fricloud/server-configs
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

gerd.nextcloud: delete unused LDAP configs at the end

Browse source
This commit is contained in:
eyjhb 2024-08-14 22:19:54 +02:00
parent 492236862c
commit 82e5cf319f
No known key found for this signature in database
GPG key ID: 609F508E3239F920
1 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
machines/gerd/services/nextcloud.nix
View file

@ -30,7 +30,6 @@ let
ldapBase = config.mine.shared.settings.ldap.dc; ldapBase = config.mine.shared.settings.ldap.dc;
ldapBaseUsers = config.mine.shared.settings.ldap.dc; ldapBaseUsers = config.mine.shared.settings.ldap.dc;
ldapBaseGroups = config.mine.shared.settings.ldap.dc; ldapBaseGroups = config.mine.shared.settings.ldap.dc;
ldapConfigurationActive = 1;
ldapLoginFilter = "(&(objectclass=person)(${config.mine.shared.settings.ldap.attr.uid}=%uid))"; ldapLoginFilter = "(&(objectclass=person)(${config.mine.shared.settings.ldap.attr.uid}=%uid))";
# EDIT: nextcloud_users group, contains the users who can login to Nextcloud # EDIT: nextcloud_users group, contains the users who can login to Nextcloud
@ -43,31 +42,33 @@ let
ldapEmailAttribute = config.mine.shared.settings.ldap.attr.email; ldapEmailAttribute = config.mine.shared.settings.ldap.attr.email;
ldapUserFilterMode = 1; ldapUserFilterMode = 1;
ldapExpertUsernameAttr = config.mine.shared.settings.ldap.attr.uid; ldapExpertUsernameAttr = config.mine.shared.settings.ldap.attr.uid;
ldapConfigurationActive = 1;
}; };
ldap_commands = lib.mapAttrsToList (n: v: "${occ} ldap:set-config s01 ${n} '${builtins.toString v}'") ldap_settings; ldap_commands = lib.mapAttrsToList (n: v: "${occ} ldap:set-config $NEW_CONFIG_ID ${n} '${builtins.toString v}'") ldap_settings;
in pkgs.writeShellScript "nextcloud-add-ldap.sh" '' in pkgs.writeShellScript "nextcloud-add-ldap.sh" ''
# enable ldap service, remove config and create new empty one # enable ldap service, remove config and create new empty one
${occ} app:install user_ldap ${occ} app:install user_ldap
${occ} app:enable user_ldap ${occ} app:enable user_ldap
# ensure previous configs are deleted
CONFIGS=$(${occ} ldap:show-config --output=json | ${pkgs.jq}/bin/jq -r '. | keys | .[]')
echo "$CONFIGS" | while read configId; do
${occ} ldap:delete-config "$configId"
done
# create new empty config # create new empty config
${occ} ldap:create-empty-config NEW_CONFIG_ID="$(${occ} ldap:create-empty-config -p)"
# setup ldap password # setup ldap password
BIND_USERPASS="$(cat $CREDENTIALS_DIRECTORY/lldap-bind-user-pass)" BIND_USERPASS="$(cat $CREDENTIALS_DIRECTORY/lldap-bind-user-pass)"
${occ} ldap:set-config s01 ldapAgentPassword "$BIND_USERPASS" ${occ} ldap:set-config $NEW_CONFIG_ID ldapAgentPassword "$BIND_USERPASS"
# set settings
${builtins.concatStringsSep "\n" ldap_commands}
# delete all other configurations
CONFIGS=$(${occ} ldap:show-config --output=json | ${pkgs.jq}/bin/jq -r '. | keys | .[]')
echo "$CONFIGS" | while read CONFIG_ID; do
if [[ "$NEW_CONFIG_ID" != "$CONFIG_ID" ]]; then
${occ} ldap:delete-config "$CONFIG_ID"
fi
done
# promote ldap admin group to admins # promote ldap admin group to admins
${occ} ldap:promote-group ${config.mine.shared.settings.ldap.groups.admin} || true ${occ} ldap:promote-group ${config.mine.shared.settings.ldap.groups.admin} || true
# set settings
${builtins.concatStringsSep "\n" ldap_commands}
''; '';
# script for resetting nextcloud admin password on each startup # script for resetting nextcloud admin password on each startup