nixos-modules/modules/portunus.nix

{ config, lib, ... }:

let
  cfg = config.services.portunus;
in
{
  options.services.portunus = {
    addToHosts = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = lib.mdDoc "Whether to add a hosts entry for the portunus domain pointing to externalIp";
    };

    internalIp4 = lib.mkOption {
      type = with lib.types; nullOr str;
      default = null;
      description = lib.mdDoc "Internal IPv4 of portunus instance. This is used in the addToHosts option.";
    };

    internalIp6 = lib.mkOption {
      type = with lib.types; nullOr str;
      default = null;
      description = lib.mdDoc "Internal IPv6 of portunus instance. This is used in the addToHosts option.";
    };

    ldapPreset = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = lib.mdDoc "Whether to set config.security.ldap to portunus specific settings.";
    };
  };

  config = {
    networking.hosts = lib.mkIf cfg.addToHosts {
      ${cfg.internalIp4} = [ cfg.domain ];
      ${cfg.internalIp6} = [ cfg.domain ];
    };

    security.ldap = lib.mkIf cfg.ldapPreset {
      domainName = cfg.domain;
      givenNameField = "givenName";
      groupFilter = group: "(&(objectclass=person)(isMemberOf=cn=${group},${config.security.ldap.roleBaseDN}))";
      mailField = "mail";
      port = 636;
      roleBaseDN = "ou=groups";
      roleField = "cn";
      roleFilter = "(&(objectclass=groupOfNames)(member=%s))";
      roleValue = "dn";
      sshPublicKeyField = "sshPublicKey";
      searchUID = "search";
      surnameField = "sn";
      userField = "uid";
      userFilter = param: "(&(objectclass=person)(|(uid=${param})(mail=${param})))";
      userBaseDN = "ou=users";
    };
  };
}
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`{ config, lib, ... }:`

portunus: only open port when service is enabled 2022-12-22 22:01:28 +01:00			`let`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`cfg = config.services.portunus;`
			`in`
			`{`
			`options.services.portunus = {`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`addToHosts = lib.mkOption {`
			`type = lib.types.bool;`
			`default = false;`
Fix typos 2023-01-17 02:14:18 +01:00			`description = lib.mdDoc "Whether to add a hosts entry for the portunus domain pointing to externalIp";`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`};`

portunus: fix setting names 2023-02-23 00:34:37 +01:00			`internalIp4 = lib.mkOption {`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`type = with lib.types; nullOr str;`
			`default = null;`
			`description = lib.mdDoc "Internal IPv4 of portunus instance. This is used in the addToHosts option.";`
			`};`

portunus: fix setting names 2023-02-23 00:34:37 +01:00			`internalIp6 = lib.mkOption {`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`type = with lib.types; nullOr str;`
			`default = null;`
			`description = lib.mdDoc "Internal IPv6 of portunus instance. This is used in the addToHosts option.";`
			`};`

portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`ldapPreset = lib.mkOption {`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`type = lib.types.bool;`
Set missing default value 2023-01-17 00:56:46 +01:00			`default = false;`
Fix typos 2023-01-17 02:14:18 +01:00			`description = lib.mdDoc "Whether to set config.security.ldap to portunus specific settings.";`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`};`
			`};`

portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`config = {`
			`networking.hosts = lib.mkIf cfg.addToHosts {`
portunus: fix setting names 2023-02-23 00:34:37 +01:00			`${cfg.internalIp4} = [ cfg.domain ];`
			`${cfg.internalIp6} = [ cfg.domain ];`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`};`

			`security.ldap = lib.mkIf cfg.ldapPreset {`
ldap: rename server option to domainName 2023-03-17 01:49:31 +01:00			`domainName = cfg.domain;`
gitea: add ldap option 2023-03-17 01:50:30 +01:00			`givenNameField = "givenName";`
portunus: fix missing brackets 2023-03-21 23:41:18 +01:00			`groupFilter = group: "(&(objectclass=person)(isMemberOf=cn=${group},${config.security.ldap.roleBaseDN}))";`
gitea: add ldap option 2023-03-17 01:50:30 +01:00			`mailField = "mail";`
			`port = 636;`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`roleBaseDN = "ou=groups";`
			`roleField = "cn";`
			`roleFilter = "(&(objectclass=groupOfNames)(member=%s))";`
			`roleValue = "dn";`
ldap: add sshPublicKey 2023-03-18 01:24:55 +01:00			`sshPublicKeyField = "sshPublicKey";`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`searchUID = "search";`
gitea: add ldap option 2023-03-17 01:50:30 +01:00			`surnameField = "sn";`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`userField = "uid";`
gitea: allow login via mail and user, fix admin filter 2023-03-18 01:25:23 +01:00			`userFilter = param: "(&(objectclass=person)(\|(uid=${param})(mail=${param})))";`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`userBaseDN = "ou=users";`
			`};`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`};`
			`}`