From 6bed81c8a973931ec744d2fd650d874dcd99d4f4 Mon Sep 17 00:00:00 2001
From: Fugi <me@fugi.dev>
Date: Sun, 11 Jun 2023 18:15:06 +0200
Subject: [PATCH] nixify portunus_seeds.json

---
 config/portunus_seeds.json | 54 --------------------------------------
 modules/ldap.nix           | 47 ++++++++++++++++++++++++++++++++-
 2 files changed, 46 insertions(+), 55 deletions(-)
 delete mode 100644 config/portunus_seeds.json

diff --git a/config/portunus_seeds.json b/config/portunus_seeds.json
deleted file mode 100644
index 1baa12e..0000000
--- a/config/portunus_seeds.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-	"groups": [
-		{
-			"name": "admins",
-			"long_name": "Portunus Admins",
-			"members": ["admin"],
-			"permissions": {
-				"portunus": { "is_admin": true },
-				"ldap": { "can_read": true }
-			}
-		},
-		{
-			"name": "ifsr",
-			"long_name": "Mitglieder des ifsr",
-			"members": [],
-			"permissions": {
-				"portunus": { "is_admin": false },
-				"ldap": { "can_read": false }
-			}
-		},
-		{
-			"name": "strukturer",
-			"long_name": "Strukturer des ifsr",
-			"members": [],
-			"permissions": {
-				"portunus": { "is_admin": false },
-				"ldap": { "can_read": false }
-			}
-		},
-		{
-			"name": "search",
-			"long_name": "LDAP search group",
-			"members": ["search"],
-			"permissions": {
-				"portunus": { "is_admin": false },
-				"ldap": { "can_read": true }
-			}
-		}
-	],
-	"users": [
-		{
-			"login_name": "admin",
-			"given_name": "admin",
-			"family_name": "admin",
-			"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/users/admin-password"] }
-		},
-		{
-			"login_name": "search",
-			"given_name": "search",
-			"family_name": "search",
-			"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/users/search-password"] }
-		}
-	]
-}
diff --git a/modules/ldap.nix b/modules/ldap.nix
index 8bca96a..20755e4 100644
--- a/modules/ldap.nix
+++ b/modules/ldap.nix
@@ -1,6 +1,51 @@
 { config, lib, pkgs, ... }:
 let
   domain = "auth.${config.fsr.domain}";
+  seed = {
+    groups = [
+      {
+        name = "admins";
+        long_name = "Portunus Admin";
+        members = [ "admin" ];
+        permissions = {
+          portunus.is_admin = true;
+          ldap.can_read = true;
+        };
+      }
+      {
+        name = "search";
+        long_name = "LDAP search group";
+        members = [ "search" ];
+        permissions = {
+          ldap.can_read = true;
+        };
+      }
+      {
+        name = "fsr";
+        long_name = "Mitglieder des iFSR";
+      }
+    ];
+    users = [
+      {
+        login_name = "admin";
+        given_name = "admin";
+        family_name = "admin";
+        password.from_command = [
+          "${pkgs.coreutils}/bin/cat"
+          config.sops.secrets."portunus/users/admin-password".path
+        ];
+      }
+      {
+        login_name = "search";
+        given_name = "search";
+        family_name = "search";
+        password.from_command = [
+          "${pkgs.coreutils}/bin/cat"
+          config.sops.secrets."portunus/users/search-password".path
+        ];
+      }
+    ];
+  };
 in
 {
   sops.secrets = {
@@ -31,7 +76,7 @@ in
         tls = false;
       };
 
-      seedPath = ../config/portunus_seeds.json;
+      seedPath = pkgs.writeText "portunus-seed.json" (builtins.toJSON seed);
     };
 
     dex.settings.oauth2.skipApprovalScreen = true;