portunus: add ldap preset

2024-06-14 03:46:57 +02:00 · 2023-01-17 00:23:31 +01:00 · 2023-01-17 00:23:31 +01:00 · 10484b21a6
commit 10484b21a6
parent 51e034bd52
1 changed files with 29 additions and 6 deletions
--- a/modules/portunus.nix
+++ b/modules/portunus.nix
@ -5,6 +5,12 @@ let
 in
 {
  options.services.portunus = {
+    addToHosts = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = lib.mdDoc "Wether to add a hosts entry for the portunus domain pointing to externalIp";
+    };
+
    externalIp4 = lib.mkOption {
      type = with lib.types; nullOr str;
      default = null;
@ -17,15 +23,32 @@ in
      description = lib.mdDoc "Internal IPv6 of portunus instance. This is used in the addToHosts option.";
    };

-    addToHosts = lib.mkOption {
+    ldapPreset = lib.mkOption {
      type = lib.types.bool;
-      default = false;
-      description = lib.mdDoc "Wether to add a hosts entry for the portunus domain pointing to externalIp";
+      description = lib.mdDoc ''
+        Wether to set config.security.ldap to portunus specific settings.
+      '';
    };
  };

-  config.networking.hosts = lib.mkIf cfg.addToHosts {
-    ${cfg.externalIp4} = [ cfg.domain ];
-    ${cfg.externalIp6} = [ cfg.domain ];
+  config = {
+    networking.hosts = lib.mkIf cfg.addToHosts {
+      ${cfg.externalIp4} = [ cfg.domain ];
+      ${cfg.externalIp6} = [ cfg.domain ];
+    };
+
+    security.ldap = lib.mkIf cfg.ldapPreset {
+      roleBaseDN = "ou=groups";
+      roleField = "cn";
+      roleFilter = "(&(objectclass=groupOfNames)(member=%s))";
+      roleValue = "dn";
+      searchUID = "search";
+      server = cfg.domain;
+      userField = "uid";
+      # TODO: add enum setting for login with username, email or both
+      # userFilter = "(&(objectclass=person)(|(uid=%s)(mail=%s)))";
+      userFilter = "(&(objectclass=person)(uid=%s))";
+      userBaseDN = "ou=users";
+    };
  };
 }