2022-12-17 20:54:56 +01:00 · 2022-12-17 19:41:28 +01:00 · 2022-12-17 19:41:48 +01:00 · 2022-12-17 19:41:28 +01:00 · 2022-12-17 19:41:48 +01:00 · 2022-12-17 19:41:28 +01:00
2 changed files with 35 additions and 10 deletions
--- a/config/portunus_seeds.json
+++ b/config/portunus_seeds.json
@ -0,0 +1,34 @@
 {
 	"groups": [
 		{
 			"name": "admins",
 			"long-name": "Portunus Admins",
 			"members": [],
 			"permissions": {
 				"portunus": { "is-admin": true },
 				"ldap": { "can-read": true }
 			}
 		},
 		{
 			"name": "ifsr",
 			"long-name": "Mitglieder des ifsr",
 			"members": [],
 			"permissions": {
 				"portunus": { "is-admin": false },
 				"ldap": { "can-read": false }
 			}
 		},
 		{
 			"name": "strukturer",
 			"long-name": "Strukturer des ifsr",
 			"members": [],
 			"permissions": {
 				"portunus": { "is-admin": false },
 				"ldap": { "can-read": false }
 			}
 		}
 	],
 	"users": [
 		{}
 	]
 }
--- a/modules/ldap.nix
+++ b/modules/ldap.nix
@ -50,15 +50,7 @@ in
      tls = true;
    };
-    # TODO: wohin seed file?
+    seedPath = "../config/portunus_seeds.json";
    seedPath = "";
    # falls wir das brauchen
    # dex = {
    #   enable = true;
    #   ...
    # };
    # searchUserName = "xxx";
  };
  users.ldap = {
@ -68,7 +60,6 @@ in
    # useTLS = true; # nicht nötig weil ldaps domain festgelegt. würde sonst starttls auf port 389 versuchen
  };
  # TODO: acme/letsencrypt oder andere lösung?
  services.nginx = {
    enable = true;
    virtualHosts."${config.services.portunus.domain}" = {