reformatting ldap.nix
This commit is contained in:
revol-xut
parent
a15b04b42d
commit
dc6197d138
1 changed files with 55 additions and 47 deletions
100
modules/ldap.nix
100
modules/ldap.nix
|
|
@ -31,7 +31,7 @@ in
|
||||||
user = "${portunusUser}";
|
user = "${portunusUser}";
|
||||||
group = "${portunusGroup}";
|
group = "${portunusGroup}";
|
||||||
domain = "${domain}";
|
domain = "${domain}";
|
||||||
port = 8081;
|
port = 8681;
|
||||||
userRegex = "[a-z_][a-z0-9_.-]*\$?";
|
userRegex = "[a-z_][a-z0-9_.-]*\$?";
|
||||||
dex = {
|
dex = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -45,11 +45,29 @@ in
|
||||||
|
|
||||||
# disables port 389, use 636 with tls
|
# disables port 389, use 636 with tls
|
||||||
# `portunus.domain` resolves to localhost
|
# `portunus.domain` resolves to localhost
|
||||||
tls = true;
|
# tls = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
seedPath = ../config/portunus_seeds.json;
|
seedPath = ../config/portunus_seeds.json;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
services = {
|
||||||
|
dex.settings.oauth2.skipApprovalScreen = true;
|
||||||
|
|
||||||
|
nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."${config.services.portunus.domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations = {
|
||||||
|
"/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
|
||||||
|
"/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.dex.serviceConfig = {
|
systemd.services.dex.serviceConfig = {
|
||||||
DynamicUser = lib.mkForce false;
|
DynamicUser = lib.mkForce false;
|
||||||
EnvironmentFile = config.sops.secrets."dex/environment".path;
|
EnvironmentFile = config.sops.secrets."dex/environment".path;
|
||||||
|
|
@ -59,20 +77,20 @@ in
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
groups = {
|
groups = {
|
||||||
dex = {};
|
dex = { };
|
||||||
|
|
||||||
"${portunusGroup}" = {
|
"${portunusGroup}" = {
|
||||||
name = "${portunusGroup}";
|
name = "${portunusGroup}";
|
||||||
members = [
|
members = [
|
||||||
"${portunusUser}"
|
"${portunusUser}"
|
||||||
#config.systemd.services."matrix-synapse".serviceConfig.User
|
#config.systemd.services."matrix-synapse".serviceConfig.User
|
||||||
config.systemd.services.sogo.serviceConfig.User
|
config.systemd.services.sogo.serviceConfig.User
|
||||||
config.systemd.services.hedgedoc.serviceConfig.User
|
config.systemd.services.hedgedoc.serviceConfig.User
|
||||||
config.systemd.services.mailman.serviceConfig.User
|
config.systemd.services.mailman.serviceConfig.User
|
||||||
config.systemd.services."mailman-web-setup".serviceConfig.User
|
config.systemd.services."mailman-web-setup".serviceConfig.User
|
||||||
config.systemd.services.hyperkitty.serviceConfig.User
|
config.systemd.services.hyperkitty.serviceConfig.User
|
||||||
config.systemd.services.nslcd.serviceConfig.User
|
config.systemd.services.nslcd.serviceConfig.User
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
"${ldapGroup}" = {
|
"${ldapGroup}" = {
|
||||||
name = "${ldapGroup}";
|
name = "${ldapGroup}";
|
||||||
|
|
@ -95,20 +113,20 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ldap =
|
ldap =
|
||||||
let
|
let
|
||||||
portunus = config.services.portunus;
|
portunus = config.services.portunus;
|
||||||
base = "ou=users,${portunus.ldap.suffix}";
|
base = "ou=users,${portunus.ldap.suffix}";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
server = "ldap://localhost";
|
server = "ldap://localhost";
|
||||||
base = base;
|
base = base;
|
||||||
bind = {
|
bind = {
|
||||||
distinguishedName = "uid=${portunus.ldap.searchUserName},${base}";
|
distinguishedName = "uid=${portunus.ldap.searchUserName},${base}";
|
||||||
passwordFile = config.sops.secrets."portunus/users/search-password".path;
|
passwordFile = config.sops.secrets."portunus/users/search-password".path;
|
||||||
|
};
|
||||||
|
daemon.enable = true;
|
||||||
};
|
};
|
||||||
daemon.enable = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
security.pam.services.sshd.text = ''
|
security.pam.services.sshd.text = ''
|
||||||
|
|
@ -135,28 +153,18 @@ in
|
||||||
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
virtualHosts."${config.services.portunus.domain}" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations = {
|
|
||||||
"/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
(self: super:
|
(self: super:
|
||||||
{
|
{
|
||||||
portunus = super.portunus.overrideAttrs (old: {
|
portunus = super.portunus.overrideAttrs (old: {
|
||||||
src = super.fetchFromGitHub {
|
src = super.fetchFromGitHub {
|
||||||
owner = "revol-xut";
|
owner = "revol-xut";
|
||||||
repo = "portunus";
|
repo = "portunus";
|
||||||
rev = "c95528e21782b3477203bc29fc85515f2cb8c8cb";
|
rev = "c95528e21782b3477203bc29fc85515f2cb8c8cb";
|
||||||
sha256 = "";
|
sha256 = "sha256-CmH0HKr+pNDnw0qfDucQrCixFg7Yh8r7Rt7v9+6pNXc=";
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue