package ldap3 plugin
This commit is contained in:
parent
c3134e1e58
commit
fab0899e7e
|
@ -18,6 +18,10 @@ let
|
||||||
add_header Access-Control-Allow-Origin *;
|
add_header Access-Control-Allow-Origin *;
|
||||||
return 200 '${builtins.toJSON data}';
|
return 200 '${builtins.toJSON data}';
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
# build ldap3 plugin from git because it's very outdated in nixpkgs
|
||||||
|
matrix-synapse-ldap3 = pkgs.python3.pkgs.callPackage ./pkgs/matrix-synapse-ldap3.nix { };
|
||||||
|
# matrix-synapse-ldap3 = config.services.matrix-synapse.package.plugins.matrix-synapse-ldap3;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
sops.secrets.matrix_ldap_search = {
|
sops.secrets.matrix_ldap_search = {
|
||||||
|
@ -71,9 +75,7 @@ in
|
||||||
matrix-synapse = {
|
matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
plugins = with config.services.matrix-synapse.package.plugins; [
|
plugins = [ matrix-synapse-ldap3 ];
|
||||||
matrix-synapse-ldap3
|
|
||||||
];
|
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
server_name = domainServer;
|
server_name = domainServer;
|
||||||
|
@ -94,24 +96,21 @@ in
|
||||||
extraConfigFiles = [
|
extraConfigFiles = [
|
||||||
(pkgs.writeTextFile {
|
(pkgs.writeTextFile {
|
||||||
name = "matrix-synapse-extra-config.yml";
|
name = "matrix-synapse-extra-config.yml";
|
||||||
text = ''
|
text = let portunus = config.services.portunus; in ''
|
||||||
# `password_providers` is deprecated but `modules` is not supported yet.
|
modules:
|
||||||
password_providers:
|
- module: ldap_auth_provider.LdapAuthProviderModule
|
||||||
- module: ldap_auth_provider.LdapAuthProvider
|
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
# have to use fqdn here for tls (still connects to localhost)
|
# have to use fqdn here for tls (still connects to localhost)
|
||||||
uri: ldaps://auth.nix.fugi.dev:636
|
uri: ldaps://${portunus.domain}:636
|
||||||
base: ou=users,dc=ifsr,dc=de
|
base: ou=users,${portunus.ldap.suffix}
|
||||||
# taken from kaki config
|
# taken from kaki config
|
||||||
attributes:
|
attributes:
|
||||||
uid: uid
|
uid: uid
|
||||||
mail: uid
|
mail: uid
|
||||||
name: cn
|
name: cn
|
||||||
bind_dn: uid=search,ou=users,dc=ifsr,dc=de
|
bind_dn: uid=search,ou=users,${portunus.ldap.suffix}
|
||||||
# TODO: password file not yet supported - update matrix-synapse-ldap3 or use workaround
|
bind_password_file: ${config.sops.secrets.matrix_ldap_search.path}
|
||||||
bind_password: portunus_search
|
|
||||||
# bind_password_file: ${config.sops.secrets.portunus_search.path}
|
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|
21
modules/pkgs/matrix-synapse-ldap3.nix
Normal file
21
modules/pkgs/matrix-synapse-ldap3.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{ isPy3k, buildPythonPackage, pkgs, service-identity, ldap3, twisted, ldaptor, mock }:
|
||||||
|
|
||||||
|
buildPythonPackage rec {
|
||||||
|
pname = "matrix-synapse-ldap3";
|
||||||
|
version = "0.2.2";
|
||||||
|
|
||||||
|
format = "pyproject";
|
||||||
|
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "matrix-org";
|
||||||
|
repo = "matrix-synapse-ldap3";
|
||||||
|
rev = "2584736204165f16c176567183f9c350ee253f74";
|
||||||
|
sha256 = "gMsC5FpC2zt5hypPdGgPbWT/Rwz38EoQz3tj5dQ9BQ8=";
|
||||||
|
};
|
||||||
|
|
||||||
|
propagatedBuildInputs = [ service-identity ldap3 twisted ];
|
||||||
|
|
||||||
|
# ldaptor is not ready for py3 yet
|
||||||
|
doCheck = !isPy3k;
|
||||||
|
checkInputs = [ ldaptor mock ];
|
||||||
|
}
|
Loading…
Reference in a new issue