nixify portunus seeds

2023-07-07 17:13:17 +02:00 · 2023-07-07 17:13:17 +02:00 · da7cbfb98c
parent e8263b93dc
commit da7cbfb98c
2 changed files with 41 additions and 55 deletions
--- a/config/portunus_seeds.json
+++ b/config/portunus_seeds.json
@ -1,54 +0,0 @@
-{
-	"groups": [
-		{
-			"name": "admins",
-			"long_name": "Portunus Admins",
-			"members": ["admin"],
-			"permissions": {
-				"portunus": { "is_admin": true },
-				"ldap": { "can_read": true }
-			}
-		},
-		{
-			"name": "ifsr",
-			"long_name": "Mitglieder des ifsr",
-			"members": [],
-			"permissions": {
-				"portunus": { "is_admin": false },
-				"ldap": { "can_read": false }
-			}
-		},
-		{
-			"name": "strukturer",
-			"long_name": "Strukturer des ifsr",
-			"members": [],
-			"permissions": {
-				"portunus": { "is_admin": false },
-				"ldap": { "can_read": false }
-			}
-		},
-		{
-			"name": "search",
-			"long_name": "LDAP search group",
-			"members": ["search"],
-			"permissions": {
-				"portunus": { "is_admin": false },
-				"ldap": { "can_read": true }
-			}
-		}
-	],
-	"users": [
-		{
-			"login_name": "admin",
-			"given_name": "admin",
-			"family_name": "admin",
-			"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/admin-password"] }
-		},
-		{
-			"login_name": "search",
-			"given_name": "search",
-			"family_name": "search",
-			"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/search-password"] }
-		}
-	]
-}
--- a/modules/ldap/default.nix
+++ b/modules/ldap/default.nix
@ -1,6 +1,46 @@
 { config, lib, pkgs, ... }:
 let
  domain = "auth.${config.fsr.domain}";
+  seed = {
+    groups = [
+      {
+        name = "admins";
+        long_name = "Portunus Admin";
+        members = [ "admin" ];
+        permissions.portunus.is_admin = true;
+      }
+      {
+        name = "search";
+        long_name = "LDAP search group";
+        members = [ "search" ];
+        permissions.ldap.can_read = true;
+      }
+      {
+        name = "fsr";
+        long_name = "Mitglieder des iFSR";
+      }
+    ];
+    users = [
+      {
+        login_name = "admin";
+        given_name = "admin";
+        family_name = "admin";
+        password.from_command = [
+          "${pkgs.coreutils}/bin/cat"
+          config.sops.secrets."portunus/admin-password".path
+        ];
+      }
+      {
+        login_name = "search";
+        given_name = "search";
+        family_name = "search";
+        password.from_command = [
+          "${pkgs.coreutils}/bin/cat"
+          config.sops.secrets."portunus/search-password".path
+        ];
+      }
+    ];
+  };
 in
 {
  sops.secrets = {
@ -22,7 +62,7 @@ in
    inherit domain;
    port = 8681;
    dex.enable = true;
-    seedPath = ../config/portunus_seeds.json;
+    seedPath = pkgs.writeText "portunus-seed.json" (builtins.toJSON seed);

    ldap = {
      suffix = "dc=ifsr,dc=de";