Compare commits
5 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
973c18edb2 | ||
|
|
271bc1dc0b | ||
|
|
3432df47f1 | ||
|
|
ba0d3cac4a | ||
|
|
798aa29b45 |
7 changed files with 77 additions and 18 deletions
|
|
@ -352,12 +352,16 @@ let
|
||||||
"expected"
|
"expected"
|
||||||
"result"
|
"result"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
(pkgs.python3.withPackages (ps: [ ps.deepdiff ] ++ ps.deepdiff.optional-dependencies.cli))
|
||||||
|
];
|
||||||
}
|
}
|
||||||
''
|
''
|
||||||
echo "${name} failed (- expected, + result)" > $out
|
echo "${name} failed (- expected, + result)" > $out
|
||||||
cp ''${expectedPath} ''${expectedPath}.json
|
cp ''${expectedPath} ''${expectedPath}.json
|
||||||
cp ''${resultPath} ''${resultPath}.json
|
cp ''${resultPath} ''${resultPath}.json
|
||||||
${pkgs.deepdiff}/bin/deep diff ''${expectedPath}.json ''${resultPath}.json >> $out
|
deep diff ''${expectedPath}.json ''${resultPath}.json >> $out
|
||||||
''
|
''
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -75,6 +75,30 @@ in
|
||||||
config = {
|
config = {
|
||||||
services.davfs2.enable = builtins.length cfg.mounts > 0;
|
services.davfs2.enable = builtins.length cfg.mounts > 0;
|
||||||
|
|
||||||
|
systemd.services = lib.optionalAttrs (builtins.length cfg.mounts > 0) {
|
||||||
|
davfs2-password-generation = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
script = ''
|
||||||
|
mkdir -p /etc/davfs2
|
||||||
|
[ -f /etc/davfs2/secrets ] && mv /etc/davfs2/secrets /etc/davfs2/secrets.prev
|
||||||
|
touch /etc/davfs2/secrets
|
||||||
|
chown root: /etc/davfs2
|
||||||
|
chown root: /etc/davfs2/secrets
|
||||||
|
chmod 700 /etc/davfs2
|
||||||
|
chmod 600 /etc/davfs2/secrets
|
||||||
|
''
|
||||||
|
+ (
|
||||||
|
let
|
||||||
|
mkPasswordCmd = cfg': ''
|
||||||
|
printf "%s %s %s\n" "${cfg'.mountPoint}" "${cfg'.username}" "$(cat ${cfg'.passwordFile})" >> /etc/davfs2/secrets
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
lib.concatStringsSep "\n" (map mkPasswordCmd cfg.mounts)
|
||||||
|
);
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.mounts =
|
systemd.mounts =
|
||||||
let
|
let
|
||||||
mkMountCfg = c: {
|
mkMountCfg = c: {
|
||||||
|
|
@ -82,6 +106,7 @@ in
|
||||||
description = "Webdav mount point";
|
description = "Webdav mount point";
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
wants = [ "network-online.target" ];
|
wants = [ "network-online.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
what = c.remoteUrl;
|
what = c.remoteUrl;
|
||||||
where = c.mountPoint;
|
where = c.mountPoint;
|
||||||
|
|
|
||||||
|
|
@ -249,9 +249,10 @@ in
|
||||||
let
|
let
|
||||||
recursiveFlag = lib.optionalString cfg.snapshotBeforeActivation.recursive "-r";
|
recursiveFlag = lib.optionalString cfg.snapshotBeforeActivation.recursive "-r";
|
||||||
in
|
in
|
||||||
lib.concatMapStringsSep "\n" (ds: "zfs snapshot ${recursiveFlag} ${ds}@\"$name\"") (
|
lib.concatMapStringsSep "\n" (ds: ''
|
||||||
lib.uniqueStrings datasets
|
echo "Taking ZFS snapshot of ${ds}@$name"
|
||||||
)
|
zfs snapshot ${recursiveFlag} ${ds}@"$name"
|
||||||
|
'') (lib.uniqueStrings datasets)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -11,23 +11,13 @@ let
|
||||||
|
|
||||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||||
|
|
||||||
ldap_auth_script_repo = pkgs.fetchFromGitHub {
|
|
||||||
owner = "lldap";
|
|
||||||
repo = "lldap";
|
|
||||||
rev = "7d1f5abc137821c500de99c94f7579761fc949d8";
|
|
||||||
sha256 = "sha256-8D+7ww70Ja6Qwdfa+7MpjAAHewtCWNf/tuTAExoUrg0=";
|
|
||||||
};
|
|
||||||
|
|
||||||
ldap_auth_script = pkgs.writeShellScriptBin "ldap_auth.sh" ''
|
|
||||||
export PATH=${pkgs.gnused}/bin:${pkgs.curl}/bin:${pkgs.jq}/bin
|
|
||||||
exec ${pkgs.bash}/bin/bash ${ldap_auth_script_repo}/example_configs/lldap-ha-auth.sh $@
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Filter secrets from config. Secrets are those of the form { source = <path>; }
|
# Filter secrets from config. Secrets are those of the form { source = <path>; }
|
||||||
secrets = lib.attrsets.filterAttrs (k: v: builtins.isAttrs v) cfg.config;
|
secrets = lib.attrsets.filterAttrs (k: v: builtins.isAttrs v) cfg.config;
|
||||||
|
|
||||||
nonSecrets = (lib.attrsets.filterAttrs (k: v: !(builtins.isAttrs v)) cfg.config);
|
nonSecrets = (lib.attrsets.filterAttrs (k: v: !(builtins.isAttrs v)) cfg.config);
|
||||||
|
|
||||||
|
lldap_ha_auth = pkgs.callPackage ./home-assistant/lldap_ha_auth.nix { };
|
||||||
|
|
||||||
configWithSecretsIncludes = nonSecrets // (lib.attrsets.mapAttrs (k: v: "!secret ${k}") secrets);
|
configWithSecretsIncludes = nonSecrets // (lib.attrsets.mapAttrs (k: v: "!secret ${k}") secrets);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
@ -280,9 +270,10 @@ in
|
||||||
}
|
}
|
||||||
])
|
])
|
||||||
++ (lib.optionals cfg.ldap.enable [
|
++ (lib.optionals cfg.ldap.enable [
|
||||||
|
# https://www.home-assistant.io/docs/authentication/providers/#command-line
|
||||||
{
|
{
|
||||||
type = "command_line";
|
type = "command_line";
|
||||||
command = ldap_auth_script + "/bin/ldap_auth.sh";
|
command = lldap_ha_auth + "/bin/lldap-ha-auth";
|
||||||
args = [
|
args = [
|
||||||
"http://${cfg.ldap.host}:${toString cfg.ldap.port}"
|
"http://${cfg.ldap.host}:${toString cfg.ldap.port}"
|
||||||
cfg.ldap.userGroup
|
cfg.ldap.userGroup
|
||||||
|
|
|
||||||
37
modules/services/home-assistant/lldap_ha_auth.nix
Normal file
37
modules/services/home-assistant/lldap_ha_auth.nix
Normal file
|
|
@ -0,0 +1,37 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
stdenvNoCC,
|
||||||
|
}:
|
||||||
|
stdenvNoCC.mkDerivation {
|
||||||
|
name = "lldap-ha-auth";
|
||||||
|
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "lldap";
|
||||||
|
repo = "lldap";
|
||||||
|
rev = "7d1f5abc137821c500de99c94f7579761fc949d8";
|
||||||
|
sha256 = "sha256-8D+7ww70Ja6Qwdfa+7MpjAAHewtCWNf/tuTAExoUrg0=";
|
||||||
|
};
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
pkgs.makeWrapper
|
||||||
|
];
|
||||||
|
|
||||||
|
buildPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
|
||||||
|
cp example_configs/lldap-ha-auth.sh $out/bin/lldap-ha-auth
|
||||||
|
chmod a+x $out/bin/lldap-ha-auth
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
wrapProgram $out/bin/lldap-ha-auth \
|
||||||
|
--prefix PATH : ${
|
||||||
|
lib.makeBinPath [
|
||||||
|
pkgs.gnused
|
||||||
|
pkgs.curl
|
||||||
|
pkgs.jq
|
||||||
|
]
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
|
@ -59,12 +59,12 @@ in
|
||||||
WEBUI_NAME = "SelfHostBlocks";
|
WEBUI_NAME = "SelfHostBlocks";
|
||||||
|
|
||||||
OLLAMA_BASE_URL = "http://127.0.0.1:''${toString config.services.ollama.port}";
|
OLLAMA_BASE_URL = "http://127.0.0.1:''${toString config.services.ollama.port}";
|
||||||
|
RAG_EMBEDDING_ENGINE = "ollama";
|
||||||
RAG_EMBEDDING_MODEL = "nomic-embed-text:v1.5";
|
RAG_EMBEDDING_MODEL = "nomic-embed-text:v1.5";
|
||||||
|
|
||||||
ENABLE_OPENAI_API = "True";
|
ENABLE_OPENAI_API = "True";
|
||||||
OPENAI_API_BASE_URL = "http://127.0.0.1:''${toString config.services.llama-cpp.port}";
|
OPENAI_API_BASE_URL = "http://127.0.0.1:''${toString config.services.llama-cpp.port}";
|
||||||
ENABLE_WEB_SEARCH = "True";
|
ENABLE_WEB_SEARCH = "True";
|
||||||
RAG_EMBEDDING_ENGINE = "openai";
|
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,7 @@ in
|
||||||
expected = {
|
expected = {
|
||||||
services.davfs2.enable = false;
|
services.davfs2.enable = false;
|
||||||
systemd.mounts = [ ];
|
systemd.mounts = [ ];
|
||||||
|
systemd.services = { };
|
||||||
};
|
};
|
||||||
expr = testConfig { };
|
expr = testConfig { };
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue