vaultwarden: add bitwarden directory sync
This commit is contained in:
parent
aa1b19d964
commit
67d9373ad1
|
@ -18,6 +18,46 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
bitwarden-directory-connector = {
|
||||||
|
enable = true;
|
||||||
|
inherit (config.services.vaultwarden) domain;
|
||||||
|
ldap = {
|
||||||
|
ad = false;
|
||||||
|
hostname = "auth.c3d2.de";
|
||||||
|
port = 636;
|
||||||
|
rootPath = "dc=c3d2,dc=de";
|
||||||
|
ssl = true;
|
||||||
|
startTls = false;
|
||||||
|
username = "uid=search,ou=users,dc=c3d2,dc=de";
|
||||||
|
};
|
||||||
|
secrets = {
|
||||||
|
bitwarden = {
|
||||||
|
client_path_id = config.sops.secrets."bwdc/client-id".path;
|
||||||
|
client_path_secret = config.sops.secrets."bwdc/client-secret".path;
|
||||||
|
};
|
||||||
|
ldap = config.sops.secrets."bwdc/ldap-password".path;
|
||||||
|
};
|
||||||
|
sync = {
|
||||||
|
creationDateAttribute = "";
|
||||||
|
groups = true;
|
||||||
|
groupFilter = "(cn=vaultwarden-*)";
|
||||||
|
groupNameAttribute = "cn";
|
||||||
|
groupObjectClass = "groupOfNames";
|
||||||
|
groupPath = "ou=groups";
|
||||||
|
largeImport = false;
|
||||||
|
memberAttribute = "member";
|
||||||
|
overwriteExisting = false;
|
||||||
|
removeDisabled = true;
|
||||||
|
revisionDateAttribute = "";
|
||||||
|
useEmailPrefixSuffix = false;
|
||||||
|
userEmailAttribute = "mail";
|
||||||
|
userFilter = "(isMemberOf=cn=vaultwarden-users,ou=groups,dc=c3d2,dc=de)";
|
||||||
|
userObjectClass = "person";
|
||||||
|
userPath = "ou=users";
|
||||||
|
users = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
nginx = {
|
nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."vaultwarden.c3d2.de" = {
|
virtualHosts."vaultwarden.c3d2.de" = {
|
||||||
|
@ -26,6 +66,8 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
portunus.addToHosts = true;
|
||||||
|
|
||||||
postgresql = {
|
postgresql = {
|
||||||
package = pkgs.postgresql_16;
|
package = pkgs.postgresql_16;
|
||||||
upgrade.stopServices = [ "vaultwarden" ];
|
upgrade.stopServices = [ "vaultwarden" ];
|
||||||
|
@ -54,6 +96,9 @@
|
||||||
sops = {
|
sops = {
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./secrets.yaml;
|
||||||
secrets = {
|
secrets = {
|
||||||
|
"bwdc/client-id".owner = "bwdc";
|
||||||
|
"bwdc/client-secret".owner = "bwdc";
|
||||||
|
"bwdc/ldap-password".owner = "bwdc";
|
||||||
"vaultwarden/environment".owner = "vaultwarden";
|
"vaultwarden/environment".owner = "vaultwarden";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,3 +1,7 @@
|
||||||
|
bwdc:
|
||||||
|
client-id: ENC[AES256_GCM,data:pFDg11xfXbx/X40z7Rs9Ps35GuK9ncBbB25VYZJMaRyv17fCbMaVJmnvlnFZOkVidg==,iv:SG7QcH/QHJtEAd6eHzakMIHVs5W6EiaPNsh+G9Zku9A=,tag:ZEL1UGJy9lR9himlbGpSoA==,type:str]
|
||||||
|
client-secret: ENC[AES256_GCM,data:41ivEval7TegKbYl+Bla2Dgs2h+P1kTBKUr39qPD,iv:BvsO1GcwGbhYCN92yjSFMZiIhX7s3KlrGd0mJEXN1hA=,tag:G2EbHWjz2N5cqOM9MWqStQ==,type:str]
|
||||||
|
ldap-password: ENC[AES256_GCM,data:DXVH3RNBH+1OguL/yAFPvFUoU1EocEi4TQBT5qVFBF4=,iv:A7IPtApfow+0mWTpNSsZVPWzBw7WjvN4NEAgn9Q8cvY=,tag:7VcvkOjpaDfdPF6fyBbZiQ==,type:str]
|
||||||
restic:
|
restic:
|
||||||
password: ENC[AES256_GCM,data:3t8PjT9cOsv4D6rhRwFSyehsQzofXaXqt/EXK7FiBPg=,iv:HlyNiUsmlma47BhNvLeuew4lx4uldDqL/O8fIsSFOPU=,tag:LBDt+WTU2+z+LfWQ8hqoIw==,type:str]
|
password: ENC[AES256_GCM,data:3t8PjT9cOsv4D6rhRwFSyehsQzofXaXqt/EXK7FiBPg=,iv:HlyNiUsmlma47BhNvLeuew4lx4uldDqL/O8fIsSFOPU=,tag:LBDt+WTU2+z+LfWQ8hqoIw==,type:str]
|
||||||
repositories:
|
repositories:
|
||||||
|
@ -28,8 +32,8 @@ sops:
|
||||||
YVljODQybmFBaENvdlZtcGJNaXdyWjAK7TenBrprqo++EzurqXqatEJncCU5g0JH
|
YVljODQybmFBaENvdlZtcGJNaXdyWjAK7TenBrprqo++EzurqXqatEJncCU5g0JH
|
||||||
9aUpNebhTuauCJQcObj89tjx0EKuafe7Nn2wgiV3hNPIGa4+YXnsSw==
|
9aUpNebhTuauCJQcObj89tjx0EKuafe7Nn2wgiV3hNPIGa4+YXnsSw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-12-20T22:31:55Z"
|
lastmodified: "2023-12-25T19:09:35Z"
|
||||||
mac: ENC[AES256_GCM,data:jK6Bdee8wsTp6etUJzrwgw8yNGJ8iqYYt0aE1tPmnM4aU9mu/Fhj9kidPLIl5ghBYqapXuiFre/jivrldDfQ/xMNntSpMlYqqjgFCPlgCvDUI0auXfIdKGGB5jORzN7i3z2LPm4vX6mFTol5vdOsHzA2dg/KqOGca9zhrbbDKU8=,iv:NAKLcSGNiEjzvlU8YXAbEPpJWFn7erNQ1Lz6NeYxV/Y=,tag:+LqcZL2CUHRnYMAuAMdPpw==,type:str]
|
mac: ENC[AES256_GCM,data:rsQw8nYs78jCTKWHhwOuU8d3SS2pCnKpCo6U3RpWCGIdKMFq8QGBgarycAZgxbGc9ErEct4K4XhZ0pcX5qJgRFPE6YhDuRnKm/kQkmgXe63wPncQhUUq0U3P9q/G1Hs3uJbMyWgnjQQ2Vo8sv9mTbseS8ettbuJUNjK6mnblzIM=,iv:476qCdupCylLCvd9tb+VIDtbbqlw1Z/tezQh/d4jjIo=,tag:azw4aUqFD6zszCCYAny/KA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-12-20T20:48:53Z"
|
- created_at: "2023-12-20T20:48:53Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
Loading…
Reference in New Issue
Block a user