Matrix configuration #13

Merged
fugidev merged 7 commits from matrix into main 2023-02-03 15:10:19 +01:00
2 changed files with 33 additions and 13 deletions
Showing only changes of commit fab0899e7e - Show all commits

View file

@ -18,6 +18,10 @@ let
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
# build ldap3 plugin from git because it's very outdated in nixpkgs
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
matrix-synapse-ldap3 = pkgs.python3.pkgs.callPackage ./pkgs/matrix-synapse-ldap3.nix { };
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
# matrix-synapse-ldap3 = config.services.matrix-synapse.package.plugins.matrix-synapse-ldap3;
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
in
{
sops.secrets.matrix_ldap_search = {
@ -71,9 +75,7 @@ in
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
matrix-synapse = {
enable = true;
plugins = with config.services.matrix-synapse.package.plugins; [
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
matrix-synapse-ldap3
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
];
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
plugins = [ matrix-synapse-ldap3 ];
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
settings = {
server_name = domainServer;
@ -94,24 +96,21 @@ in
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
extraConfigFiles = [
(pkgs.writeTextFile {
name = "matrix-synapse-extra-config.yml";
text = ''
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
# `password_providers` is deprecated but `modules` is not supported yet.
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
password_providers:
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
- module: ldap_auth_provider.LdapAuthProvider
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
text = let portunus = config.services.portunus; in ''
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
modules:
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
- module: ldap_auth_provider.LdapAuthProviderModule
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
config:
enabled: true
# have to use fqdn here for tls (still connects to localhost)
uri: ldaps://auth.nix.fugi.dev:636
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
base: ou=users,dc=ifsr,dc=de
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
uri: ldaps://${portunus.domain}:636
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
base: ou=users,${portunus.ldap.suffix}
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
# taken from kaki config
attributes:
uid: uid
mail: uid
name: cn
bind_dn: uid=search,ou=users,dc=ifsr,dc=de
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
# TODO: password file not yet supported - update matrix-synapse-ldap3 or use workaround
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
bind_password: portunus_search
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
# bind_password_file: ${config.sops.secrets.portunus_search.path}
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
bind_dn: uid=search,ou=users,${portunus.ldap.suffix}
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
bind_password_file: ${config.sops.secrets.matrix_ldap_search.path}
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
'';
})
];

tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option
tanneberger commented 2022-12-17 19:43:15 +01:00 (Migrated from github.com)
Review

nixos domain option

nixos domain option

View file

@ -0,0 +1,21 @@
{ isPy3k, buildPythonPackage, pkgs, service-identity, ldap3, twisted, ldaptor, mock }:
buildPythonPackage rec {
pname = "matrix-synapse-ldap3";
version = "0.2.2";
format = "pyproject";
src = pkgs.fetchFromGitHub {
owner = "matrix-org";
repo = "matrix-synapse-ldap3";
rev = "2584736204165f16c176567183f9c350ee253f74";
sha256 = "gMsC5FpC2zt5hypPdGgPbWT/Rwz38EoQz3tj5dQ9BQ8=";
};
propagatedBuildInputs = [ service-identity ldap3 twisted ];
# ldaptor is not ready for py3 yet
doCheck = !isPy3k;
checkInputs = [ ldaptor mock ];
}