forked from wurzel/fruitbasket
nixify portunus seeds
This commit is contained in:
parent
e8263b93dc
commit
da7cbfb98c
GPG key ID:
4472A20091BFA792
2 changed files with 41 additions and 55 deletions
|
|
@ -1,54 +0,0 @@
|
||||||
{
|
|
||||||
"groups": [
|
|
||||||
{
|
|
||||||
"name": "admins",
|
|
||||||
"long_name": "Portunus Admins",
|
|
||||||
"members": ["admin"],
|
|
||||||
"permissions": {
|
|
||||||
"portunus": { "is_admin": true },
|
|
||||||
"ldap": { "can_read": true }
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "ifsr",
|
|
||||||
"long_name": "Mitglieder des ifsr",
|
|
||||||
"members": [],
|
|
||||||
"permissions": {
|
|
||||||
"portunus": { "is_admin": false },
|
|
||||||
"ldap": { "can_read": false }
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "strukturer",
|
|
||||||
"long_name": "Strukturer des ifsr",
|
|
||||||
"members": [],
|
|
||||||
"permissions": {
|
|
||||||
"portunus": { "is_admin": false },
|
|
||||||
"ldap": { "can_read": false }
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "search",
|
|
||||||
"long_name": "LDAP search group",
|
|
||||||
"members": ["search"],
|
|
||||||
"permissions": {
|
|
||||||
"portunus": { "is_admin": false },
|
|
||||||
"ldap": { "can_read": true }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"users": [
|
|
||||||
{
|
|
||||||
"login_name": "admin",
|
|
||||||
"given_name": "admin",
|
|
||||||
"family_name": "admin",
|
|
||||||
"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/admin-password"] }
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"login_name": "search",
|
|
||||||
"given_name": "search",
|
|
||||||
"family_name": "search",
|
|
||||||
"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/search-password"] }
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
@ -1,6 +1,46 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
domain = "auth.${config.fsr.domain}";
|
domain = "auth.${config.fsr.domain}";
|
||||||
|
seed = {
|
||||||
|
groups = [
|
||||||
|
{
|
||||||
|
name = "admins";
|
||||||
|
long_name = "Portunus Admin";
|
||||||
|
members = [ "admin" ];
|
||||||
|
permissions.portunus.is_admin = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "search";
|
||||||
|
long_name = "LDAP search group";
|
||||||
|
members = [ "search" ];
|
||||||
|
permissions.ldap.can_read = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "fsr";
|
||||||
|
long_name = "Mitglieder des iFSR";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
users = [
|
||||||
|
{
|
||||||
|
login_name = "admin";
|
||||||
|
given_name = "admin";
|
||||||
|
family_name = "admin";
|
||||||
|
password.from_command = [
|
||||||
|
"${pkgs.coreutils}/bin/cat"
|
||||||
|
config.sops.secrets."portunus/admin-password".path
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
login_name = "search";
|
||||||
|
given_name = "search";
|
||||||
|
family_name = "search";
|
||||||
|
password.from_command = [
|
||||||
|
"${pkgs.coreutils}/bin/cat"
|
||||||
|
config.sops.secrets."portunus/search-password".path
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
|
|
@ -22,7 +62,7 @@ in
|
||||||
inherit domain;
|
inherit domain;
|
||||||
port = 8681;
|
port = 8681;
|
||||||
dex.enable = true;
|
dex.enable = true;
|
||||||
seedPath = ../config/portunus_seeds.json;
|
seedPath = pkgs.writeText "portunus-seed.json" (builtins.toJSON seed);
|
||||||
|
|
||||||
ldap = {
|
ldap = {
|
||||||
suffix = "dc=ifsr,dc=de";
|
suffix = "dc=ifsr,dc=de";
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue