rename ldap block to lldap
This commit is contained in:
parent
0648b8a13c
commit
13f4064e93
19 changed files with 88 additions and 88 deletions
|
|
@ -217,8 +217,8 @@ shb.nextcloud = {
|
|||
apps.ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result;
|
||||
};
|
||||
apps.sso = {
|
||||
|
|
@ -242,8 +242,8 @@ shb.forgejo = {
|
|||
ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@
|
|||
};
|
||||
|
||||
ldap = { config, ... }: {
|
||||
shb.ldap = {
|
||||
shb.lldap = {
|
||||
enable = true;
|
||||
domain = "example.com";
|
||||
subdomain = "ldap";
|
||||
|
|
@ -75,13 +75,13 @@
|
|||
ldapUserPassword.result = config.shb.sops.secret."lldap/user_password".result;
|
||||
jwtSecret.result = config.shb.sops.secret."lldap/jwt_secret".result;
|
||||
};
|
||||
shb.sops.secret."lldap/user_password".request = config.shb.ldap.ldapUserPassword.request;
|
||||
shb.sops.secret."lldap/jwt_secret".request = config.shb.ldap.jwtSecret.request;
|
||||
shb.sops.secret."lldap/user_password".request = config.shb.lldap.ldapUserPassword.request;
|
||||
shb.sops.secret."lldap/jwt_secret".request = config.shb.lldap.jwtSecret.request;
|
||||
|
||||
shb.home-assistant.ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.webUIListenPort;
|
||||
port = config.shb.lldap.webUIListenPort;
|
||||
userGroup = "homeassistant_user";
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@
|
|||
};
|
||||
|
||||
ldap = { config, ... }: {
|
||||
shb.ldap = {
|
||||
shb.lldap = {
|
||||
enable = true;
|
||||
domain = "example.com";
|
||||
subdomain = "ldap";
|
||||
|
|
@ -56,14 +56,14 @@
|
|||
ldapUserPassword.result = config.shb.sops.secret."lldap/user_password".result;
|
||||
jwtSecret.result = config.shb.sops.secret."lldap/jwt_secret".result;
|
||||
};
|
||||
shb.sops.secret."lldap/user_password".request = config.shb.ldap.ldapUserPassword.request;
|
||||
shb.sops.secret."lldap/jwt_secret".request = config.shb.ldap.jwtSecret.request;
|
||||
shb.sops.secret."lldap/user_password".request = config.shb.lldap.ldapUserPassword.request;
|
||||
shb.sops.secret."lldap/jwt_secret".request = config.shb.lldap.jwtSecret.request;
|
||||
|
||||
shb.nextcloud.apps.ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminName = "admin";
|
||||
adminPassword.result = config.shb.sops.secret."nextcloud/ldap_admin_password".result;
|
||||
userGroup = "nextcloud_user";
|
||||
|
|
@ -91,7 +91,7 @@
|
|||
port = lib.mkForce null;
|
||||
ssl = config.shb.certs.certs.selfsigned.n;
|
||||
};
|
||||
shb.ldap.ssl = config.shb.certs.certs.selfsigned.n;
|
||||
shb.lldap.ssl = config.shb.certs.certs.selfsigned.n;
|
||||
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
|
|
@ -114,9 +114,9 @@
|
|||
domain = "example.com";
|
||||
subdomain = "auth";
|
||||
ssl = config.shb.certs.certs.selfsigned.n;
|
||||
ldapPort = config.shb.ldap.ldapPort;
|
||||
ldapPort = config.shb.lldap.ldapPort;
|
||||
ldapHostname = "127.0.0.1";
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
|
||||
secrets = {
|
||||
jwtSecret.result = config.shb.sops.secret."authelia/jwt_secret".result;
|
||||
|
|
|
|||
|
|
@ -38,8 +38,8 @@ shb.nextcloud = {
|
|||
apps.ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result;
|
||||
};
|
||||
apps.sso = {
|
||||
|
|
@ -63,8 +63,8 @@ shb.forgejo = {
|
|||
ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -832,7 +832,7 @@ in
|
|||
};
|
||||
|
||||
shb.certs.certs.letsencrypt.${domain}.extraDomains = [ "ldap.${domain}" ];
|
||||
shb.ldap = {
|
||||
shb.lldap = {
|
||||
enable = true;
|
||||
inherit domain;
|
||||
subdomain = "ldap";
|
||||
|
|
@ -845,8 +845,8 @@ in
|
|||
# restrictAccessIPRange = "192.168.50.0/24";
|
||||
debug = false;
|
||||
};
|
||||
shb.sops.secret."ldap/user_password".request = config.shb.ldap.ldapUserPassword.request;
|
||||
shb.sops.secret."ldap/jwt_secret".request = config.shb.ldap.jwtSecret.request;
|
||||
shb.sops.secret."ldap/user_password".request = config.shb.lldap.ldapUserPassword.request;
|
||||
shb.sops.secret."ldap/jwt_secret".request = config.shb.lldap.jwtSecret.request;
|
||||
|
||||
shb.zfs.datasets."safe/ldap2".path = "/var/lib/private/lldap";
|
||||
|
||||
|
|
@ -873,8 +873,8 @@ in
|
|||
ssl = config.shb.certs.certs.letsencrypt.${domain};
|
||||
|
||||
ldapHostname = "127.0.0.1";
|
||||
ldapPort = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
ldapPort = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
|
||||
smtp = {
|
||||
host = "smtp.eu.mailgun.org";
|
||||
|
|
@ -933,8 +933,8 @@ in
|
|||
ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminPassword.result = config.shb.sops.secret."forgejo/ldap_admin_password".result;
|
||||
};
|
||||
|
||||
|
|
@ -1062,8 +1062,8 @@ in
|
|||
ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminName = "admin";
|
||||
adminPassword.result = config.shb.sops.secret."nextcloud/ldap_admin_password".result;
|
||||
userGroup = "nextcloud_user";
|
||||
|
|
@ -1167,8 +1167,8 @@ in
|
|||
ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminPassword.result = config.shb.sops.secret."jellyfin/ldap_password".result;
|
||||
userGroup = "jellyfin_user";
|
||||
};
|
||||
|
|
@ -1223,7 +1223,7 @@ in
|
|||
ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.webUIListenPort;
|
||||
port = config.shb.lldap.webUIListenPort;
|
||||
userGroup = "homeassistant_user";
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -107,7 +107,7 @@
|
|||
modules/blocks/authelia.nix
|
||||
modules/blocks/davfs.nix
|
||||
modules/blocks/hardcodedsecret.nix
|
||||
modules/blocks/ldap.nix
|
||||
modules/blocks/lldap.nix
|
||||
modules/blocks/monitoring.nix
|
||||
modules/blocks/nginx.nix
|
||||
modules/blocks/postgresql.nix
|
||||
|
|
@ -282,7 +282,7 @@
|
|||
// (vm_test "vaultwarden" ./test/services/vaultwarden.nix)
|
||||
|
||||
// (vm_test "authelia" ./test/blocks/authelia.nix)
|
||||
// (vm_test "ldap" ./test/blocks/ldap.nix)
|
||||
// (vm_test "lldap" ./test/blocks/lldap.nix)
|
||||
// (vm_test "lib" ./test/blocks/lib.nix)
|
||||
// (vm_test "postgresql" ./test/blocks/postgresql.nix)
|
||||
// (vm_test "restic" ./test/blocks/restic.nix)
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.shb.ldap;
|
||||
cfg = config.shb.lldap;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts {};
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
in
|
||||
{
|
||||
options.shb.ldap = {
|
||||
options.shb.lldap = {
|
||||
enable = lib.mkEnableOption "the LDAP service";
|
||||
|
||||
dcdomain = lib.mkOption {
|
||||
|
|
@ -95,7 +95,7 @@ in
|
|||
```
|
||||
shb.zfs.datasets."ldap" = {
|
||||
poolName = "root";
|
||||
} // config.shb.ldap.mount;
|
||||
} // config.shb.lldap.mount;
|
||||
```
|
||||
'';
|
||||
readOnly = true;
|
||||
|
|
@ -26,7 +26,7 @@ sops.secrets."ldap/user_password" = {
|
|||
sopsFile = ./secrets.yaml;
|
||||
};
|
||||
|
||||
shb.ldap.userPassword.result = config.sops.secrets."ldap/user_password".result;
|
||||
shb.lldap.userPassword.result = config.sops.secrets."ldap/user_password".result;
|
||||
```
|
||||
|
||||
The problem this contract intends to fix is how to ensure
|
||||
|
|
@ -43,11 +43,11 @@ The configuration then becomes:
|
|||
|
||||
```nix
|
||||
shb.sops.secrets."ldap/user_password" = {
|
||||
request = config.shb.ldap.userPassword.request;
|
||||
request = config.shb.lldap.userPassword.request;
|
||||
settings.sopsFile = ./secrets.yaml;
|
||||
};
|
||||
|
||||
shb.ldap.userPassword.result = config.shb.sops.secrets."ldap/user_password".result;
|
||||
shb.lldap.userPassword.result = config.shb.sops.secrets."ldap/user_password".result;
|
||||
```
|
||||
|
||||
The issue is now gone as the responsibility falls
|
||||
|
|
@ -63,9 +63,9 @@ sops.defaultSopsFile = ./secrets.yaml;
|
|||
Then the snippet above is even more simplified:
|
||||
|
||||
```nix
|
||||
shb.sops.secrets."ldap/user_password".request = config.shb.ldap.userPassword.request;
|
||||
shb.sops.secrets."ldap/user_password".request = config.shb.lldap.userPassword.request;
|
||||
|
||||
shb.ldap.userPassword.result = config.shb.sops.secrets."ldap/user_password".result;
|
||||
shb.lldap.userPassword.result = config.shb.sops.secrets."ldap/user_password".result;
|
||||
```
|
||||
|
||||
## Contract Reference {#contract-secret-options}
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ We will use the LDAP block provided by Self Host Blocks
|
|||
to setup a [LLDAP](https://github.com/lldap/lldap) service.
|
||||
|
||||
```nix
|
||||
shb.ldap = {
|
||||
shb.lldap = {
|
||||
enable = true;
|
||||
domain = "example.com";
|
||||
subdomain = "ldap";
|
||||
|
|
@ -116,8 +116,8 @@ shb.ldap = {
|
|||
|
||||
shb.certs.certs.letsencrypt."example.com".extraDomains = [ "ldap.example.com" ];
|
||||
|
||||
shb.sops.secrets."ldap/userPassword".request = config.shb.ldap.userPassword.request;
|
||||
shb.sops.secrets."ldap/jwtSecret".request = config.shb.ldap.jwtSecret.request;
|
||||
shb.sops.secrets."ldap/userPassword".request = config.shb.lldap.userPassword.request;
|
||||
shb.sops.secrets."ldap/jwtSecret".request = config.shb.lldap.jwtSecret.request;
|
||||
```
|
||||
|
||||
We also need to configure the `forgejo` service
|
||||
|
|
@ -127,8 +127,8 @@ to talk to the LDAP server we just defined:
|
|||
shb.forgejo.ldap
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminPassword.result = config.shb.sops.secrets."forgejo/ldap/adminPassword".result
|
||||
};
|
||||
|
||||
|
|
@ -139,7 +139,7 @@ shb.sops.secrets."forgejo/ldap/adminPassword" = {
|
|||
```
|
||||
|
||||
The `shb.forgejo.ldap.adminPasswordFile` must be the same
|
||||
as the `shb.ldap.ldapUserPasswordFile` which is achieved
|
||||
as the `shb.lldap.ldapUserPasswordFile` which is achieved
|
||||
with the `key` option.
|
||||
The other secrets can be randomly generated with
|
||||
`nix run nixpkgs#openssl -- rand -hex 64`.
|
||||
|
|
@ -169,8 +169,8 @@ shb.authelia = {
|
|||
ssl = config.shb.certs.certs.letsencrypt."example.com";
|
||||
|
||||
ldapHostname = "127.0.0.1";
|
||||
ldapPort = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
ldapPort = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
|
||||
secrets = {
|
||||
jwtSecret.result = config.shb.sops.secrets."authelia/jwt_secret".result;
|
||||
|
|
@ -194,7 +194,7 @@ shb.sops.secrets."authelia/smtp_password".request = config.shb.authelia.smtp.pas
|
|||
```
|
||||
|
||||
The `shb.authelia.secrets.ldapAdminPasswordFile` must be the same
|
||||
as the `shb.ldap.ldapUserPasswordFile` defined in the previous section.
|
||||
as the `shb.lldap.ldapUserPasswordFile` defined in the previous section.
|
||||
The other secrets can be randomly generated
|
||||
with `nix run nixpkgs#openssl -- rand -hex 64`.
|
||||
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ to setup a [LLDAP](https://github.com/lldap/lldap) service.
|
|||
First, setup the global ldap block if not done yet:
|
||||
|
||||
```nix
|
||||
shb.ldap = {
|
||||
shb.lldap = {
|
||||
enable = true;
|
||||
domain = "example.com";
|
||||
subdomain = "ldap";
|
||||
|
|
@ -134,8 +134,8 @@ shb.ldap = {
|
|||
|
||||
shb.certs.certs.letsencrypt."example.com".extraDomains = [ "ldap.example.com" ];
|
||||
|
||||
shb.sops.secrets."ldap/userPassword".request = config.shb.ldap.userPassword.request;
|
||||
shb.sops.secrets."ldap/jwtSecret".request = config.shb.ldap.jwtSecret.request;
|
||||
shb.sops.secrets."ldap/userPassword".request = config.shb.lldap.userPassword.request;
|
||||
shb.sops.secrets."ldap/jwtSecret".request = config.shb.lldap.jwtSecret.request;
|
||||
```
|
||||
|
||||
We then need to configure the `home-assistant` service
|
||||
|
|
@ -145,7 +145,7 @@ to talk to the LDAP server we just defined:
|
|||
shb.home-assistant.ldap
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.webUIListenPort;
|
||||
port = config.shb.lldap.webUIListenPort;
|
||||
userGroup = "homeassistant_user";
|
||||
};
|
||||
```
|
||||
|
|
|
|||
|
|
@ -154,7 +154,7 @@ We will use the LDAP block provided by Self Host Blocks to setup a
|
|||
If did already configure this for another service, you can skip this snippet.
|
||||
|
||||
```nix
|
||||
shb.ldap = {
|
||||
shb.lldap = {
|
||||
enable = true;
|
||||
domain = "example.com";
|
||||
subdomain = "ldap";
|
||||
|
|
@ -168,8 +168,8 @@ shb.ldap = {
|
|||
|
||||
shb.certs.certs.letsencrypt."example.com".extraDomains = [ "ldap.example.com" ];
|
||||
|
||||
shb.sops.secrets."ldap/userPassword".request = config.shb.ldap.userPassword.request;
|
||||
shb.sops.secrets."ldap/jwtSecret".request = config.shb.ldap.jwtSecret.request;
|
||||
shb.sops.secrets."ldap/userPassword".request = config.shb.lldap.userPassword.request;
|
||||
shb.sops.secrets."ldap/jwtSecret".request = config.shb.lldap.jwtSecret.request;
|
||||
```
|
||||
|
||||
On the `nextcloud` module side, we need to configure it to talk to the LDAP server we
|
||||
|
|
@ -179,8 +179,8 @@ just defined:
|
|||
shb.nextcloud.apps.ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminName = "admin";
|
||||
adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/adminPassword".result
|
||||
userGroup = "nextcloud_user";
|
||||
|
|
@ -192,7 +192,7 @@ shb.sops.secrets."nextcloud/ldap/adminPassword" = {
|
|||
};
|
||||
```
|
||||
|
||||
The LDAP admin password must be shared between `shb.ldap` and `shb.nextcloud`,
|
||||
The LDAP admin password must be shared between `shb.lldap` and `shb.nextcloud`,
|
||||
to do that with SOPS we use the `key` option so that both
|
||||
`sops.secrets."ldap/userPassword"`
|
||||
and `sops.secrets."nextcloud/ldapUserPassword"`
|
||||
|
|
@ -230,8 +230,8 @@ shb.authelia = {
|
|||
ssl = config.shb.certs.certs.letsencrypt."example.com";
|
||||
|
||||
ldapHostname = "127.0.0.1";
|
||||
ldapPort = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
ldapPort = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
|
||||
smtp = {
|
||||
host = "smtp.eu.mailgun.org";
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ in
|
|||
(pkgs'.path + "/nixos/modules/profiles/qemu-guest.nix")
|
||||
../../modules/blocks/authelia.nix
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/blocks/ldap.nix
|
||||
../../modules/blocks/lldap.nix
|
||||
../../modules/blocks/postgresql.nix
|
||||
];
|
||||
|
||||
|
|
@ -28,7 +28,7 @@ in
|
|||
];
|
||||
};
|
||||
|
||||
shb.ldap = {
|
||||
shb.lldap = {
|
||||
enable = true;
|
||||
dcdomain = "dc=example,dc=com";
|
||||
subdomain = "ldap";
|
||||
|
|
@ -38,11 +38,11 @@ in
|
|||
};
|
||||
|
||||
shb.hardcodedsecret.ldapUserPassword = {
|
||||
request = config.shb.ldap.ldapUserPassword.request;
|
||||
request = config.shb.lldap.ldapUserPassword.request;
|
||||
settings.content = ldapAdminPassword;
|
||||
};
|
||||
shb.hardcodedsecret.jwtSecret = {
|
||||
request = config.shb.ldap.jwtSecret.request;
|
||||
request = config.shb.lldap.jwtSecret.request;
|
||||
settings.content = "jwtsecret";
|
||||
};
|
||||
|
||||
|
|
@ -50,9 +50,9 @@ in
|
|||
enable = true;
|
||||
subdomain = "authelia";
|
||||
domain = "machine.com";
|
||||
ldapHostname = "${config.shb.ldap.subdomain}.${config.shb.ldap.domain}";
|
||||
ldapPort = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
ldapHostname = "${config.shb.lldap.subdomain}.${config.shb.lldap.domain}";
|
||||
ldapPort = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
secrets = {
|
||||
jwtSecret.result = config.shb.hardcodedsecret.autheliaJwtSecret.result;
|
||||
ldapAdminPassword.result = config.shb.hardcodedsecret.ldapAdminPassword.result;
|
||||
|
|
|
|||
|
|
@ -18,10 +18,10 @@ in
|
|||
};
|
||||
}
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/blocks/ldap.nix
|
||||
../../modules/blocks/lldap.nix
|
||||
];
|
||||
|
||||
shb.ldap = {
|
||||
shb.lldap = {
|
||||
enable = true;
|
||||
dcdomain = "dc=example,dc=com";
|
||||
subdomain = "ldap";
|
||||
|
|
@ -31,11 +31,11 @@ in
|
|||
debug = true;
|
||||
};
|
||||
shb.hardcodedsecret.ldapUserPassword = {
|
||||
request = config.shb.ldap.ldapUserPassword.request;
|
||||
request = config.shb.lldap.ldapUserPassword.request;
|
||||
settings.content = password;
|
||||
};
|
||||
shb.hardcodedsecret.jwtSecret = {
|
||||
request = config.shb.ldap.jwtSecret.request;
|
||||
request = config.shb.lldap.jwtSecret.request;
|
||||
settings.content = "jwtSecret";
|
||||
};
|
||||
|
||||
|
|
@ -376,7 +376,7 @@ in
|
|||
|
||||
ldap = { config, pkgs, ... }: {
|
||||
imports = [
|
||||
../modules/blocks/ldap.nix
|
||||
../modules/blocks/lldap.nix
|
||||
];
|
||||
|
||||
networking.hosts = {
|
||||
|
|
@ -384,15 +384,15 @@ in
|
|||
};
|
||||
|
||||
shb.hardcodedsecret.ldapUserPassword = {
|
||||
request = config.shb.ldap.ldapUserPassword.request;
|
||||
request = config.shb.lldap.ldapUserPassword.request;
|
||||
settings.content = "ldapUserPassword";
|
||||
};
|
||||
shb.hardcodedsecret.jwtSecret = {
|
||||
request = config.shb.ldap.jwtSecret.request;
|
||||
request = config.shb.lldap.jwtSecret.request;
|
||||
settings.content = "jwtSecrets";
|
||||
};
|
||||
|
||||
shb.ldap = {
|
||||
shb.lldap = {
|
||||
enable = true;
|
||||
inherit (config.test) domain;
|
||||
subdomain = "ldap";
|
||||
|
|
@ -420,8 +420,8 @@ in
|
|||
ssl = config.shb.certs.certs.selfsigned.n;
|
||||
|
||||
ldapHostname = "127.0.0.1";
|
||||
ldapPort = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
ldapPort = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
|
||||
secrets = {
|
||||
jwtSecret.result = config.shb.hardcodedsecret.autheliaJwtSecret.result;
|
||||
|
|
|
|||
|
|
@ -115,8 +115,8 @@ let
|
|||
ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminPassword.result = config.shb.hardcodedsecret.forgejoLdapUserPassword.result;
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ let
|
|||
ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.webUIListenPort;
|
||||
port = config.shb.lldap.webUIListenPort;
|
||||
userGroup = "homeassistant_user";
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -119,8 +119,8 @@ let
|
|||
ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminPassword.result = config.shb.hardcodedsecret.jellyfinLdapUserPassword.result;
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -185,8 +185,8 @@ let
|
|||
apps.ldap = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminName = "admin";
|
||||
adminPassword.result = config.shb.hardcodedsecret.nextcloudLdapUserPassword.result;
|
||||
userGroup = "nextcloud_user";
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ let
|
|||
# ldap = { config, ... }: {
|
||||
# # shb.vaultwarden = {
|
||||
# # ldapHostname = "127.0.0.1";
|
||||
# # ldapPort = config.shb.ldap.webUIListenPort;
|
||||
# # ldapPort = config.shb.lldap.webUIListenPort;
|
||||
# # };
|
||||
# };
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue