fricloud/server-configs
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

modules.settings->shared: renamed mine.settings to mine.shared.settings

Browse source 
Allows to use it with other things, such as ...

mine.shared.lib
mine.shared.meta
mine.shared.settings
This commit is contained in:
eyjhb 2024-08-12 20:51:38 +02:00
parent 75ac478a80
commit 918c32299e
No known key found for this signature in database
GPG key ID: 609F508E3239F920
11 changed files with 45 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
machines/gerd/services/authelia/authelia.nix
View file

@ -1,7 +1,7 @@
{ config, ... }:
let
svc_domain = "auth.${config.mine.settings.domain}";
svc_domain = "auth.${config.mine.shared.settings.domain}";
autheliaStateDir = "/var/lib/authelia-main";
in {
@ -17,7 +17,7 @@ in {
};
settings = {
session.domain = config.mine.settings.domain;
session.domain = config.mine.shared.settings.domain;
# totp - disable for now, as it requires email server
access_control.default_policy = "one_factor";
@ -41,19 +41,19 @@ in {
timeout = "5s";
start_tls = false;
base_dn = config.mine.settings.ldap.dc;
additional_users_dn = "ou=${config.mine.settings.ldap.ou.users}";
additional_groups_dn = "ou=${config.mine.settings.ldap.ou.groups}";
base_dn = config.mine.shared.settings.ldap.dc;
additional_users_dn = "ou=${config.mine.shared.settings.ldap.ou.users}";
additional_groups_dn = "ou=${config.mine.shared.settings.ldap.ou.groups}";
users_filter = "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))";
groups_filter = "(member={dn})";
display_name_attribute = config.mine.settings.ldap.attr.firstname;
username_attribute = config.mine.settings.ldap.attr.uid;
group_name_attribute = config.mine.settings.ldap.attr.groupname;
mail_attribute = config.mine.settings.ldap.attr.email;
display_name_attribute = config.mine.shared.settings.ldap.attr.firstname;
username_attribute = config.mine.shared.settings.ldap.attr.uid;
group_name_attribute = config.mine.shared.settings.ldap.attr.groupname;
mail_attribute = config.mine.shared.settings.ldap.attr.email;
user = config.mine.settings.ldap.bind_dn;
user = config.mine.shared.settings.ldap.bind_dn;
};
};
};
@ -81,5 +81,5 @@ in {
users.groups."${config.age.secrets.lldap-bind-user-pass.group}".members = [ config.users.users.authelia-main.name ];
# settings
mine.settings.authelia.domain = svc_domain;
mine.shared.settings.authelia.domain = svc_domain;
}

26
machines/gerd/services/forgejo/auth_sources.nix
View file

@ -31,19 +31,19 @@ let
--active \
--security-protocol unencrypted \
--skip-tls-verify \
--host ${config.mine.settings.ldap.host} \
--port ${builtins.toString config.mine.settings.ldap.port} \
--bind-dn "${config.mine.settings.ldap.bind_dn}" \
--host ${config.mine.shared.settings.ldap.host} \
--port ${builtins.toString config.mine.shared.settings.ldap.port} \
--bind-dn "${config.mine.shared.settings.ldap.bind_dn}" \
--bind-password "$BIND_USERPASS" \
--user-filter '(&${config.mine.settings.ldap.user_filter}(|(${config.mine.settings.ldap.attr.uid}=%[1]s)(${config.mine.settings.ldap.attr.email}=%[1]s)))' \
--admin-filter '${config.mine.settings.ldap.admin_filter}' \
--username-attribute ${config.mine.settings.ldap.attr.uid} \
--firstname-attribute ${config.mine.settings.ldap.attr.firstname} \
--surname-attribute ${config.mine.settings.ldap.attr.lastname} \
--email-attribute ${config.mine.settings.ldap.attr.email} \
--avatar-attribute ${config.mine.settings.ldap.attr.avatar} \
--user-filter '(&${config.mine.shared.settings.ldap.user_filter}(|(${config.mine.shared.settings.ldap.attr.uid}=%[1]s)(${config.mine.shared.settings.ldap.attr.email}=%[1]s)))' \
--admin-filter '${config.mine.shared.settings.ldap.admin_filter}' \
--username-attribute ${config.mine.shared.settings.ldap.attr.uid} \
--firstname-attribute ${config.mine.shared.settings.ldap.attr.firstname} \
--surname-attribute ${config.mine.shared.settings.ldap.attr.lastname} \
--email-attribute ${config.mine.shared.settings.ldap.attr.email} \
--avatar-attribute ${config.mine.shared.settings.ldap.attr.avatar} \
--synchronize-users \
--user-search-base '${config.mine.settings.ldap.search_base}' \
--user-search-base '${config.mine.shared.settings.ldap.search_base}' \
echo "PRERUN-LDAP: Finished adding/updating..."
'';
@ -77,7 +77,7 @@ let
--provider openidConnect \
--key forgejo \
--secret "$SECRET" \
--auto-discover-url "https://${config.mine.settings.authelia.domain}/.well-known/openid-configuration" \
--auto-discover-url "https://${config.mine.shared.settings.authelia.domain}/.well-known/openid-configuration" \
--skip-local-2fa true \
--scopes "email" \
--scopes "profile" \
@ -107,7 +107,7 @@ in {
public = false;
authorization_policy = "one_factor";
redirect_uris = [ "https://${config.mine.settings.forgejo.domain}/user/oauth2/${AUTHELIA_AUTH_NAME}/callback" ];
redirect_uris = [ "https://${config.mine.shared.settings.forgejo.domain}/user/oauth2/${AUTHELIA_AUTH_NAME}/callback" ];
scopes = [
"openid"
"email"

4
machines/gerd/services/forgejo/forgejo.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
let
svc_domain = "git.${config.mine.settings.domain}";
svc_domain = "git.${config.mine.shared.settings.domain}";
in {
services.forgejo = {
@ -49,5 +49,5 @@ in {
};
# settings
mine.settings.forgejo.domain = svc_domain;
mine.shared.settings.forgejo.domain = svc_domain;
}

2
machines/gerd/services/fricloud-website.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
svc_domain = config.mine.settings.domain;
svc_domain = config.mine.shared.settings.domain;
in {
services.nginx.virtualHosts."${svc_domain}" = {
forceSSL = true;

12
machines/gerd/services/hedgedoc.nix
View file

@ -1,7 +1,7 @@
{ config, ... }:
let
svc_domain = "hedgedoc.${config.mine.settings.domain}";
svc_domain = "hedgedoc.${config.mine.shared.settings.domain}";
stateDir = config.mine.zfsMounts."rpool/safe/svcs/hedgedoc";
in {
@ -29,11 +29,11 @@ in {
# setup ldap
# https://github.com/lldap/lldap/blob/main/example_configs/hedgedoc.md
ldap = {
url = config.mine.settings.ldap.url;
bindDn = config.mine.settings.ldap.bind_dn;
searchBase = config.mine.settings.ldap.search_base;
searchFilter = "(&${config.mine.settings.ldap.user_filter}(|(${config.mine.settings.ldap.attr.uid}={{username}})(${config.mine.settings.ldap.attr.email}={{username}})))";
useridField = config.mine.settings.ldap.attr.uid;
url = config.mine.shared.settings.ldap.url;
bindDn = config.mine.shared.settings.ldap.bind_dn;
searchBase = config.mine.shared.settings.ldap.search_base;
searchFilter = "(&${config.mine.shared.settings.ldap.user_filter}(|(${config.mine.shared.settings.ldap.attr.uid}={{username}})(${config.mine.shared.settings.ldap.attr.email}={{username}})))";
useridField = config.mine.shared.settings.ldap.attr.uid;
};
};
};

8
machines/gerd/services/lldap.nix
View file

@ -1,7 +1,7 @@
{ config, ... }:
let
svc_domain = "ldap.${config.mine.settings.domain}";
svc_domain = "ldap.${config.mine.shared.settings.domain}";
in {
services.lldap = {
enable = true;
@ -9,7 +9,7 @@ in {
settings = {
verbose = true;
ldap_user_email = "fricloudlldap.grief462@simplelogin.com";
ldap_base_dn = config.mine.settings.ldap.dc;
ldap_base_dn = config.mine.shared.settings.ldap.dc;
};
environment = {
@ -48,12 +48,12 @@ in {
# The users are all located in ou=people, + the base DN, so by default user bob is at cn=bob,ou=people,dc=example,dc=com.
# Similarly, the groups are located in ou=groups, so the group family will be at cn=family,ou=groups,dc=example,dc=com.
# Testing group membership through memberOf is supported, so you can have a filter like: (memberOf=cn=admins,ou=groups,dc=example,dc=com).
mine.settings.ldap = rec {
mine.shared.settings.ldap = rec {
host = "localhost";
port = 3890;
url = "ldap://${host}:${builtins.toString port}";
dc = "dc=${config.mine.settings.domain_sld},dc=${config.mine.settings.domain_tld}";
dc = "dc=${config.mine.shared.settings.domain_sld},dc=${config.mine.shared.settings.domain_tld}";
bind_dn = "uid=${users.bind},ou=${ou.users},${dc}";
search_base = "ou=${ou.users},${dc}";
user_filter = "(memberof=cn=${groups.member},ou=${ou.groups},${dc})";

2
machines/gerd/services/murmur.nix
View file

@ -1,7 +1,7 @@
{ config, lib, ... }:
let
svc_domain = config.mine.settings.domain;
svc_domain = config.mine.shared.settings.domain;
in {
services.murmur = let
certLocation = config.security.acme.certs."${svc_domain}".directory;

2
machines/gerd/services/teeworlds.nix
View file

@ -5,6 +5,6 @@
enable = true;
openPorts = true;
motd = "Welcome to ${config.mine.settings.domain}'s Teeworld server!";
motd = "Welcome to ${config.mine.shared.settings.domain}'s Teeworld server!";
};
}

8
shared/default.nix
View file

@ -14,8 +14,8 @@ in {
];
# TODO(eyJhb): why is the commented line a infinite recurssion
mine.settings.domain_tld = "dk";
mine.settings.domain_sld = "fricloud";
# mine.settings.domain = "${config.mine.settings.domain_sld}.${config.mine.settings.domain_tld}";
mine.settings.domain = "fricloud.dk";
mine.shared.settings.domain_tld = "dk";
mine.shared.settings.domain_sld = "fricloud";
# mine.shared.settings.domain = "${config.mine.shared.settings.domain_sld}.${config.mine.shared.settings.domain_tld}";
mine.shared.settings.domain = "fricloud.dk";
}

2
shared/modules/default.nix
View file

@ -1,6 +1,6 @@
{
imports = [
./settings.nix
./shared.nix
./zrepl.nix
./disko.nix

2
shared/modules/settings.nix → shared/modules/shared.nix
View file

@ -1,7 +1,7 @@
{ lib, ... }:
{
options.mine.settings = lib.mkOption {
options.mine.shared.settings = lib.mkOption {
type = lib.types.attrsOf lib.types.anything;
default = {};
};