waffentrager: config lldap

This commit is contained in:
2024-07-13 15:44:07 +02:00
parent 6a1700f0b7
commit 7abe845c5a
7 changed files with 66 additions and 3 deletions
@@ -2,9 +2,10 @@
{
imports =
[
./lldap.nix
];
config =
{
waffentragerService.auth.lldap.enable = true;
};
}
@@ -0,0 +1,38 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.waffentragerService.auth.lldap.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable lldap";
config =
let
cfg = config.waffentragerService.auth.lldap;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
systemd.services.lldap = {
partOf = [ "elements-mount.service" ];
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
serviceConfig = {
DynamicUser = lib.mkForce false;
WorkingDirectory = lib.mkForce config.waffentragerService.elements.lldapDir;
};
};
users.groups.lldap = { };
users.users.lldap = {
group = "lldap";
isSystemUser = true;
};
sops.secrets.jwt = { owner = "lldap"; group = "lldap";};
services.lldap.enable = true;
services.lldap.environment = {
LLDAP_JWT_SECRET_FILE = config.sops.secrets.jwt.path;
};
services.lldap.settings = {
ldap_base_dn = "dc=podkos,dc=pl";
database_url = "sqlite://${config.waffentragerService.elements.lldapDir}/users.db?mode=rwc";
http_url = "http://mamba.podkos.pl";
ldap_user_dn = "master";
ldap_user_email = "materus@podkos.pl";
key_seed = materusArg.waffentrager.lldap.seed;
};
};
}
@@ -5,6 +5,7 @@
options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; };
options.waffentragerService.elements.postgresqlDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/postgresql"; };
options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
options.waffentragerService.elements.lldapDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/lldap"; };
config =
let
cfg = config.waffentragerService.elements;
@@ -27,6 +28,9 @@
'' + lib.optionalString config.waffentragerService.nextcloud.enable ''
mkdir -p ${cfg.nextcloudDir}
chown -R nextcloud:nextcloud ${cfg.nextcloudDir}
'' + lib.optionalString config.waffentragerService.auth.lldap.enable ''
mkdir -p ${cfg.lldapDir}
chown -R lldap:lldap ${cfg.lldapDir}
''
;
@@ -7,6 +7,18 @@
cfg = config.waffentragerService.samba;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
systemd.services.samba-nmbd = {
partOf = [ "elements-mount.service" ];
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
systemd.services.samba-wsdd = {
partOf = [ "elements-mount.service" ];
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
services.samba-wsdd.enable = true;
services.samba-wsdd.openFirewall = true;
services.samba = {
@@ -7,8 +7,15 @@
cfg = config.waffentragerService.syncthing;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
networking.firewall.allowedTCPPorts = [ 22000 config.services.syncthing.relay.statusPort config.services.syncthing.relay.port];
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
systemd.services.syncthing = {
partOf = [ "elements-mount.service" ];
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
services = {
syncthing = {
enable = true;