diff --git a/hosts/plover/default.nix b/hosts/plover/default.nix index e2a2397a..78fe30e3 100644 --- a/hosts/plover/default.nix +++ b/hosts/plover/default.nix @@ -36,7 +36,6 @@ in # configuring it here will make it too big. ./modules/services/atuin.nix ./modules/services/gitea.nix - ./modules/services/portunus.nix ./modules/services/kanidm.nix ./modules/services/vaultwarden.nix ./modules/services/wireguard.nix diff --git a/hosts/plover/modules/services/portunus.nix b/hosts/plover/modules/services/portunus.nix deleted file mode 100644 index 427e74c2..00000000 --- a/hosts/plover/modules/services/portunus.nix +++ /dev/null @@ -1,69 +0,0 @@ -# The LDAP server of choice. Though, it really uses OpenLDAP as the backend so -# it's really more like a nice frontend for it so you don't have to experience -# the pain of managing an OpenLDAP server. -{ config, lib, pkgs, ... }: - -let - ldapDomain = "ldap.${config.networking.fqdn}"; - portunusUser = config.users.users."${config.services.portunus.user}".name; -in -{ - sops.secrets = lib.getSecrets ../../secrets/secrets.yaml { - "ldap/users/foodogsquared/password".owner = portunusUser; - }; - - services.portunus = { - enable = true; - - port = 8168; - domain = ldapDomain; - - ldap = { - searchUserName = "admin"; - suffix = "dc=foodogsquared,dc=one"; - }; - - seedPath = - let - seedData = { - groups = [ - { - name = "admin-team"; - long_name = "Portunus Administrators"; - members = [ "foodogsquared" ]; - permissions = { - portunus.is_admin = true; - ldap.can_read = true; - }; - } - ]; - users = [ - { - login_name = "foodogsquared"; - given_name = "Gabriel"; - family_name = "Arazas"; - email = "foodogsquared@foodogsquared.one"; - ssh_public_keys = - let - readFiles = list: lib.lists.map (path: lib.readFile path) list; - in - readFiles [ - ../../../../users/home-manager/foo-dogsquared/files/ssh-key.pub - ../../../../users/home-manager/foo-dogsquared/files/ssh-key-2.pub - ]; - password.from_command = [ "${pkgs.coreutils}/bin/cat" config.sops.secrets."ldap/users/foodogsquared/password".path ]; - } - ]; - }; - settingsFormat = pkgs.formats.json { }; - in - settingsFormat.generate "portunus-seed" seedData; - }; - - # Getting this to be accessible in the reverse proxy of choice. - services.nginx.virtualHosts."${ldapDomain}" = { - locations."/" = { - proxyPass = "http://localhost:${toString config.services.portunus.port}"; - }; - }; -}