nixos-modules/modules/portunus.nix

{ config, lib, pkgs, ... }:

let
  cfg = config.services.portunus;
in
{
  options.services.portunus = {
    # TODO: how to automatically set this?
    # maybe based on $service.ldap.enable && services.portunus.enable?
    addToHosts = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = lib.mdDoc "Whether to add a hosts entry for the portunus domain pointing to externalIp";
    };

    internalIp4 = lib.mkOption {
      type = with lib.types; nullOr str;
      default = null;
      description = lib.mdDoc "Internal IPv4 of portunus instance. This is used in the addToHosts option.";
    };

    internalIp6 = lib.mkOption {
      type = with lib.types; nullOr str;
      default = null;
      description = lib.mdDoc "Internal IPv6 of portunus instance. This is used in the addToHosts option.";
    };

    ldapPreset = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = lib.mdDoc "Whether to set config.security.ldap to portunus specific settings.";
    };
  };

  config = {
    networking.hosts = lib.mkIf cfg.addToHosts {
      ${cfg.internalIp4} = [ cfg.domain ];
      ${cfg.internalIp6} = [ cfg.domain ];
    };

    nixpkgs.overlays = with pkgs; [
      (final: prev: {
        portunus = prev.portunus.overrideAttrs ({ patches ? [ ], ... }: {
          patches = patches ++ [
            # allow editing members of groups
            (fetchpatch {
              url = "https://github.com/majewsky/portunus/commit/70ebf6abf944f3b5064169a2ac9d5f2ddcc7b58c.patch";
              sha256 = "sha256-fZzOuJ6K1NXJHWvOfSIU5FAfL0dVK7b7dhhtb6yuCGE=";
            })
            # fix creating new groups with members
            (fetchpatch {
              url = "https://github.com/majewsky/portunus/commit/d4f0ca61fde0c9524a4230cfc3be2e8f51cb2a89.patch";
              sha256 = "sha256-9VPIn5JeWqrO4dITt9nHUf5sUfLb9w3DNZBArybjuLs=";
            })
          ];
        });
      })
    ];

    security.ldap = lib.mkIf cfg.ldapPreset {
      domainName = cfg.domain;
      givenNameField = "givenName";
      groupFilter = group: "(&(objectclass=person)(isMemberOf=cn=${group},${config.security.ldap.roleBaseDN}))";
      mailField = "mail";
      port = 636;
      roleBaseDN = "ou=groups";
      roleField = "cn";
      roleFilter = "(&(objectclass=groupOfNames)(member=%s))";
      roleValue = "dn";
      sshPublicKeyField = "sshPublicKey";
      searchUID = "search";
      surnameField = "sn";
      userField = "uid";
      userFilter = param: "(&(objectclass=person)(|(uid=${param})(mail=${param})))";
      userBaseDN = "ou=users";
    };
  };
}
portunus: move patches to here 2023-04-04 00:05:25 +02:00			`{ config, lib, pkgs, ... }:`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00
portunus: only open port when service is enabled 2022-12-22 22:01:28 +01:00			`let`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`cfg = config.services.portunus;`
			`in`
			`{`
			`options.services.portunus = {`
portunus: add todo 2023-03-25 16:23:48 +01:00			`# TODO: how to automatically set this?`
			`# maybe based on $service.ldap.enable && services.portunus.enable?`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`addToHosts = lib.mkOption {`
			`type = lib.types.bool;`
			`default = false;`
Fix typos 2023-01-17 02:14:18 +01:00			`description = lib.mdDoc "Whether to add a hosts entry for the portunus domain pointing to externalIp";`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`};`

portunus: fix setting names 2023-02-23 00:34:37 +01:00			`internalIp4 = lib.mkOption {`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`type = with lib.types; nullOr str;`
			`default = null;`
			`description = lib.mdDoc "Internal IPv4 of portunus instance. This is used in the addToHosts option.";`
			`};`

portunus: fix setting names 2023-02-23 00:34:37 +01:00			`internalIp6 = lib.mkOption {`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`type = with lib.types; nullOr str;`
			`default = null;`
			`description = lib.mdDoc "Internal IPv6 of portunus instance. This is used in the addToHosts option.";`
			`};`

portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`ldapPreset = lib.mkOption {`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`type = lib.types.bool;`
Set missing default value 2023-01-17 00:56:46 +01:00			`default = false;`
Fix typos 2023-01-17 02:14:18 +01:00			`description = lib.mdDoc "Whether to set config.security.ldap to portunus specific settings.";`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`};`
			`};`

portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`config = {`
			`networking.hosts = lib.mkIf cfg.addToHosts {`
portunus: fix setting names 2023-02-23 00:34:37 +01:00			`${cfg.internalIp4} = [ cfg.domain ];`
			`${cfg.internalIp6} = [ cfg.domain ];`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`};`

portunus: move patches to here 2023-04-04 00:05:25 +02:00			`nixpkgs.overlays = with pkgs; [`
			`(final: prev: {`
			`portunus = prev.portunus.overrideAttrs ({ patches ? [ ], ... }: {`
			`patches = patches ++ [`
			`# allow editing members of groups`
			`(fetchpatch {`
			`url = "https://github.com/majewsky/portunus/commit/70ebf6abf944f3b5064169a2ac9d5f2ddcc7b58c.patch";`
			`sha256 = "sha256-fZzOuJ6K1NXJHWvOfSIU5FAfL0dVK7b7dhhtb6yuCGE=";`
			`})`
			`# fix creating new groups with members`
			`(fetchpatch {`
			`url = "https://github.com/majewsky/portunus/commit/d4f0ca61fde0c9524a4230cfc3be2e8f51cb2a89.patch";`
			`sha256 = "sha256-9VPIn5JeWqrO4dITt9nHUf5sUfLb9w3DNZBArybjuLs=";`
			`})`
			`];`
			`});`
			`})`
			`];`

portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`security.ldap = lib.mkIf cfg.ldapPreset {`
ldap: rename server option to domainName 2023-03-17 01:49:31 +01:00			`domainName = cfg.domain;`
gitea: add ldap option 2023-03-17 01:50:30 +01:00			`givenNameField = "givenName";`
portunus: fix missing brackets 2023-03-21 23:41:18 +01:00			`groupFilter = group: "(&(objectclass=person)(isMemberOf=cn=${group},${config.security.ldap.roleBaseDN}))";`
gitea: add ldap option 2023-03-17 01:50:30 +01:00			`mailField = "mail";`
			`port = 636;`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`roleBaseDN = "ou=groups";`
			`roleField = "cn";`
			`roleFilter = "(&(objectclass=groupOfNames)(member=%s))";`
			`roleValue = "dn";`
ldap: add sshPublicKey 2023-03-18 01:24:55 +01:00			`sshPublicKeyField = "sshPublicKey";`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`searchUID = "search";`
gitea: add ldap option 2023-03-17 01:50:30 +01:00			`surnameField = "sn";`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`userField = "uid";`
gitea: allow login via mail and user, fix admin filter 2023-03-18 01:25:23 +01:00			`userFilter = param: "(&(objectclass=person)(\|(uid=${param})(mail=${param})))";`
portunus: add ldap preset 2023-01-17 00:23:31 +01:00			`userBaseDN = "ou=users";`
			`};`
portunus: add option to create hosts entries 2022-12-22 21:58:24 +01:00			`};`
			`}`