fricloud/server-configs
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

modules.settings->shared: renamed mine.settings to mine.shared.settings

Browse source 
Allows to use it with other things, such as ...

mine.shared.lib
mine.shared.meta
mine.shared.settings
This commit is contained in:
eyjhb 2024-08-12 20:51:38 +02:00
parent 75ac478a80
commit 918c32299e
No known key found for this signature in database
GPG key ID: 609F508E3239F920
11 changed files with 45 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
machines/gerd/services/authelia/authelia.nix
View file

@ -1,7 +1,7 @@
{ config, ... }: { config, ... }:
let let
svc_domain = "auth.${config.mine.settings.domain}"; svc_domain = "auth.${config.mine.shared.settings.domain}";
autheliaStateDir = "/var/lib/authelia-main"; autheliaStateDir = "/var/lib/authelia-main";
in { in {
@ -17,7 +17,7 @@ in {
}; };
settings = { settings = {
session.domain = config.mine.settings.domain; session.domain = config.mine.shared.settings.domain;
# totp - disable for now, as it requires email server # totp - disable for now, as it requires email server
access_control.default_policy = "one_factor"; access_control.default_policy = "one_factor";
@ -41,19 +41,19 @@ in {
timeout = "5s"; timeout = "5s";
start_tls = false; start_tls = false;
base_dn = config.mine.settings.ldap.dc; base_dn = config.mine.shared.settings.ldap.dc;
additional_users_dn = "ou=${config.mine.settings.ldap.ou.users}"; additional_users_dn = "ou=${config.mine.shared.settings.ldap.ou.users}";
additional_groups_dn = "ou=${config.mine.settings.ldap.ou.groups}"; additional_groups_dn = "ou=${config.mine.shared.settings.ldap.ou.groups}";
users_filter = "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))"; users_filter = "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))";
groups_filter = "(member={dn})"; groups_filter = "(member={dn})";
display_name_attribute = config.mine.settings.ldap.attr.firstname; display_name_attribute = config.mine.shared.settings.ldap.attr.firstname;
username_attribute = config.mine.settings.ldap.attr.uid; username_attribute = config.mine.shared.settings.ldap.attr.uid;
group_name_attribute = config.mine.settings.ldap.attr.groupname; group_name_attribute = config.mine.shared.settings.ldap.attr.groupname;
mail_attribute = config.mine.settings.ldap.attr.email; mail_attribute = config.mine.shared.settings.ldap.attr.email;
user = config.mine.settings.ldap.bind_dn; user = config.mine.shared.settings.ldap.bind_dn;
}; };
}; };
}; };
@ -81,5 +81,5 @@ in {
users.groups."${config.age.secrets.lldap-bind-user-pass.group}".members = [ config.users.users.authelia-main.name ]; users.groups."${config.age.secrets.lldap-bind-user-pass.group}".members = [ config.users.users.authelia-main.name ];
# settings # settings
mine.settings.authelia.domain = svc_domain; mine.shared.settings.authelia.domain = svc_domain;
} }

26
machines/gerd/services/forgejo/auth_sources.nix
View file

@ -31,19 +31,19 @@ let
--active \ --active \
--security-protocol unencrypted \ --security-protocol unencrypted \
--skip-tls-verify \ --skip-tls-verify \
--host ${config.mine.settings.ldap.host} \ --host ${config.mine.shared.settings.ldap.host} \
--port ${builtins.toString config.mine.settings.ldap.port} \ --port ${builtins.toString config.mine.shared.settings.ldap.port} \
--bind-dn "${config.mine.settings.ldap.bind_dn}" \ --bind-dn "${config.mine.shared.settings.ldap.bind_dn}" \
--bind-password "$BIND_USERPASS" \ --bind-password "$BIND_USERPASS" \
--user-filter '(&${config.mine.settings.ldap.user_filter}(|(${config.mine.settings.ldap.attr.uid}=%[1]s)(${config.mine.settings.ldap.attr.email}=%[1]s)))' \ --user-filter '(&${config.mine.shared.settings.ldap.user_filter}(|(${config.mine.shared.settings.ldap.attr.uid}=%[1]s)(${config.mine.shared.settings.ldap.attr.email}=%[1]s)))' \
--admin-filter '${config.mine.settings.ldap.admin_filter}' \ --admin-filter '${config.mine.shared.settings.ldap.admin_filter}' \
--username-attribute ${config.mine.settings.ldap.attr.uid} \ --username-attribute ${config.mine.shared.settings.ldap.attr.uid} \
--firstname-attribute ${config.mine.settings.ldap.attr.firstname} \ --firstname-attribute ${config.mine.shared.settings.ldap.attr.firstname} \
--surname-attribute ${config.mine.settings.ldap.attr.lastname} \ --surname-attribute ${config.mine.shared.settings.ldap.attr.lastname} \
--email-attribute ${config.mine.settings.ldap.attr.email} \ --email-attribute ${config.mine.shared.settings.ldap.attr.email} \
--avatar-attribute ${config.mine.settings.ldap.attr.avatar} \ --avatar-attribute ${config.mine.shared.settings.ldap.attr.avatar} \
--synchronize-users \ --synchronize-users \
--user-search-base '${config.mine.settings.ldap.search_base}' \ --user-search-base '${config.mine.shared.settings.ldap.search_base}' \
echo "PRERUN-LDAP: Finished adding/updating..." echo "PRERUN-LDAP: Finished adding/updating..."
''; '';
@ -77,7 +77,7 @@ let
--provider openidConnect \ --provider openidConnect \
--key forgejo \ --key forgejo \
--secret "$SECRET" \ --secret "$SECRET" \
--auto-discover-url "https://${config.mine.settings.authelia.domain}/.well-known/openid-configuration" \ --auto-discover-url "https://${config.mine.shared.settings.authelia.domain}/.well-known/openid-configuration" \
--skip-local-2fa true \ --skip-local-2fa true \
--scopes "email" \ --scopes "email" \
--scopes "profile" \ --scopes "profile" \
@ -107,7 +107,7 @@ in {
public = false; public = false;
authorization_policy = "one_factor"; authorization_policy = "one_factor";
redirect_uris = [ "https://${config.mine.settings.forgejo.domain}/user/oauth2/${AUTHELIA_AUTH_NAME}/callback" ]; redirect_uris = [ "https://${config.mine.shared.settings.forgejo.domain}/user/oauth2/${AUTHELIA_AUTH_NAME}/callback" ];
scopes = [ scopes = [
"openid" "openid"
"email" "email"

4
machines/gerd/services/forgejo/forgejo.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
svc_domain = "git.${config.mine.settings.domain}"; svc_domain = "git.${config.mine.shared.settings.domain}";
in { in {
services.forgejo = { services.forgejo = {
@ -49,5 +49,5 @@ in {
}; };
# settings # settings
mine.settings.forgejo.domain = svc_domain; mine.shared.settings.forgejo.domain = svc_domain;
} }

2
machines/gerd/services/fricloud-website.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
svc_domain = config.mine.settings.domain; svc_domain = config.mine.shared.settings.domain;
in { in {
services.nginx.virtualHosts."${svc_domain}" = { services.nginx.virtualHosts."${svc_domain}" = {
forceSSL = true; forceSSL = true;

12
machines/gerd/services/hedgedoc.nix
View file

@ -1,7 +1,7 @@
{ config, ... }: { config, ... }:
let let
svc_domain = "hedgedoc.${config.mine.settings.domain}"; svc_domain = "hedgedoc.${config.mine.shared.settings.domain}";
stateDir = config.mine.zfsMounts."rpool/safe/svcs/hedgedoc"; stateDir = config.mine.zfsMounts."rpool/safe/svcs/hedgedoc";
in { in {
@ -29,11 +29,11 @@ in {
# setup ldap # setup ldap
# https://github.com/lldap/lldap/blob/main/example_configs/hedgedoc.md # https://github.com/lldap/lldap/blob/main/example_configs/hedgedoc.md
ldap = { ldap = {
url = config.mine.settings.ldap.url; url = config.mine.shared.settings.ldap.url;
bindDn = config.mine.settings.ldap.bind_dn; bindDn = config.mine.shared.settings.ldap.bind_dn;
searchBase = config.mine.settings.ldap.search_base; searchBase = config.mine.shared.settings.ldap.search_base;
searchFilter = "(&${config.mine.settings.ldap.user_filter}(|(${config.mine.settings.ldap.attr.uid}={{username}})(${config.mine.settings.ldap.attr.email}={{username}})))"; searchFilter = "(&${config.mine.shared.settings.ldap.user_filter}(|(${config.mine.shared.settings.ldap.attr.uid}={{username}})(${config.mine.shared.settings.ldap.attr.email}={{username}})))";
useridField = config.mine.settings.ldap.attr.uid; useridField = config.mine.shared.settings.ldap.attr.uid;
}; };
}; };
}; };

8
machines/gerd/services/lldap.nix
View file

@ -1,7 +1,7 @@
{ config, ... }: { config, ... }:
let let
svc_domain = "ldap.${config.mine.settings.domain}"; svc_domain = "ldap.${config.mine.shared.settings.domain}";
in { in {
services.lldap = { services.lldap = {
enable = true; enable = true;
@ -9,7 +9,7 @@ in {
settings = { settings = {
verbose = true; verbose = true;
ldap_user_email = "fricloudlldap.grief462@simplelogin.com"; ldap_user_email = "fricloudlldap.grief462@simplelogin.com";
ldap_base_dn = config.mine.settings.ldap.dc; ldap_base_dn = config.mine.shared.settings.ldap.dc;
}; };
environment = { environment = {
@ -48,12 +48,12 @@ in {
# The users are all located in ou=people, + the base DN, so by default user bob is at cn=bob,ou=people,dc=example,dc=com. # The users are all located in ou=people, + the base DN, so by default user bob is at cn=bob,ou=people,dc=example,dc=com.
# Similarly, the groups are located in ou=groups, so the group family will be at cn=family,ou=groups,dc=example,dc=com. # Similarly, the groups are located in ou=groups, so the group family will be at cn=family,ou=groups,dc=example,dc=com.
# Testing group membership through memberOf is supported, so you can have a filter like: (memberOf=cn=admins,ou=groups,dc=example,dc=com). # Testing group membership through memberOf is supported, so you can have a filter like: (memberOf=cn=admins,ou=groups,dc=example,dc=com).
mine.settings.ldap = rec { mine.shared.settings.ldap = rec {
host = "localhost"; host = "localhost";
port = 3890; port = 3890;
url = "ldap://${host}:${builtins.toString port}"; url = "ldap://${host}:${builtins.toString port}";
dc = "dc=${config.mine.settings.domain_sld},dc=${config.mine.settings.domain_tld}"; dc = "dc=${config.mine.shared.settings.domain_sld},dc=${config.mine.shared.settings.domain_tld}";
bind_dn = "uid=${users.bind},ou=${ou.users},${dc}"; bind_dn = "uid=${users.bind},ou=${ou.users},${dc}";
search_base = "ou=${ou.users},${dc}"; search_base = "ou=${ou.users},${dc}";
user_filter = "(memberof=cn=${groups.member},ou=${ou.groups},${dc})"; user_filter = "(memberof=cn=${groups.member},ou=${ou.groups},${dc})";

2
machines/gerd/services/murmur.nix
View file

@ -1,7 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
let let
svc_domain = config.mine.settings.domain; svc_domain = config.mine.shared.settings.domain;
in { in {
services.murmur = let services.murmur = let
certLocation = config.security.acme.certs."${svc_domain}".directory; certLocation = config.security.acme.certs."${svc_domain}".directory;

2
machines/gerd/services/teeworlds.nix
View file

@ -5,6 +5,6 @@
enable = true; enable = true;
openPorts = true; openPorts = true;
motd = "Welcome to ${config.mine.settings.domain}'s Teeworld server!"; motd = "Welcome to ${config.mine.shared.settings.domain}'s Teeworld server!";
}; };
} }

8
shared/default.nix
View file

@ -14,8 +14,8 @@ in {
]; ];
# TODO(eyJhb): why is the commented line a infinite recurssion # TODO(eyJhb): why is the commented line a infinite recurssion
mine.settings.domain_tld = "dk"; mine.shared.settings.domain_tld = "dk";
mine.settings.domain_sld = "fricloud"; mine.shared.settings.domain_sld = "fricloud";
# mine.settings.domain = "${config.mine.settings.domain_sld}.${config.mine.settings.domain_tld}"; # mine.shared.settings.domain = "${config.mine.shared.settings.domain_sld}.${config.mine.shared.settings.domain_tld}";
mine.settings.domain = "fricloud.dk"; mine.shared.settings.domain = "fricloud.dk";
} }

2
shared/modules/default.nix
View file

@ -1,6 +1,6 @@
{ {
imports = [ imports = [
./settings.nix ./shared.nix
./zrepl.nix ./zrepl.nix
./disko.nix ./disko.nix

2
shared/modules/settings.nix → shared/modules/shared.nix
View file

@ -1,7 +1,7 @@
{ lib, ... }: { lib, ... }:
{ {
options.mine.settings = lib.mkOption { options.mine.shared.settings = lib.mkOption {
type = lib.types.attrsOf lib.types.anything; type = lib.types.attrsOf lib.types.anything;
default = {}; default = {};
}; };