nixify portunus seeds

2023-07-07 17:13:17 +02:00 · 2023-07-07 17:13:17 +02:00 · da7cbfb98c
commit da7cbfb98c
parent e8263b93dc
2 changed files with 41 additions and 55 deletions
--- a/modules/ldap/default.nix
+++ b/modules/ldap/default.nix
@ -1,6 +1,46 @@
 { config, lib, pkgs, ... }:
 let
  domain = "auth.${config.fsr.domain}";
+  seed = {
+    groups = [
+      {
+        name = "admins";
+        long_name = "Portunus Admin";
+        members = [ "admin" ];
+        permissions.portunus.is_admin = true;
+      }
+      {
+        name = "search";
+        long_name = "LDAP search group";
+        members = [ "search" ];
+        permissions.ldap.can_read = true;
+      }
+      {
+        name = "fsr";
+        long_name = "Mitglieder des iFSR";
+      }
+    ];
+    users = [
+      {
+        login_name = "admin";
+        given_name = "admin";
+        family_name = "admin";
+        password.from_command = [
+          "${pkgs.coreutils}/bin/cat"
+          config.sops.secrets."portunus/admin-password".path
+        ];
+      }
+      {
+        login_name = "search";
+        given_name = "search";
+        family_name = "search";
+        password.from_command = [
+          "${pkgs.coreutils}/bin/cat"
+          config.sops.secrets."portunus/search-password".path
+        ];
+      }
+    ];
+  };
 in
 {
  sops.secrets = {
@ -22,7 +62,7 @@ in
    inherit domain;
    port = 8681;
    dex.enable = true;
-    seedPath = ../config/portunus_seeds.json;
+    seedPath = pkgs.writeText "portunus-seed.json" (builtins.toJSON seed);

    ldap = {
      suffix = "dc=ifsr,dc=de";