2023-04-04 00:05:25 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
2022-12-22 21:58:24 +01:00
|
|
|
|
2022-12-22 22:01:28 +01:00
|
|
|
let
|
2022-12-22 21:58:24 +01:00
|
|
|
cfg = config.services.portunus;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
options.services.portunus = {
|
2023-03-25 16:23:48 +01:00
|
|
|
# TODO: how to automatically set this?
|
|
|
|
# maybe based on $service.ldap.enable && services.portunus.enable?
|
2023-01-17 00:23:31 +01:00
|
|
|
addToHosts = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
|
|
|
default = false;
|
2023-01-17 02:14:18 +01:00
|
|
|
description = lib.mdDoc "Whether to add a hosts entry for the portunus domain pointing to externalIp";
|
2023-01-17 00:23:31 +01:00
|
|
|
};
|
|
|
|
|
2023-02-23 00:34:37 +01:00
|
|
|
internalIp4 = lib.mkOption {
|
2022-12-22 21:58:24 +01:00
|
|
|
type = with lib.types; nullOr str;
|
|
|
|
default = null;
|
|
|
|
description = lib.mdDoc "Internal IPv4 of portunus instance. This is used in the addToHosts option.";
|
|
|
|
};
|
|
|
|
|
2023-02-23 00:34:37 +01:00
|
|
|
internalIp6 = lib.mkOption {
|
2022-12-22 21:58:24 +01:00
|
|
|
type = with lib.types; nullOr str;
|
|
|
|
default = null;
|
|
|
|
description = lib.mdDoc "Internal IPv6 of portunus instance. This is used in the addToHosts option.";
|
|
|
|
};
|
|
|
|
|
2023-01-17 00:23:31 +01:00
|
|
|
ldapPreset = lib.mkOption {
|
2022-12-22 21:58:24 +01:00
|
|
|
type = lib.types.bool;
|
2023-01-17 00:56:46 +01:00
|
|
|
default = false;
|
2023-01-17 02:14:18 +01:00
|
|
|
description = lib.mdDoc "Whether to set config.security.ldap to portunus specific settings.";
|
2022-12-22 21:58:24 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-01-17 00:23:31 +01:00
|
|
|
config = {
|
|
|
|
networking.hosts = lib.mkIf cfg.addToHosts {
|
2023-02-23 00:34:37 +01:00
|
|
|
${cfg.internalIp4} = [ cfg.domain ];
|
|
|
|
${cfg.internalIp6} = [ cfg.domain ];
|
2023-01-17 00:23:31 +01:00
|
|
|
};
|
|
|
|
|
2023-04-04 00:05:25 +02:00
|
|
|
nixpkgs.overlays = with pkgs; [
|
|
|
|
(final: prev: {
|
|
|
|
portunus = prev.portunus.overrideAttrs ({ patches ? [ ], ... }: {
|
|
|
|
patches = patches ++ [
|
|
|
|
# allow editing members of groups
|
|
|
|
(fetchpatch {
|
|
|
|
url = "https://github.com/majewsky/portunus/commit/70ebf6abf944f3b5064169a2ac9d5f2ddcc7b58c.patch";
|
|
|
|
sha256 = "sha256-fZzOuJ6K1NXJHWvOfSIU5FAfL0dVK7b7dhhtb6yuCGE=";
|
|
|
|
})
|
|
|
|
# fix creating new groups with members
|
|
|
|
(fetchpatch {
|
|
|
|
url = "https://github.com/majewsky/portunus/commit/d4f0ca61fde0c9524a4230cfc3be2e8f51cb2a89.patch";
|
|
|
|
sha256 = "sha256-9VPIn5JeWqrO4dITt9nHUf5sUfLb9w3DNZBArybjuLs=";
|
|
|
|
})
|
|
|
|
];
|
|
|
|
});
|
|
|
|
})
|
|
|
|
];
|
|
|
|
|
2023-01-17 00:23:31 +01:00
|
|
|
security.ldap = lib.mkIf cfg.ldapPreset {
|
2023-03-17 01:49:31 +01:00
|
|
|
domainName = cfg.domain;
|
2023-03-17 01:50:30 +01:00
|
|
|
givenNameField = "givenName";
|
2023-03-21 23:41:18 +01:00
|
|
|
groupFilter = group: "(&(objectclass=person)(isMemberOf=cn=${group},${config.security.ldap.roleBaseDN}))";
|
2023-03-17 01:50:30 +01:00
|
|
|
mailField = "mail";
|
|
|
|
port = 636;
|
2023-01-17 00:23:31 +01:00
|
|
|
roleBaseDN = "ou=groups";
|
|
|
|
roleField = "cn";
|
|
|
|
roleFilter = "(&(objectclass=groupOfNames)(member=%s))";
|
|
|
|
roleValue = "dn";
|
2023-03-18 01:24:55 +01:00
|
|
|
sshPublicKeyField = "sshPublicKey";
|
2023-01-17 00:23:31 +01:00
|
|
|
searchUID = "search";
|
2023-03-17 01:50:30 +01:00
|
|
|
surnameField = "sn";
|
2023-01-17 00:23:31 +01:00
|
|
|
userField = "uid";
|
2023-03-18 01:25:23 +01:00
|
|
|
userFilter = param: "(&(objectclass=person)(|(uid=${param})(mail=${param})))";
|
2023-01-17 00:23:31 +01:00
|
|
|
userBaseDN = "ou=users";
|
|
|
|
};
|
2022-12-22 21:58:24 +01:00
|
|
|
};
|
|
|
|
}
|