to disable registration
locations."/api/trpc/auth.requestRegistration" = {
root = pkgs.writeTextDir "index.html" ''
NO REGISTRATION!!
'';
};
};
# meta information!
mine.shared.meta.rallly = {
name = "Rallly";
description = ''Rallly is an open-source scheduling and collaboration tool designed to make organizing events and meetings easier. Please do not try to use the register or normal login, only try to sign in using the SSO method. '';
url = "https://${svc_domain}";
package = let
pkg = ralllyPkgs;
in {
name = pkg.pname;
version = pkg.version;
meta = pkg.meta;
};
};
}

84
machines/gerd/services/rallly/patches/remove-login-register.patch Normal file
View file

@ -0,0 +1,84 @@
diff --git a/apps/web/src/app/[locale]/(auth)/login/login-form.tsx b/apps/web/src/app/[locale]/(auth)/login/login-form.tsx
index d4a2adcf..8137a790 100644
--- a/apps/web/src/app/[locale]/(auth)/login/login-form.tsx
+++ b/apps/web/src/app/[locale]/(auth)/login/login-form.tsx
@@ -159,45 +159,7 @@ export function LoginForm() {
}
})}
>
- <div className="mb-1 text-2xl font-bold">{t("login")}</div>
- <p className="mb-4 text-gray-500">
- {t("stepSummary", {
- current: 1,
- total: 2,
- })}
- </p>
- <fieldset className="mb-2.5">
- <label htmlFor="email" className="mb-1 text-gray-500">
- {t("email")}
- </label>
- <Input
- className="w-full"
- id="email"
- size="lg"
- error={!!formState.errors.email}
- autoFocus={true}
- disabled={formState.isSubmitting}
- placeholder={t("emailPlaceholder")}
- {...register("email", { validate: validEmail })}
- />
- {formState.errors.email?.message ? (
- <div className="mt-2 text-sm text-rose-500">
- {formState.errors.email.message}
- </div>
- ) : null}
- </fieldset>
<div className="flex flex-col gap-2">
- <Button
- loading={formState.isSubmitting}
- type="submit"
- size="lg"
- variant="primary"
- className=""
- >
- {t("loginWith", {
- provider: t("email"),
- })}
- </Button>
{error === "OAuthAccountNotLinked" ? (
<Alert icon={AlertTriangleIcon} variant="destructive">
<AlertTitle>
@@ -216,12 +178,6 @@ export function LoginForm() {
) : null}
{alternativeLoginMethods.length > 0 ? (
<>
- <div className="relative my-4">
- <hr className="border-grey-500 absolute top-1/2 w-full border-t" />
- <span className="absolute left-1/2 -translate-x-1/2 -translate-y-1/2 transform bg-white px-2 text-center text-xs uppercase text-gray-400">
- {t("or", { defaultValue: "Or" })}
- </span>
- </div>
<div className="grid gap-2.5">
{alternativeLoginMethods.map((method, i) => (
<Button size="lg" key={i} onClick={method.login}>
diff --git a/apps/web/src/app/[locale]/(auth)/login/page.tsx b/apps/web/src/app/[locale]/(auth)/login/page.tsx
index 10caefed..28d6c85a 100644
--- a/apps/web/src/app/[locale]/(auth)/login/page.tsx
+++ b/apps/web/src/app/[locale]/(auth)/login/page.tsx
@@ -13,16 +13,6 @@ export default async function LoginPage({ params }: { params: Params }) {
<AuthCard>
<LoginForm />
</AuthCard>
- <div className="mt-4 pt-4 text-center text-gray-500 sm:text-base">
- <Trans
- t={t}
- i18nKey="notRegistered"
- defaults="Don't have an account? <a>Register</a>"
- components={{
- a: <Link href="/register" className="text-link" />,
- }}
- />
- </div>
</div>
);
}