Merge pull request #279050 from SuperSandro2000/portunus-seedsettings
nixos/portunus: add seedSettings option
This commit is contained in:
commit
8219e2c1bc
@ -37,6 +37,15 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
seedSettings = lib.mkOption {
|
||||
type = with lib.types; nullOr (attrsOf (listOf (attrsOf anything)));
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
Seed settings for users and groups.
|
||||
See upstream for format <https://github.com/majewsky/portunus#seeding-users-and-groups-from-static-configuration>
|
||||
'';
|
||||
};
|
||||
|
||||
stateDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/portunus";
|
||||
@ -172,49 +181,53 @@ in
|
||||
"127.0.0.1" = [ cfg.domain ];
|
||||
};
|
||||
|
||||
services.dex = mkIf cfg.dex.enable {
|
||||
enable = true;
|
||||
settings = {
|
||||
issuer = "https://${cfg.domain}/dex";
|
||||
web.http = "127.0.0.1:${toString cfg.dex.port}";
|
||||
storage = {
|
||||
type = "sqlite3";
|
||||
config.file = "/var/lib/dex/dex.db";
|
||||
};
|
||||
enablePasswordDB = false;
|
||||
connectors = [{
|
||||
type = "ldap";
|
||||
id = "ldap";
|
||||
name = "LDAP";
|
||||
config = {
|
||||
host = "${cfg.domain}:636";
|
||||
bindDN = "uid=${cfg.ldap.searchUserName},ou=users,${cfg.ldap.suffix}";
|
||||
bindPW = "$DEX_SEARCH_USER_PASSWORD";
|
||||
userSearch = {
|
||||
baseDN = "ou=users,${cfg.ldap.suffix}";
|
||||
filter = "(objectclass=person)";
|
||||
username = "uid";
|
||||
idAttr = "uid";
|
||||
emailAttr = "mail";
|
||||
nameAttr = "cn";
|
||||
preferredUsernameAttr = "uid";
|
||||
};
|
||||
groupSearch = {
|
||||
baseDN = "ou=groups,${cfg.ldap.suffix}";
|
||||
filter = "(objectclass=groupOfNames)";
|
||||
nameAttr = "cn";
|
||||
userMatchers = [{ userAttr = "DN"; groupAttr = "member"; }];
|
||||
};
|
||||
services = {
|
||||
dex = mkIf cfg.dex.enable {
|
||||
enable = true;
|
||||
settings = {
|
||||
issuer = "https://${cfg.domain}/dex";
|
||||
web.http = "127.0.0.1:${toString cfg.dex.port}";
|
||||
storage = {
|
||||
type = "sqlite3";
|
||||
config.file = "/var/lib/dex/dex.db";
|
||||
};
|
||||
}];
|
||||
enablePasswordDB = false;
|
||||
connectors = [{
|
||||
type = "ldap";
|
||||
id = "ldap";
|
||||
name = "LDAP";
|
||||
config = {
|
||||
host = "${cfg.domain}:636";
|
||||
bindDN = "uid=${cfg.ldap.searchUserName},ou=users,${cfg.ldap.suffix}";
|
||||
bindPW = "$DEX_SEARCH_USER_PASSWORD";
|
||||
userSearch = {
|
||||
baseDN = "ou=users,${cfg.ldap.suffix}";
|
||||
filter = "(objectclass=person)";
|
||||
username = "uid";
|
||||
idAttr = "uid";
|
||||
emailAttr = "mail";
|
||||
nameAttr = "cn";
|
||||
preferredUsernameAttr = "uid";
|
||||
};
|
||||
groupSearch = {
|
||||
baseDN = "ou=groups,${cfg.ldap.suffix}";
|
||||
filter = "(objectclass=groupOfNames)";
|
||||
nameAttr = "cn";
|
||||
userMatchers = [{ userAttr = "DN"; groupAttr = "member"; }];
|
||||
};
|
||||
};
|
||||
}];
|
||||
|
||||
staticClients = forEach cfg.dex.oidcClients (client: {
|
||||
inherit (client) id;
|
||||
redirectURIs = [ client.callbackURL ];
|
||||
name = "OIDC for ${client.id}";
|
||||
secretEnv = "DEX_CLIENT_${client.id}";
|
||||
});
|
||||
staticClients = forEach cfg.dex.oidcClients (client: {
|
||||
inherit (client) id;
|
||||
redirectURIs = [ client.callbackURL ];
|
||||
name = "OIDC for ${client.id}";
|
||||
secretEnv = "DEX_CLIENT_${client.id}";
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
portunus.seedPath = lib.mkIf (cfg.seedSettings != null) (pkgs.writeText "seed.json" (builtins.toJSON cfg.seedSettings));
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
|
Loading…
Reference in New Issue
Block a user