rename ldap block to lldap

This commit is contained in:
ibizaman 2025-07-12 21:27:40 +02:00 committed by Pierre Penninckx
parent 0648b8a13c
commit 13f4064e93
19 changed files with 88 additions and 88 deletions

View file

@ -217,8 +217,8 @@ shb.nextcloud = {
apps.ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result;
};
apps.sso = {
@ -242,8 +242,8 @@ shb.forgejo = {
ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result;
};

View file

@ -65,7 +65,7 @@
};
ldap = { config, ... }: {
shb.ldap = {
shb.lldap = {
enable = true;
domain = "example.com";
subdomain = "ldap";
@ -75,13 +75,13 @@
ldapUserPassword.result = config.shb.sops.secret."lldap/user_password".result;
jwtSecret.result = config.shb.sops.secret."lldap/jwt_secret".result;
};
shb.sops.secret."lldap/user_password".request = config.shb.ldap.ldapUserPassword.request;
shb.sops.secret."lldap/jwt_secret".request = config.shb.ldap.jwtSecret.request;
shb.sops.secret."lldap/user_password".request = config.shb.lldap.ldapUserPassword.request;
shb.sops.secret."lldap/jwt_secret".request = config.shb.lldap.jwtSecret.request;
shb.home-assistant.ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.webUIListenPort;
port = config.shb.lldap.webUIListenPort;
userGroup = "homeassistant_user";
};
};

View file

@ -46,7 +46,7 @@
};
ldap = { config, ... }: {
shb.ldap = {
shb.lldap = {
enable = true;
domain = "example.com";
subdomain = "ldap";
@ -56,14 +56,14 @@
ldapUserPassword.result = config.shb.sops.secret."lldap/user_password".result;
jwtSecret.result = config.shb.sops.secret."lldap/jwt_secret".result;
};
shb.sops.secret."lldap/user_password".request = config.shb.ldap.ldapUserPassword.request;
shb.sops.secret."lldap/jwt_secret".request = config.shb.ldap.jwtSecret.request;
shb.sops.secret."lldap/user_password".request = config.shb.lldap.ldapUserPassword.request;
shb.sops.secret."lldap/jwt_secret".request = config.shb.lldap.jwtSecret.request;
shb.nextcloud.apps.ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminName = "admin";
adminPassword.result = config.shb.sops.secret."nextcloud/ldap_admin_password".result;
userGroup = "nextcloud_user";
@ -91,7 +91,7 @@
port = lib.mkForce null;
ssl = config.shb.certs.certs.selfsigned.n;
};
shb.ldap.ssl = config.shb.certs.certs.selfsigned.n;
shb.lldap.ssl = config.shb.certs.certs.selfsigned.n;
services.dnsmasq = {
enable = true;
@ -114,9 +114,9 @@
domain = "example.com";
subdomain = "auth";
ssl = config.shb.certs.certs.selfsigned.n;
ldapPort = config.shb.ldap.ldapPort;
ldapPort = config.shb.lldap.ldapPort;
ldapHostname = "127.0.0.1";
dcdomain = config.shb.ldap.dcdomain;
dcdomain = config.shb.lldap.dcdomain;
secrets = {
jwtSecret.result = config.shb.sops.secret."authelia/jwt_secret".result;

View file

@ -38,8 +38,8 @@ shb.nextcloud = {
apps.ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result;
};
apps.sso = {
@ -63,8 +63,8 @@ shb.forgejo = {
ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result;
};

View file

@ -832,7 +832,7 @@ in
};
shb.certs.certs.letsencrypt.${domain}.extraDomains = [ "ldap.${domain}" ];
shb.ldap = {
shb.lldap = {
enable = true;
inherit domain;
subdomain = "ldap";
@ -845,8 +845,8 @@ in
# restrictAccessIPRange = "192.168.50.0/24";
debug = false;
};
shb.sops.secret."ldap/user_password".request = config.shb.ldap.ldapUserPassword.request;
shb.sops.secret."ldap/jwt_secret".request = config.shb.ldap.jwtSecret.request;
shb.sops.secret."ldap/user_password".request = config.shb.lldap.ldapUserPassword.request;
shb.sops.secret."ldap/jwt_secret".request = config.shb.lldap.jwtSecret.request;
shb.zfs.datasets."safe/ldap2".path = "/var/lib/private/lldap";
@ -873,8 +873,8 @@ in
ssl = config.shb.certs.certs.letsencrypt.${domain};
ldapHostname = "127.0.0.1";
ldapPort = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
ldapPort = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
smtp = {
host = "smtp.eu.mailgun.org";
@ -933,8 +933,8 @@ in
ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminPassword.result = config.shb.sops.secret."forgejo/ldap_admin_password".result;
};
@ -1062,8 +1062,8 @@ in
ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminName = "admin";
adminPassword.result = config.shb.sops.secret."nextcloud/ldap_admin_password".result;
userGroup = "nextcloud_user";
@ -1167,8 +1167,8 @@ in
ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminPassword.result = config.shb.sops.secret."jellyfin/ldap_password".result;
userGroup = "jellyfin_user";
};
@ -1223,7 +1223,7 @@ in
ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.webUIListenPort;
port = config.shb.lldap.webUIListenPort;
userGroup = "homeassistant_user";
};
};

View file

@ -107,7 +107,7 @@
modules/blocks/authelia.nix
modules/blocks/davfs.nix
modules/blocks/hardcodedsecret.nix
modules/blocks/ldap.nix
modules/blocks/lldap.nix
modules/blocks/monitoring.nix
modules/blocks/nginx.nix
modules/blocks/postgresql.nix
@ -282,7 +282,7 @@
// (vm_test "vaultwarden" ./test/services/vaultwarden.nix)
// (vm_test "authelia" ./test/blocks/authelia.nix)
// (vm_test "ldap" ./test/blocks/ldap.nix)
// (vm_test "lldap" ./test/blocks/lldap.nix)
// (vm_test "lib" ./test/blocks/lib.nix)
// (vm_test "postgresql" ./test/blocks/postgresql.nix)
// (vm_test "restic" ./test/blocks/restic.nix)

View file

@ -1,14 +1,14 @@
{ config, pkgs, lib, ... }:
let
cfg = config.shb.ldap;
cfg = config.shb.lldap;
contracts = pkgs.callPackage ../contracts {};
fqdn = "${cfg.subdomain}.${cfg.domain}";
in
{
options.shb.ldap = {
options.shb.lldap = {
enable = lib.mkEnableOption "the LDAP service";
dcdomain = lib.mkOption {
@ -95,7 +95,7 @@ in
```
shb.zfs.datasets."ldap" = {
poolName = "root";
} // config.shb.ldap.mount;
} // config.shb.lldap.mount;
```
'';
readOnly = true;

View file

@ -26,7 +26,7 @@ sops.secrets."ldap/user_password" = {
sopsFile = ./secrets.yaml;
};
shb.ldap.userPassword.result = config.sops.secrets."ldap/user_password".result;
shb.lldap.userPassword.result = config.sops.secrets."ldap/user_password".result;
```
The problem this contract intends to fix is how to ensure
@ -43,11 +43,11 @@ The configuration then becomes:
```nix
shb.sops.secrets."ldap/user_password" = {
request = config.shb.ldap.userPassword.request;
request = config.shb.lldap.userPassword.request;
settings.sopsFile = ./secrets.yaml;
};
shb.ldap.userPassword.result = config.shb.sops.secrets."ldap/user_password".result;
shb.lldap.userPassword.result = config.shb.sops.secrets."ldap/user_password".result;
```
The issue is now gone as the responsibility falls
@ -63,9 +63,9 @@ sops.defaultSopsFile = ./secrets.yaml;
Then the snippet above is even more simplified:
```nix
shb.sops.secrets."ldap/user_password".request = config.shb.ldap.userPassword.request;
shb.sops.secrets."ldap/user_password".request = config.shb.lldap.userPassword.request;
shb.ldap.userPassword.result = config.shb.sops.secrets."ldap/user_password".result;
shb.lldap.userPassword.result = config.shb.sops.secrets."ldap/user_password".result;
```
## Contract Reference {#contract-secret-options}

View file

@ -102,7 +102,7 @@ We will use the LDAP block provided by Self Host Blocks
to setup a [LLDAP](https://github.com/lldap/lldap) service.
```nix
shb.ldap = {
shb.lldap = {
enable = true;
domain = "example.com";
subdomain = "ldap";
@ -116,8 +116,8 @@ shb.ldap = {
shb.certs.certs.letsencrypt."example.com".extraDomains = [ "ldap.example.com" ];
shb.sops.secrets."ldap/userPassword".request = config.shb.ldap.userPassword.request;
shb.sops.secrets."ldap/jwtSecret".request = config.shb.ldap.jwtSecret.request;
shb.sops.secrets."ldap/userPassword".request = config.shb.lldap.userPassword.request;
shb.sops.secrets."ldap/jwtSecret".request = config.shb.lldap.jwtSecret.request;
```
We also need to configure the `forgejo` service
@ -127,8 +127,8 @@ to talk to the LDAP server we just defined:
shb.forgejo.ldap
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminPassword.result = config.shb.sops.secrets."forgejo/ldap/adminPassword".result
};
@ -139,7 +139,7 @@ shb.sops.secrets."forgejo/ldap/adminPassword" = {
```
The `shb.forgejo.ldap.adminPasswordFile` must be the same
as the `shb.ldap.ldapUserPasswordFile` which is achieved
as the `shb.lldap.ldapUserPasswordFile` which is achieved
with the `key` option.
The other secrets can be randomly generated with
`nix run nixpkgs#openssl -- rand -hex 64`.
@ -169,8 +169,8 @@ shb.authelia = {
ssl = config.shb.certs.certs.letsencrypt."example.com";
ldapHostname = "127.0.0.1";
ldapPort = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
ldapPort = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
secrets = {
jwtSecret.result = config.shb.sops.secrets."authelia/jwt_secret".result;
@ -194,7 +194,7 @@ shb.sops.secrets."authelia/smtp_password".request = config.shb.authelia.smtp.pas
```
The `shb.authelia.secrets.ldapAdminPasswordFile` must be the same
as the `shb.ldap.ldapUserPasswordFile` defined in the previous section.
as the `shb.lldap.ldapUserPasswordFile` defined in the previous section.
The other secrets can be randomly generated
with `nix run nixpkgs#openssl -- rand -hex 64`.

View file

@ -120,7 +120,7 @@ to setup a [LLDAP](https://github.com/lldap/lldap) service.
First, setup the global ldap block if not done yet:
```nix
shb.ldap = {
shb.lldap = {
enable = true;
domain = "example.com";
subdomain = "ldap";
@ -134,8 +134,8 @@ shb.ldap = {
shb.certs.certs.letsencrypt."example.com".extraDomains = [ "ldap.example.com" ];
shb.sops.secrets."ldap/userPassword".request = config.shb.ldap.userPassword.request;
shb.sops.secrets."ldap/jwtSecret".request = config.shb.ldap.jwtSecret.request;
shb.sops.secrets."ldap/userPassword".request = config.shb.lldap.userPassword.request;
shb.sops.secrets."ldap/jwtSecret".request = config.shb.lldap.jwtSecret.request;
```
We then need to configure the `home-assistant` service
@ -145,7 +145,7 @@ to talk to the LDAP server we just defined:
shb.home-assistant.ldap
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.webUIListenPort;
port = config.shb.lldap.webUIListenPort;
userGroup = "homeassistant_user";
};
```

View file

@ -154,7 +154,7 @@ We will use the LDAP block provided by Self Host Blocks to setup a
If did already configure this for another service, you can skip this snippet.
```nix
shb.ldap = {
shb.lldap = {
enable = true;
domain = "example.com";
subdomain = "ldap";
@ -168,8 +168,8 @@ shb.ldap = {
shb.certs.certs.letsencrypt."example.com".extraDomains = [ "ldap.example.com" ];
shb.sops.secrets."ldap/userPassword".request = config.shb.ldap.userPassword.request;
shb.sops.secrets."ldap/jwtSecret".request = config.shb.ldap.jwtSecret.request;
shb.sops.secrets."ldap/userPassword".request = config.shb.lldap.userPassword.request;
shb.sops.secrets."ldap/jwtSecret".request = config.shb.lldap.jwtSecret.request;
```
On the `nextcloud` module side, we need to configure it to talk to the LDAP server we
@ -179,8 +179,8 @@ just defined:
shb.nextcloud.apps.ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminName = "admin";
adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/adminPassword".result
userGroup = "nextcloud_user";
@ -192,7 +192,7 @@ shb.sops.secrets."nextcloud/ldap/adminPassword" = {
};
```
The LDAP admin password must be shared between `shb.ldap` and `shb.nextcloud`,
The LDAP admin password must be shared between `shb.lldap` and `shb.nextcloud`,
to do that with SOPS we use the `key` option so that both
`sops.secrets."ldap/userPassword"`
and `sops.secrets."nextcloud/ldapUserPassword"`
@ -230,8 +230,8 @@ shb.authelia = {
ssl = config.shb.certs.certs.letsencrypt."example.com";
ldapHostname = "127.0.0.1";
ldapPort = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
ldapPort = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
smtp = {
host = "smtp.eu.mailgun.org";

View file

@ -14,7 +14,7 @@ in
(pkgs'.path + "/nixos/modules/profiles/qemu-guest.nix")
../../modules/blocks/authelia.nix
../../modules/blocks/hardcodedsecret.nix
../../modules/blocks/ldap.nix
../../modules/blocks/lldap.nix
../../modules/blocks/postgresql.nix
];
@ -28,7 +28,7 @@ in
];
};
shb.ldap = {
shb.lldap = {
enable = true;
dcdomain = "dc=example,dc=com";
subdomain = "ldap";
@ -38,11 +38,11 @@ in
};
shb.hardcodedsecret.ldapUserPassword = {
request = config.shb.ldap.ldapUserPassword.request;
request = config.shb.lldap.ldapUserPassword.request;
settings.content = ldapAdminPassword;
};
shb.hardcodedsecret.jwtSecret = {
request = config.shb.ldap.jwtSecret.request;
request = config.shb.lldap.jwtSecret.request;
settings.content = "jwtsecret";
};
@ -50,9 +50,9 @@ in
enable = true;
subdomain = "authelia";
domain = "machine.com";
ldapHostname = "${config.shb.ldap.subdomain}.${config.shb.ldap.domain}";
ldapPort = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
ldapHostname = "${config.shb.lldap.subdomain}.${config.shb.lldap.domain}";
ldapPort = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
secrets = {
jwtSecret.result = config.shb.hardcodedsecret.autheliaJwtSecret.result;
ldapAdminPassword.result = config.shb.hardcodedsecret.ldapAdminPassword.result;

View file

@ -18,10 +18,10 @@ in
};
}
../../modules/blocks/hardcodedsecret.nix
../../modules/blocks/ldap.nix
../../modules/blocks/lldap.nix
];
shb.ldap = {
shb.lldap = {
enable = true;
dcdomain = "dc=example,dc=com";
subdomain = "ldap";
@ -31,11 +31,11 @@ in
debug = true;
};
shb.hardcodedsecret.ldapUserPassword = {
request = config.shb.ldap.ldapUserPassword.request;
request = config.shb.lldap.ldapUserPassword.request;
settings.content = password;
};
shb.hardcodedsecret.jwtSecret = {
request = config.shb.ldap.jwtSecret.request;
request = config.shb.lldap.jwtSecret.request;
settings.content = "jwtSecret";
};

View file

@ -376,7 +376,7 @@ in
ldap = { config, pkgs, ... }: {
imports = [
../modules/blocks/ldap.nix
../modules/blocks/lldap.nix
];
networking.hosts = {
@ -384,15 +384,15 @@ in
};
shb.hardcodedsecret.ldapUserPassword = {
request = config.shb.ldap.ldapUserPassword.request;
request = config.shb.lldap.ldapUserPassword.request;
settings.content = "ldapUserPassword";
};
shb.hardcodedsecret.jwtSecret = {
request = config.shb.ldap.jwtSecret.request;
request = config.shb.lldap.jwtSecret.request;
settings.content = "jwtSecrets";
};
shb.ldap = {
shb.lldap = {
enable = true;
inherit (config.test) domain;
subdomain = "ldap";
@ -420,8 +420,8 @@ in
ssl = config.shb.certs.certs.selfsigned.n;
ldapHostname = "127.0.0.1";
ldapPort = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
ldapPort = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
secrets = {
jwtSecret.result = config.shb.hardcodedsecret.autheliaJwtSecret.result;

View file

@ -115,8 +115,8 @@ let
ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminPassword.result = config.shb.hardcodedsecret.forgejoLdapUserPassword.result;
};
};

View file

@ -82,7 +82,7 @@ let
ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.webUIListenPort;
port = config.shb.lldap.webUIListenPort;
userGroup = "homeassistant_user";
};
};

View file

@ -119,8 +119,8 @@ let
ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminPassword.result = config.shb.hardcodedsecret.jellyfinLdapUserPassword.result;
};
};

View file

@ -185,8 +185,8 @@ let
apps.ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminName = "admin";
adminPassword.result = config.shb.hardcodedsecret.nextcloudLdapUserPassword.result;
userGroup = "nextcloud_user";

View file

@ -76,7 +76,7 @@ let
# ldap = { config, ... }: {
# # shb.vaultwarden = {
# # ldapHostname = "127.0.0.1";
# # ldapPort = config.shb.ldap.webUIListenPort;
# # ldapPort = config.shb.lldap.webUIListenPort;
# # };
# };