foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 10:58:02 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/plover: update LDAP server with Portunus

Browse Source
This commit is contained in:
Gabriel Arazas 2023-01-01 15:47:06 +08:00
parent c407ffd617
commit dd5ee00ae8
1 changed files with 11 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
hosts/plover/default.nix
View File

@ -163,22 +163,17 @@ in
"${authDomain}" = { "${authDomain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = let locations."/" = {
keycloakPath = path: "http://localhost:${toString config.services.gitea.httpPort}${path}"; proxyPass = "http://localhost:${toString config.services.gitea.httpPort}";
in
{
"/realms".proxyPass = keycloakPath "/realms";
"/resources".proxyPass = keycloakPath "/resources";
"/robots.txt".proxyPass = keycloakPath "/robots.txt";
}; };
}; };
# OpenLDAP server. # Portunus server which also has an OpenLDAP server running.
"${ldapDomain}" = { "${ldapDomain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:389"; proxyPass = "http://localhost:${toString config.services.portunus.port}";
}; };
}; };
}; };
@ -242,60 +237,16 @@ in
]; ];
}; };
# How to overkill your multi-purpose single-user-oriented server that is services.portunus = {
# typically accessed from the web with a single step.
services.openldap = let
openldapPackage = config.services.openldap.package;
in {
enable = true; enable = true;
mutableConfig = true; port = 8168;
domain = ldapDomain;
urlList = [ "ldap:///" "ldaps:///" "ldapi://" ]; ldap = {
searchUserName = "admin";
settings = { suffix = "dc=foodogsquared,dc=one";
attrs = { tls = true;
olcLogLevel = [ "stats" ];
olcTLSCACertificateFile = "${certs.${ldapDomain}.directory}/fullchain.pem";
olcTLSCertificateFile = "${certs.${ldapDomain}.directory}/chain.pem";
olcTLSCertificateKeyFile = "${certs.${ldapDomain}.directory}/key.pem";
};
children = {
"olcDatabase={-1}frontend".attrs = {
objectClass = "olcDatabaseConfig";
olcDatabase = "{-1}frontend";
olcAccess = [ "{0}to * by dn.exact=uidNumber=0+gidNumber=0,cn=peercred,cn=external,cn=auth manage stop by * none stop" ];
};
"olcDatabase={0}config".attrs = {
objectClass = "olcDatabaseConfig";
olcDatabase = "{0}config";
olcAccess = [ "{0}to * by * none break" ];
};
"olcDatabase={1}mdb".attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/ldap";
olcDbIndex = [
"objectClass eq"
"cn pres,eq"
"uid pres,eq"
"sn pres,eq,subany"
];
olcSuffix = "dc=foodogsquared,dc=one";
olcRootDN = "cn=Manager,dc=foodogsquared,dc=one";
olcAccess = [ "{0}to * by * read break" ];
olcRootPW = "{SSHA}xR54l7YZSD8QjnGeDJkikJm3/+HupUbo";
};
"cn=schema".includes = [
"${openldapPackage}/etc/schema/core.ldif"
"${openldapPackage}/etc/schema/cosine.ldif"
"${openldapPackage}/etc/schema/inetorgperson.ldif"
];
};
}; };
}; };