mirror of
https://github.com/foo-dogsquared/nixos-config.git
synced 2025-03-15 06:19:00 +00:00
hosts/plover: remove Portunus as LDAP server
It is also replaced with Kanidm (though read-only from its user store).
This commit is contained in:
parent
3d9351a99b
commit
56c0e245ca
@ -36,7 +36,6 @@ in
|
|||||||
# configuring it here will make it too big.
|
# configuring it here will make it too big.
|
||||||
./modules/services/atuin.nix
|
./modules/services/atuin.nix
|
||||||
./modules/services/gitea.nix
|
./modules/services/gitea.nix
|
||||||
./modules/services/portunus.nix
|
|
||||||
./modules/services/kanidm.nix
|
./modules/services/kanidm.nix
|
||||||
./modules/services/vaultwarden.nix
|
./modules/services/vaultwarden.nix
|
||||||
./modules/services/wireguard.nix
|
./modules/services/wireguard.nix
|
||||||
|
@ -1,69 +0,0 @@
|
|||||||
# The LDAP server of choice. Though, it really uses OpenLDAP as the backend so
|
|
||||||
# it's really more like a nice frontend for it so you don't have to experience
|
|
||||||
# the pain of managing an OpenLDAP server.
|
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
ldapDomain = "ldap.${config.networking.fqdn}";
|
|
||||||
portunusUser = config.users.users."${config.services.portunus.user}".name;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
sops.secrets = lib.getSecrets ../../secrets/secrets.yaml {
|
|
||||||
"ldap/users/foodogsquared/password".owner = portunusUser;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.portunus = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
port = 8168;
|
|
||||||
domain = ldapDomain;
|
|
||||||
|
|
||||||
ldap = {
|
|
||||||
searchUserName = "admin";
|
|
||||||
suffix = "dc=foodogsquared,dc=one";
|
|
||||||
};
|
|
||||||
|
|
||||||
seedPath =
|
|
||||||
let
|
|
||||||
seedData = {
|
|
||||||
groups = [
|
|
||||||
{
|
|
||||||
name = "admin-team";
|
|
||||||
long_name = "Portunus Administrators";
|
|
||||||
members = [ "foodogsquared" ];
|
|
||||||
permissions = {
|
|
||||||
portunus.is_admin = true;
|
|
||||||
ldap.can_read = true;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
users = [
|
|
||||||
{
|
|
||||||
login_name = "foodogsquared";
|
|
||||||
given_name = "Gabriel";
|
|
||||||
family_name = "Arazas";
|
|
||||||
email = "foodogsquared@foodogsquared.one";
|
|
||||||
ssh_public_keys =
|
|
||||||
let
|
|
||||||
readFiles = list: lib.lists.map (path: lib.readFile path) list;
|
|
||||||
in
|
|
||||||
readFiles [
|
|
||||||
../../../../users/home-manager/foo-dogsquared/files/ssh-key.pub
|
|
||||||
../../../../users/home-manager/foo-dogsquared/files/ssh-key-2.pub
|
|
||||||
];
|
|
||||||
password.from_command = [ "${pkgs.coreutils}/bin/cat" config.sops.secrets."ldap/users/foodogsquared/password".path ];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
settingsFormat = pkgs.formats.json { };
|
|
||||||
in
|
|
||||||
settingsFormat.generate "portunus-seed" seedData;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Getting this to be accessible in the reverse proxy of choice.
|
|
||||||
services.nginx.virtualHosts."${ldapDomain}" = {
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://localhost:${toString config.services.portunus.port}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user