fricloud/server-configs
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

gerd.lldap: renamed user-pass to admin-user-pass and added bind-user-pass

Browse source
This commit is contained in:
eyjhb 2024-08-10 19:23:17 +02:00
parent 3c808fa3a7
commit 17fb88a8b4
No known key found for this signature in database
GPG key ID: 609F508E3239F920
6 changed files with 16 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
machines/gerd/services/authelia.nix
View file

@ -91,6 +91,7 @@ in {
authelia-storage.owner = "authelia-main"; authelia-storage.owner = "authelia-main";
authelia-session.owner = "authelia-main"; authelia-session.owner = "authelia-main";
authelia-oidc-issuer-privatekey-pem.owner = "authelia-main"; authelia-oidc-issuer-privatekey-pem.owner = "authelia-main";
authelia-lldap-bind-user-pass.owner = "authelia-main";
}; };
users.groups."${config.age.secrets.lldap-bind-user-pass.group}".members = [ config.users.users.authelia-main.name ];
} }

4
machines/gerd/services/lldap.nix
View file

@ -12,7 +12,7 @@
environment = { environment = {
# always set admin password on startup # always set admin password on startup
LLDAP_LDAP_USER_PASS_FILE = config.age.secrets.lldap-user-pass.path; LLDAP_LDAP_USER_PASS_FILE = config.age.secrets.lldap-admin-user-pass.path;
# only available on the newest master branch, will be enabled when a # only available on the newest master branch, will be enabled when a
# new version is released. # new version is released.
# https://github.com/lldap/lldap/issues/790 # https://github.com/lldap/lldap/issues/790
@ -35,6 +35,6 @@
users.users.lldap = { group = "lldap"; isSystemUser = true; }; users.users.lldap = { group = "lldap"; isSystemUser = true; };
users.groups.lldap = {}; users.groups.lldap = {};
age.secrets = { age.secrets = {
lldap-user-pass.owner = "lldap"; lldap-admin-user-pass.owner = "lldap";
}; };
} }

12
secrets/default.nix
View file

@ -1,3 +1,5 @@
{ config, ... }:
{ {
age.secrets = { age.secrets = {
# authelia # authelia
@ -6,13 +8,19 @@
authelia-session.file = ./authelia/session.age; authelia-session.file = ./authelia/session.age;
authelia-oidc-issuer-privatekey-pem.file = ./authelia/oidc-issuer-privatekey-pem.age; authelia-oidc-issuer-privatekey-pem.file = ./authelia/oidc-issuer-privatekey-pem.age;
authelia-oidc-issuer-privatekey-crt.file = ./authelia/oidc-issuer-privatekey-crt.age; authelia-oidc-issuer-privatekey-crt.file = ./authelia/oidc-issuer-privatekey-crt.age;
authelia-lldap-bind-user-pass.file = ./authelia/lldap-bind-user-pass.age;
# lldap # lldap
lldap-user-pass.file = ./lldap/user-pass.age; lldap-admin-user-pass.file = ./lldap/admin-user-pass.age;
lldap-bind-user-pass = {
file = ./lldap/bind-user-pass.age;
group = "secrets-lldap-bind-user-pass";
mode = "0440";
};
# mumble # mumble
murmur-env.file = ./murmur/env.age; murmur-env.file = ./murmur/env.age;
murmur-superpassword.file = ./murmur/superpassword.age; murmur-superpassword.file = ./murmur/superpassword.age;
}; };
users.groups.secrets-lldap-bind-user-pass = {};
} }

0
secrets/lldap/user-pass.age → secrets/lldap/admin-user-pass.age
View file

0
secrets/authelia/lldap-bind-user-pass.age → secrets/lldap/bind-user-pass.age
View file

4
secrets/secrets.nix
View file

@ -16,10 +16,10 @@ in
"authelia/session.age".publicKeys = defaultAccess; "authelia/session.age".publicKeys = defaultAccess;
"authelia/oidc-issuer-privatekey-pem.age".publicKeys = defaultAccess; "authelia/oidc-issuer-privatekey-pem.age".publicKeys = defaultAccess;
"authelia/oidc-issuer-privatekey-crt.age".publicKeys = defaultAccess; "authelia/oidc-issuer-privatekey-crt.age".publicKeys = defaultAccess;
"authelia/lldap-bind-user-pass.age".publicKeys = defaultAccess;
# lldap # lldap
"lldap/user-pass.age".publicKeys = defaultAccess; "lldap/admin-user-pass.age".publicKeys = defaultAccess;
"lldap/bind-user-pass.age".publicKeys = defaultAccess;
# mumble # mumble
"murmur/env.age".publicKeys = defaultAccess; "murmur/env.age".publicKeys = defaultAccess;