modules.settings->shared: renamed mine.settings to mine.shared.settings
Allows to use it with other things, such as ... mine.shared.lib mine.shared.meta mine.shared.settings
This commit is contained in:
parent
75ac478a80
commit
918c32299e
11 changed files with 45 additions and 45 deletions
|
@ -1,7 +1,7 @@
|
|||
{ config, ... }:
|
||||
|
||||
let
|
||||
svc_domain = "auth.${config.mine.settings.domain}";
|
||||
svc_domain = "auth.${config.mine.shared.settings.domain}";
|
||||
|
||||
autheliaStateDir = "/var/lib/authelia-main";
|
||||
in {
|
||||
|
@ -17,7 +17,7 @@ in {
|
|||
};
|
||||
|
||||
settings = {
|
||||
session.domain = config.mine.settings.domain;
|
||||
session.domain = config.mine.shared.settings.domain;
|
||||
|
||||
# totp - disable for now, as it requires email server
|
||||
access_control.default_policy = "one_factor";
|
||||
|
@ -41,19 +41,19 @@ in {
|
|||
timeout = "5s";
|
||||
start_tls = false;
|
||||
|
||||
base_dn = config.mine.settings.ldap.dc;
|
||||
additional_users_dn = "ou=${config.mine.settings.ldap.ou.users}";
|
||||
additional_groups_dn = "ou=${config.mine.settings.ldap.ou.groups}";
|
||||
base_dn = config.mine.shared.settings.ldap.dc;
|
||||
additional_users_dn = "ou=${config.mine.shared.settings.ldap.ou.users}";
|
||||
additional_groups_dn = "ou=${config.mine.shared.settings.ldap.ou.groups}";
|
||||
users_filter = "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))";
|
||||
groups_filter = "(member={dn})";
|
||||
|
||||
|
||||
display_name_attribute = config.mine.settings.ldap.attr.firstname;
|
||||
username_attribute = config.mine.settings.ldap.attr.uid;
|
||||
group_name_attribute = config.mine.settings.ldap.attr.groupname;
|
||||
mail_attribute = config.mine.settings.ldap.attr.email;
|
||||
display_name_attribute = config.mine.shared.settings.ldap.attr.firstname;
|
||||
username_attribute = config.mine.shared.settings.ldap.attr.uid;
|
||||
group_name_attribute = config.mine.shared.settings.ldap.attr.groupname;
|
||||
mail_attribute = config.mine.shared.settings.ldap.attr.email;
|
||||
|
||||
user = config.mine.settings.ldap.bind_dn;
|
||||
user = config.mine.shared.settings.ldap.bind_dn;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -81,5 +81,5 @@ in {
|
|||
users.groups."${config.age.secrets.lldap-bind-user-pass.group}".members = [ config.users.users.authelia-main.name ];
|
||||
|
||||
# settings
|
||||
mine.settings.authelia.domain = svc_domain;
|
||||
mine.shared.settings.authelia.domain = svc_domain;
|
||||
}
|
||||
|
|
|
@ -31,19 +31,19 @@ let
|
|||
--active \
|
||||
--security-protocol unencrypted \
|
||||
--skip-tls-verify \
|
||||
--host ${config.mine.settings.ldap.host} \
|
||||
--port ${builtins.toString config.mine.settings.ldap.port} \
|
||||
--bind-dn "${config.mine.settings.ldap.bind_dn}" \
|
||||
--host ${config.mine.shared.settings.ldap.host} \
|
||||
--port ${builtins.toString config.mine.shared.settings.ldap.port} \
|
||||
--bind-dn "${config.mine.shared.settings.ldap.bind_dn}" \
|
||||
--bind-password "$BIND_USERPASS" \
|
||||
--user-filter '(&${config.mine.settings.ldap.user_filter}(|(${config.mine.settings.ldap.attr.uid}=%[1]s)(${config.mine.settings.ldap.attr.email}=%[1]s)))' \
|
||||
--admin-filter '${config.mine.settings.ldap.admin_filter}' \
|
||||
--username-attribute ${config.mine.settings.ldap.attr.uid} \
|
||||
--firstname-attribute ${config.mine.settings.ldap.attr.firstname} \
|
||||
--surname-attribute ${config.mine.settings.ldap.attr.lastname} \
|
||||
--email-attribute ${config.mine.settings.ldap.attr.email} \
|
||||
--avatar-attribute ${config.mine.settings.ldap.attr.avatar} \
|
||||
--user-filter '(&${config.mine.shared.settings.ldap.user_filter}(|(${config.mine.shared.settings.ldap.attr.uid}=%[1]s)(${config.mine.shared.settings.ldap.attr.email}=%[1]s)))' \
|
||||
--admin-filter '${config.mine.shared.settings.ldap.admin_filter}' \
|
||||
--username-attribute ${config.mine.shared.settings.ldap.attr.uid} \
|
||||
--firstname-attribute ${config.mine.shared.settings.ldap.attr.firstname} \
|
||||
--surname-attribute ${config.mine.shared.settings.ldap.attr.lastname} \
|
||||
--email-attribute ${config.mine.shared.settings.ldap.attr.email} \
|
||||
--avatar-attribute ${config.mine.shared.settings.ldap.attr.avatar} \
|
||||
--synchronize-users \
|
||||
--user-search-base '${config.mine.settings.ldap.search_base}' \
|
||||
--user-search-base '${config.mine.shared.settings.ldap.search_base}' \
|
||||
|
||||
echo "PRERUN-LDAP: Finished adding/updating..."
|
||||
'';
|
||||
|
@ -77,7 +77,7 @@ let
|
|||
--provider openidConnect \
|
||||
--key forgejo \
|
||||
--secret "$SECRET" \
|
||||
--auto-discover-url "https://${config.mine.settings.authelia.domain}/.well-known/openid-configuration" \
|
||||
--auto-discover-url "https://${config.mine.shared.settings.authelia.domain}/.well-known/openid-configuration" \
|
||||
--skip-local-2fa true \
|
||||
--scopes "email" \
|
||||
--scopes "profile" \
|
||||
|
@ -107,7 +107,7 @@ in {
|
|||
|
||||
public = false;
|
||||
authorization_policy = "one_factor";
|
||||
redirect_uris = [ "https://${config.mine.settings.forgejo.domain}/user/oauth2/${AUTHELIA_AUTH_NAME}/callback" ];
|
||||
redirect_uris = [ "https://${config.mine.shared.settings.forgejo.domain}/user/oauth2/${AUTHELIA_AUTH_NAME}/callback" ];
|
||||
scopes = [
|
||||
"openid"
|
||||
"email"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
svc_domain = "git.${config.mine.settings.domain}";
|
||||
svc_domain = "git.${config.mine.shared.settings.domain}";
|
||||
|
||||
in {
|
||||
services.forgejo = {
|
||||
|
@ -49,5 +49,5 @@ in {
|
|||
};
|
||||
|
||||
# settings
|
||||
mine.settings.forgejo.domain = svc_domain;
|
||||
mine.shared.settings.forgejo.domain = svc_domain;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
svc_domain = config.mine.settings.domain;
|
||||
svc_domain = config.mine.shared.settings.domain;
|
||||
in {
|
||||
services.nginx.virtualHosts."${svc_domain}" = {
|
||||
forceSSL = true;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, ... }:
|
||||
|
||||
let
|
||||
svc_domain = "hedgedoc.${config.mine.settings.domain}";
|
||||
svc_domain = "hedgedoc.${config.mine.shared.settings.domain}";
|
||||
|
||||
stateDir = config.mine.zfsMounts."rpool/safe/svcs/hedgedoc";
|
||||
in {
|
||||
|
@ -29,11 +29,11 @@ in {
|
|||
# setup ldap
|
||||
# https://github.com/lldap/lldap/blob/main/example_configs/hedgedoc.md
|
||||
ldap = {
|
||||
url = config.mine.settings.ldap.url;
|
||||
bindDn = config.mine.settings.ldap.bind_dn;
|
||||
searchBase = config.mine.settings.ldap.search_base;
|
||||
searchFilter = "(&${config.mine.settings.ldap.user_filter}(|(${config.mine.settings.ldap.attr.uid}={{username}})(${config.mine.settings.ldap.attr.email}={{username}})))";
|
||||
useridField = config.mine.settings.ldap.attr.uid;
|
||||
url = config.mine.shared.settings.ldap.url;
|
||||
bindDn = config.mine.shared.settings.ldap.bind_dn;
|
||||
searchBase = config.mine.shared.settings.ldap.search_base;
|
||||
searchFilter = "(&${config.mine.shared.settings.ldap.user_filter}(|(${config.mine.shared.settings.ldap.attr.uid}={{username}})(${config.mine.shared.settings.ldap.attr.email}={{username}})))";
|
||||
useridField = config.mine.shared.settings.ldap.attr.uid;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, ... }:
|
||||
|
||||
let
|
||||
svc_domain = "ldap.${config.mine.settings.domain}";
|
||||
svc_domain = "ldap.${config.mine.shared.settings.domain}";
|
||||
in {
|
||||
services.lldap = {
|
||||
enable = true;
|
||||
|
@ -9,7 +9,7 @@ in {
|
|||
settings = {
|
||||
verbose = true;
|
||||
ldap_user_email = "fricloudlldap.grief462@simplelogin.com";
|
||||
ldap_base_dn = config.mine.settings.ldap.dc;
|
||||
ldap_base_dn = config.mine.shared.settings.ldap.dc;
|
||||
};
|
||||
|
||||
environment = {
|
||||
|
@ -48,12 +48,12 @@ in {
|
|||
# The users are all located in ou=people, + the base DN, so by default user bob is at cn=bob,ou=people,dc=example,dc=com.
|
||||
# Similarly, the groups are located in ou=groups, so the group family will be at cn=family,ou=groups,dc=example,dc=com.
|
||||
# Testing group membership through memberOf is supported, so you can have a filter like: (memberOf=cn=admins,ou=groups,dc=example,dc=com).
|
||||
mine.settings.ldap = rec {
|
||||
mine.shared.settings.ldap = rec {
|
||||
host = "localhost";
|
||||
port = 3890;
|
||||
url = "ldap://${host}:${builtins.toString port}";
|
||||
|
||||
dc = "dc=${config.mine.settings.domain_sld},dc=${config.mine.settings.domain_tld}";
|
||||
dc = "dc=${config.mine.shared.settings.domain_sld},dc=${config.mine.shared.settings.domain_tld}";
|
||||
bind_dn = "uid=${users.bind},ou=${ou.users},${dc}";
|
||||
search_base = "ou=${ou.users},${dc}";
|
||||
user_filter = "(memberof=cn=${groups.member},ou=${ou.groups},${dc})";
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
svc_domain = config.mine.settings.domain;
|
||||
svc_domain = config.mine.shared.settings.domain;
|
||||
in {
|
||||
services.murmur = let
|
||||
certLocation = config.security.acme.certs."${svc_domain}".directory;
|
||||
|
|
|
@ -5,6 +5,6 @@
|
|||
enable = true;
|
||||
openPorts = true;
|
||||
|
||||
motd = "Welcome to ${config.mine.settings.domain}'s Teeworld server!";
|
||||
motd = "Welcome to ${config.mine.shared.settings.domain}'s Teeworld server!";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -14,8 +14,8 @@ in {
|
|||
];
|
||||
|
||||
# TODO(eyJhb): why is the commented line a infinite recurssion
|
||||
mine.settings.domain_tld = "dk";
|
||||
mine.settings.domain_sld = "fricloud";
|
||||
# mine.settings.domain = "${config.mine.settings.domain_sld}.${config.mine.settings.domain_tld}";
|
||||
mine.settings.domain = "fricloud.dk";
|
||||
mine.shared.settings.domain_tld = "dk";
|
||||
mine.shared.settings.domain_sld = "fricloud";
|
||||
# mine.shared.settings.domain = "${config.mine.shared.settings.domain_sld}.${config.mine.shared.settings.domain_tld}";
|
||||
mine.shared.settings.domain = "fricloud.dk";
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
imports = [
|
||||
./settings.nix
|
||||
./shared.nix
|
||||
|
||||
./zrepl.nix
|
||||
./disko.nix
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
options.mine.settings = lib.mkOption {
|
||||
options.mine.shared.settings = lib.mkOption {
|
||||
type = lib.types.attrsOf lib.types.anything;
|
||||
default = {};
|
||||
};
|
Loading…
Reference in a new issue