4 changed files with 17 additions and 33 deletions
--- a/machines/gerd/services/authelia/authelia.nix
+++ b/machines/gerd/services/authelia/authelia.nix
@ -90,20 +90,6 @@ in {
          user = config.mine.shared.settings.ldap.bind_dn;
        };
      };
      # authelia have changed how the by-default handles auth, so in theory everything
      # should contact the `userinfo` endpoint. but not everything does, which leads to us
      # having to create a default policy for this
      # https://github.com/pulsejet/nextcloud-oidc-login/issues/311#issuecomment-2763239352
      identity_providers.oidc.claims_policies.default.id_token = [
        "rat"
        "groups"
        "email"
        "email_verified"
        "alt_emails"
        "preferred_username"
        "name"
      ];
    };
  };
--- a/machines/gerd/services/nextcloud.nix
+++ b/machines/gerd/services/nextcloud.nix
@ -142,10 +142,10 @@ in {
    extraApps = {
      inherit (config.services.nextcloud.package.packages.apps) contacts calendar tasks gpoddersync;
      oidc_login = let
-        version = "3.2.2";
+        version = "3.2.0";
        # TODO(eyJhb): add to niv
      in pkgs.fetchNextcloudApp {
-          sha256 = "sha256-RLYquOE83xquzv+s38bahOixQ+y4UI6OxP9HfO26faI=";
+          sha256 = "sha256-DrbaKENMz2QJfbDKCMrNGEZYpUEvtcsiqw9WnveaPZA=";
          url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v${version}/oidc_login.tar.gz";
          license = "agpl3Only";
      };
@ -223,7 +223,6 @@ in {
    client_secret = "$pbkdf2-sha512$310000$kLNQ/1A.uasSN4g8q94jUQ$8OKNUNNumHCh8dVG5/QWys7u.y1guqFXlrL.bMm7/HKTsWhpib/W.8qlU6VU7V1Be/h14Y.fJi3RLvbkEdo2kA";
    consent_mode = "implicit";
    redirect_uris = [ "https://${svc_domain}/apps/oidc_login/oidc" ];
    claims_policy = "default";
    scopes = [
      "openid"
      "profile"
--- a/machines/gerd/services/rallly/default.nix
+++ b/machines/gerd/services/rallly/default.nix
@ -106,7 +106,6 @@ in {
    client_secret = "$pbkdf2-sha512$310000$KB4UqeuVr86lEOoISSE92w$i2YGpz3wRwceiRfYnMUhZ0MboutkDPPYVWnXqiw6tUt./mgZ5kfV1ES.kcdsHhMdavhCrJfWvVTPQRJKImuUrQ";
    consent_mode = "implicit";
    redirect_uris = [ "https://${svc_domain}/api/auth/callback/oidc" ];
    claims_policy = "default";
    scopes = [
      "openid"
      "email"
--- a/shared/sources/sources.json
+++ b/shared/sources/sources.json
@ -5,10 +5,10 @@
        "homepage": "https://matrix.to/#/#agenix:nixos.org",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
+        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
-        "sha256": "0ngkhf7qamibhbl9z1dryzscd36y4fz1m1h6fb2z6fylw0b8029p",
+        "sha256": "006ngydiykjgqs85cl19h9klq8kaqm5zs0ng51dnwy7nzgqxzsdr",
        "type": "tarball",
-        "url": "https://github.com/ryantm/agenix/archive/4835b1dc898959d8547a871ef484930675cb47f1.tar.gz",
+        "url": "https://github.com/ryantm/agenix/archive/e600439ec4c273cf11e06fe4d9d906fb98fa097c.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "disko": {
@ -17,10 +17,10 @@
        "homepage": "",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba",
+        "rev": "51d33bbb7f1e74ba5f9d9a77357735149da99081",
-        "sha256": "06gbwfkzm73xrf2brnlvg0g6dbjjry7xqmaar320dqwclq44jf83",
+        "sha256": "0fg2ym4kc1pcayfg4jka742512r8nackwl8w1syxvg82yasixnjc",
        "type": "tarball",
-        "url": "https://github.com/nix-community/disko/archive/a894f2811e1ee8d10c50560551e50d6ab3c392ba.tar.gz",
+        "url": "https://github.com/nix-community/disko/archive/51d33bbb7f1e74ba5f9d9a77357735149da99081.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "drasl": {
@ -36,10 +36,10 @@
        "homepage": null,
        "owner": "RasmusRendal",
        "repo": "drtvrss",
-        "rev": "2059220fb3342202091179f5496575ed596eab9e",
+        "rev": "1234121a3f615d80bc18107768182fb43df0bbac",
-        "sha256": "017m02xhm8j2i85jq30dm2z3vnxv74f06b7mqi8wz32j95x5qdal",
+        "sha256": "0yxarbbsj4giyszc8pf64d0gy9qsld9skgdxxfgygrgk2wspycnc",
        "type": "tarball",
-        "url": "https://github.com/RasmusRendal/drtvrss/archive/2059220fb3342202091179f5496575ed596eab9e.tar.gz",
+        "url": "https://github.com/RasmusRendal/drtvrss/archive/1234121a3f615d80bc18107768182fb43df0bbac.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "flake-compat": {
@ -48,10 +48,10 @@
        "homepage": null,
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
-        "sha256": "09m84vsz1py50giyfpx0fpc7a4i0r1xsb54dh0dpdg308lp4p188",
+        "sha256": "19d2z6xsvpxm184m41qrpi1bplilwipgnzv9jy17fgw421785q1m",
        "type": "tarball",
-        "url": "https://github.com/edolstra/flake-compat/archive/9100a0f413b0c601e0533d1d94ffd501ce2e7885.tar.gz",
+        "url": "https://github.com/edolstra/flake-compat/archive/ff81ac966bb2cae68946d5ed5fc4994f96d0ffec.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "impermanence": {
@ -72,10 +72,10 @@
        "homepage": null,
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4faa5f5321320e49a78ae7848582f684d64783e9",
+        "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
-        "sha256": "1fcmsax6cs1s6p9apzxg17why08xy47dz226wnb5wwr0aargqlj2",
+        "sha256": "09dahi81cn02gnzsc8a00n945dxc18656ar0ffx5vgxjj1nhgsvy",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/4faa5f5321320e49a78ae7848582f684d64783e9.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    }
 }