mirror of
https://github.com/materusPL/nixos-config
synced 2026-07-02 12:46:42 +00:00
waffentrager: config lldap
This commit is contained in:
@@ -2,9 +2,10 @@
|
||||
{
|
||||
imports =
|
||||
[
|
||||
./lldap.nix
|
||||
];
|
||||
config =
|
||||
{
|
||||
|
||||
waffentragerService.auth.lldap.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
{ config, pkgs, lib, materusArg, ... }:
|
||||
{
|
||||
options.waffentragerService.auth.lldap.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable lldap";
|
||||
config =
|
||||
let
|
||||
cfg = config.waffentragerService.auth.lldap;
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
waffentragerService.elements.enable = true;
|
||||
systemd.services.lldap = {
|
||||
partOf = [ "elements-mount.service" ];
|
||||
requires = [ "elements-mount.service" ];
|
||||
after = [ "elements-mount.service" ];
|
||||
serviceConfig = {
|
||||
DynamicUser = lib.mkForce false;
|
||||
WorkingDirectory = lib.mkForce config.waffentragerService.elements.lldapDir;
|
||||
};
|
||||
};
|
||||
users.groups.lldap = { };
|
||||
users.users.lldap = {
|
||||
group = "lldap";
|
||||
isSystemUser = true;
|
||||
};
|
||||
sops.secrets.jwt = { owner = "lldap"; group = "lldap";};
|
||||
services.lldap.enable = true;
|
||||
services.lldap.environment = {
|
||||
LLDAP_JWT_SECRET_FILE = config.sops.secrets.jwt.path;
|
||||
};
|
||||
services.lldap.settings = {
|
||||
ldap_base_dn = "dc=podkos,dc=pl";
|
||||
database_url = "sqlite://${config.waffentragerService.elements.lldapDir}/users.db?mode=rwc";
|
||||
http_url = "http://mamba.podkos.pl";
|
||||
ldap_user_dn = "master";
|
||||
ldap_user_email = "materus@podkos.pl";
|
||||
key_seed = materusArg.waffentrager.lldap.seed;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -5,6 +5,7 @@
|
||||
options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; };
|
||||
options.waffentragerService.elements.postgresqlDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/postgresql"; };
|
||||
options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
|
||||
options.waffentragerService.elements.lldapDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/lldap"; };
|
||||
config =
|
||||
let
|
||||
cfg = config.waffentragerService.elements;
|
||||
@@ -27,6 +28,9 @@
|
||||
'' + lib.optionalString config.waffentragerService.nextcloud.enable ''
|
||||
mkdir -p ${cfg.nextcloudDir}
|
||||
chown -R nextcloud:nextcloud ${cfg.nextcloudDir}
|
||||
'' + lib.optionalString config.waffentragerService.auth.lldap.enable ''
|
||||
mkdir -p ${cfg.lldapDir}
|
||||
chown -R lldap:lldap ${cfg.lldapDir}
|
||||
''
|
||||
|
||||
;
|
||||
|
||||
@@ -7,6 +7,18 @@
|
||||
cfg = config.waffentragerService.samba;
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
waffentragerService.elements.enable = true;
|
||||
|
||||
systemd.services.samba-nmbd = {
|
||||
partOf = [ "elements-mount.service" ];
|
||||
requires = [ "elements-mount.service" ];
|
||||
after = [ "elements-mount.service" ];
|
||||
};
|
||||
systemd.services.samba-wsdd = {
|
||||
partOf = [ "elements-mount.service" ];
|
||||
requires = [ "elements-mount.service" ];
|
||||
after = [ "elements-mount.service" ];
|
||||
};
|
||||
services.samba-wsdd.enable = true;
|
||||
services.samba-wsdd.openFirewall = true;
|
||||
services.samba = {
|
||||
|
||||
@@ -7,8 +7,15 @@
|
||||
cfg = config.waffentragerService.syncthing;
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
waffentragerService.elements.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 22000 config.services.syncthing.relay.statusPort config.services.syncthing.relay.port];
|
||||
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
|
||||
systemd.services.syncthing = {
|
||||
partOf = [ "elements-mount.service" ];
|
||||
requires = [ "elements-mount.service" ];
|
||||
after = [ "elements-mount.service" ];
|
||||
};
|
||||
services = {
|
||||
syncthing = {
|
||||
enable = true;
|
||||
|
||||
Reference in New Issue
Block a user