foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-03-15 06:19:00 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

hosts/plover: remove Portunus as LDAP server

Browse Source 
It is also replaced with Kanidm (though read-only from its user store).
This commit is contained in:
Gabriel Arazas 2023-09-28 18:48:17 +08:00
parent 3d9351a99b
commit 56c0e245ca
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
2 changed files with 0 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/plover/default.nix
View File

@ -36,7 +36,6 @@ in
# configuring it here will make it too big. # configuring it here will make it too big.
./modules/services/atuin.nix ./modules/services/atuin.nix
./modules/services/gitea.nix ./modules/services/gitea.nix
./modules/services/portunus.nix
./modules/services/kanidm.nix ./modules/services/kanidm.nix
./modules/services/vaultwarden.nix ./modules/services/vaultwarden.nix
./modules/services/wireguard.nix ./modules/services/wireguard.nix

69
hosts/plover/modules/services/portunus.nix
View File

@ -1,69 +0,0 @@
# The LDAP server of choice. Though, it really uses OpenLDAP as the backend so
# it's really more like a nice frontend for it so you don't have to experience
# the pain of managing an OpenLDAP server.
{ config, lib, pkgs, ... }:
let
ldapDomain = "ldap.${config.networking.fqdn}";
portunusUser = config.users.users."${config.services.portunus.user}".name;
in
{
sops.secrets = lib.getSecrets ../../secrets/secrets.yaml {
"ldap/users/foodogsquared/password".owner = portunusUser;
};
services.portunus = {
enable = true;
port = 8168;
domain = ldapDomain;
ldap = {
searchUserName = "admin";
suffix = "dc=foodogsquared,dc=one";
};
seedPath =
let
seedData = {
groups = [
{
name = "admin-team";
long_name = "Portunus Administrators";
members = [ "foodogsquared" ];
permissions = {
portunus.is_admin = true;
ldap.can_read = true;
};
}
];
users = [
{
login_name = "foodogsquared";
given_name = "Gabriel";
family_name = "Arazas";
email = "foodogsquared@foodogsquared.one";
ssh_public_keys =
let
readFiles = list: lib.lists.map (path: lib.readFile path) list;
in
readFiles [
../../../../users/home-manager/foo-dogsquared/files/ssh-key.pub
../../../../users/home-manager/foo-dogsquared/files/ssh-key-2.pub
];
password.from_command = [ "${pkgs.coreutils}/bin/cat" config.sops.secrets."ldap/users/foodogsquared/password".path ];
}
];
};
settingsFormat = pkgs.formats.json { };
in
settingsFormat.generate "portunus-seed" seedData;
};
# Getting this to be accessible in the reverse proxy of choice.
services.nginx.virtualHosts."${ldapDomain}" = {
locations."/" = {
proxyPass = "http://localhost:${toString config.services.portunus.port}";
};
};
}