mirror of
https://github.com/materusPL/nixos-config
synced 2026-07-02 12:46:42 +00:00
waffentrager: updates to use ldap and postgres, fix samba characters
This commit is contained in:
@@ -0,0 +1,80 @@
|
||||
{ config, pkgs, lib, materusArg, ... }:
|
||||
{
|
||||
options.waffentragerService.auth.authelia.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable authelia";
|
||||
config =
|
||||
let
|
||||
cfg = config.waffentragerService.auth.authelia;
|
||||
port = 9091;
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
sops.secrets."authelia-storagekey" = { owner = "authelia"; };
|
||||
sops.secrets."authelia-database" = { owner = "authelia"; };
|
||||
sops.secrets."ldap-master" = { owner = "authelia"; };
|
||||
users.users.authelia = {
|
||||
group = "lldap";
|
||||
isSystemUser = true;
|
||||
};
|
||||
services.authelia.instances.main = {
|
||||
enable = true;
|
||||
user = "authelia";
|
||||
environmentVariables = {
|
||||
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = config.sops.secrets."ldap-master".path;
|
||||
AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = config.sops.secrets."authelia-database".path;
|
||||
};
|
||||
secrets = {
|
||||
jwtSecretFile = config.sops.secrets.jwt.path;
|
||||
storageEncryptionKeyFile = config.sops.secrets."authelia-storagekey".path;
|
||||
};
|
||||
settings = {
|
||||
access_control = {
|
||||
default_policy = "one_factor";
|
||||
};
|
||||
authentication_backend = {
|
||||
ldap.url = "ldap://127.0.0.1:3890";
|
||||
ldap.implementation = "custom";
|
||||
ldap.base_dn = config.services.lldap.settings.ldap_base_dn;
|
||||
ldap.user = "CN=master,ou=people,DC=podkos,DC=pl";
|
||||
ldap.additional_users_dn = "OU=people";
|
||||
ldap.users_filter = "(&({username_attribute}={input})(objectClass=person))";
|
||||
ldap.additional_groups_dn = "OU=groups";
|
||||
ldap.groups_filter = "(&(member={dn})(objectClass=groupOfNames))";
|
||||
};
|
||||
storage = {
|
||||
postgres.host = "/var/run/postgresql";
|
||||
postgres.port = "5432";
|
||||
postgres.database = "authelia";
|
||||
postgres.username = "authelia";
|
||||
|
||||
};
|
||||
notifier = {
|
||||
disable_startup_check = false;
|
||||
filesystem.filename = "/tmp/test_notification.txt";
|
||||
};
|
||||
session = {
|
||||
name = "materus-session";
|
||||
domain = "materus.pl";
|
||||
};
|
||||
|
||||
default_redirection_url = "https://materus.pl";
|
||||
server.port = port;
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."gatekeeper.materus.pl" = {
|
||||
forceSSL = true;
|
||||
http3 = true;
|
||||
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
|
||||
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
|
||||
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${builtins.toString port}";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -3,9 +3,11 @@
|
||||
imports =
|
||||
[
|
||||
./lldap.nix
|
||||
./authelia.nix
|
||||
];
|
||||
config =
|
||||
{
|
||||
waffentragerService.auth.lldap.enable = true;
|
||||
waffentragerService.auth.authelia.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -45,7 +45,7 @@
|
||||
group = "lldap";
|
||||
isSystemUser = true;
|
||||
};
|
||||
sops.secrets.jwt = { owner = "lldap"; group = "lldap"; };
|
||||
sops.secrets.jwt = { owner = "lldap"; group = "lldap"; mode = "0440"; };
|
||||
sops.secrets."lldap-database" = { owner = "lldap"; group = "lldap"; };
|
||||
services.lldap.enable = true;
|
||||
services.lldap.environmentFile = config.sops.templates."lldap.env".path;
|
||||
@@ -60,6 +60,8 @@
|
||||
|
||||
services.lldap.settings = {
|
||||
ldap_base_dn = "dc=podkos,dc=pl";
|
||||
|
||||
ldap_host = "127.0.0.1";
|
||||
http_url = "https://mamba.podkos.pl";
|
||||
ldap_user_dn = "master";
|
||||
ldap_user_email = "materus@podkos.pl";
|
||||
|
||||
@@ -25,11 +25,11 @@
|
||||
package = pkgs.nextcloud29;
|
||||
hostName = "waffentrager.materus.pl";
|
||||
home = config.waffentragerService.elements.nextcloudDir;
|
||||
config.adminuser = "master";
|
||||
config.adminuser = "nextcloud-master";
|
||||
config.adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
|
||||
config.dbtype = "pgsql";
|
||||
extraAppsEnable = true;
|
||||
maxUploadSize = "4G";
|
||||
maxUploadSize = "8G";
|
||||
https = true;
|
||||
enableImagemagick = true;
|
||||
configureRedis = true;
|
||||
|
||||
@@ -35,6 +35,9 @@
|
||||
hosts deny = 0.0.0.0/0
|
||||
guest account = nobody
|
||||
map to guest = bad user
|
||||
mangled names = no
|
||||
dos charset = CP850
|
||||
unix charset = UTF-8
|
||||
'';
|
||||
shares = {
|
||||
materus = {
|
||||
@@ -42,10 +45,10 @@
|
||||
browseable = "yes";
|
||||
"read only" = "no";
|
||||
"guest ok" = "no";
|
||||
"create mask" = "0644";
|
||||
"directory mask" = "0755";
|
||||
"create mask" = "0770";
|
||||
"directory mask" = "0770";
|
||||
"force user" = "materus";
|
||||
"force group" = "users";
|
||||
"force group" = "nextcloud";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -7,9 +7,7 @@
|
||||
cfg = config.waffentragerService.syncthing;
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
waffentragerService.elements.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 22000 config.services.syncthing.relay.statusPort config.services.syncthing.relay.port];
|
||||
waffentragerService.elements.enable = true; networking.firewall.allowedTCPPorts = [ 22000 config.services.syncthing.relay.statusPort config.services.syncthing.relay.port];
|
||||
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
|
||||
systemd.services.syncthing = {
|
||||
partOf = [ "elements-mount.service" ];
|
||||
@@ -20,6 +18,7 @@
|
||||
syncthing = {
|
||||
enable = true;
|
||||
user = "materus";
|
||||
group = "nextcloud";
|
||||
dataDir = "${config.waffentragerService.elements.path}/storage/materus";
|
||||
configDir = "${config.waffentragerService.elements.path}/storage/materus/Inne/Config/Syncthing/waffentrager/";
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user