mirror of
https://github.com/SuperSandro2000/nixos-modules.git
synced 2024-06-11 10:44:10 +02:00
portunus: add options around declarative seeding, add bug fix patches
This commit is contained in:
parent
54565aefeb
commit
eca43b04b1
25
modules/portunus-remove-add-group.diff
Normal file
25
modules/portunus-remove-add-group.diff
Normal file
|
@ -0,0 +1,25 @@
|
|||
diff --git a/internal/frontend/core.go b/internal/frontend/core.go
|
||||
index e44ff0c..17ca69e 100644
|
||||
--- a/internal/frontend/core.go
|
||||
+++ b/internal/frontend/core.go
|
||||
@@ -56,8 +56,6 @@ func HTTPHandler(engine core.Engine, isBehindTLSProxy bool) http.Handler {
|
||||
r.Methods("POST").Path(`/users/{uid}/delete`).Handler(postUserDeleteHandler(engine))
|
||||
|
||||
r.Methods("GET").Path(`/groups`).Handler(getGroupsHandler(engine))
|
||||
- r.Methods("GET").Path(`/groups/new`).Handler(getGroupsNewHandler(engine))
|
||||
- r.Methods("POST").Path(`/groups/new`).Handler(postGroupsNewHandler(engine))
|
||||
r.Methods("GET").Path(`/groups/{name}/edit`).Handler(getGroupEditHandler(engine))
|
||||
r.Methods("POST").Path(`/groups/{name}/edit`).Handler(postGroupEditHandler(engine))
|
||||
r.Methods("GET").Path(`/groups/{name}/delete`).Handler(getGroupDeleteHandler(engine))
|
||||
diff --git a/internal/frontend/groups.go b/internal/frontend/groups.go
|
||||
index 056c8ef..a824f95 100644
|
||||
--- a/internal/frontend/groups.go
|
||||
+++ b/internal/frontend/groups.go
|
||||
@@ -50,7 +50,6 @@ func getGroupsHandler(e core.Engine) http.Handler {
|
||||
<th>Members</th>
|
||||
<th>Permissions granted</th>
|
||||
<th class="actions">
|
||||
- <a href="/groups/new" class="button button-primary">New group</a>
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
|
@ -1,7 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.portunus;
|
||||
inherit (config.security) ldap;
|
||||
in
|
||||
{
|
||||
options.services.portunus = {
|
||||
|
@ -30,6 +31,28 @@ in
|
|||
default = false;
|
||||
description = lib.mdDoc "Whether to set config.security.ldap to portunus specific settings.";
|
||||
};
|
||||
|
||||
removeAddGroup = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc "When enabled, remove the function to add new Groups via the web ui, to enforce seeding usage.";
|
||||
};
|
||||
|
||||
seedGroups = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc "Wether to seed groups configured in services as not member managed groups.";
|
||||
};
|
||||
|
||||
# TODO: upstream to nixos
|
||||
seedSettings = lib.mkOption {
|
||||
type = with lib.types; nullOr (attrsOf (listOf (attrsOf anything)));
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
Seed settings for users and grousp.
|
||||
See upstream for format <https://github.com/majewsky/portunus#seeding-users-and-groups-from-static-configuration>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
|
@ -41,37 +64,49 @@ in
|
|||
nixpkgs.overlays = [
|
||||
(final: prev: with final; {
|
||||
portunus = prev.portunus.overrideAttrs ({ patches ? [ ], ... }: {
|
||||
patches = patches ++ [
|
||||
# allow editing members of groups
|
||||
src = fetchFromGitHub {
|
||||
owner = "majewsky";
|
||||
repo = "portunus";
|
||||
rev = "8bad0661ecca9276991447f8e585c20c450ad57a";
|
||||
hash = "sha256-59AvNWhnsvtrVmAJRcHeNOYOlHCx1ZZSqwFvyAM+Ye8=";
|
||||
};
|
||||
|
||||
patches = patches
|
||||
++ lib.optional cfg.removeAddGroup ./portunus-remove-add-group.diff
|
||||
++ [
|
||||
# display errors when editing seeded groups/users
|
||||
(fetchpatch {
|
||||
url = "https://github.com/majewsky/portunus/commit/70ebf6abf944f3b5064169a2ac9d5f2ddcc7b58c.patch";
|
||||
sha256 = "sha256-fZzOuJ6K1NXJHWvOfSIU5FAfL0dVK7b7dhhtb6yuCGE=";
|
||||
url = "https://github.com/majewsky/portunus/commit/9999994e6b90e20405944767fb7d225914c2303b.patch";
|
||||
sha256 = "sha256-IEQpWnG3ZekZ+QCEzSZcbMQe6iEalOhDz3qNbjDgg/A=";
|
||||
})
|
||||
# fill group members on group creation
|
||||
# add option to not seed group members
|
||||
(fetchpatch {
|
||||
url = "https://github.com/majewsky/portunus/commit/6016723ef7176f9a6e3174d9614ec749310d5772.patch";
|
||||
sha256 = "sha256-sDzx+ccj4vJCmZul1wxIRs1F4MfqLhB0Na22yLUIITE=";
|
||||
url = "https://github.com/majewsky/portunus/commit/0000053dc6cabbdd6ea9b47ca1af7451449d95d1.patch";
|
||||
sha256 = "sha256-szAjybLkzk14LNAMU/LH0Bwm+MpsEvLQmEPMtEgI0po=";
|
||||
})
|
||||
];
|
||||
});
|
||||
})
|
||||
];
|
||||
|
||||
services.portunus.seedPath = pkgs.writeText "seed.json" (builtins.toJSON cfg.seedSettings);
|
||||
|
||||
security.ldap = lib.mkIf cfg.ldapPreset {
|
||||
domainName = cfg.domain;
|
||||
givenNameField = "givenName";
|
||||
groupFilter = group: "(&(objectclass=person)(isMemberOf=cn=${group},${config.security.ldap.roleBaseDN}))";
|
||||
groupFilter = group: "(&(objectclass=person)(isMemberOf=cn=${group},${ldap.roleBaseDN}))";
|
||||
mailField = "mail";
|
||||
port = 636;
|
||||
roleBaseDN = "ou=groups";
|
||||
roleField = "cn";
|
||||
roleFilter = "(&(objectclass=groupOfNames)(member=%s))";
|
||||
roleValue = "dn";
|
||||
searchFilterWithGroupFilter = userFilterGroup: userFilter: if (userFilterGroup != null) then "(&${ldap.groupFilter userFilterGroup})" else userFilter;
|
||||
sshPublicKeyField = "sshPublicKey";
|
||||
searchUID = "search";
|
||||
surnameField = "sn";
|
||||
userField = "uid";
|
||||
userFilter = param: "(&(objectclass=person)(|(uid=${param})(mail=${param})))";
|
||||
userFilter = replaceStr: "(&(objectclass=person)(|(uid=${replaceStr})(mail=${replaceStr})))";
|
||||
userBaseDN = "ou=users";
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue
Block a user