From a7508ae8afabf552fdca6d7c5e17d82072b8e37a Mon Sep 17 00:00:00 2001 From: eyjhb Date: Fri, 9 Aug 2024 22:10:34 +0200 Subject: [PATCH] gerd.forgejo: now syncs external user data + initial work for script Added the command needed to automatically add the ldap auth source --- machines/gerd/services/forgejo.nix | 47 +++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 11 deletions(-) diff --git a/machines/gerd/services/forgejo.nix b/machines/gerd/services/forgejo.nix index 2f68d66..a5d4990 100644 --- a/machines/gerd/services/forgejo.nix +++ b/machines/gerd/services/forgejo.nix @@ -1,7 +1,6 @@ { config, ... }: { - # https://wiki.nixos.org/wiki/Forgejo services.forgejo = { enable = true; @@ -14,23 +13,49 @@ HTTPPORT = 3000; }; + # sync ldap and forgejo + "cron.sync_external_users" = { + RUN_AT_START = true; + SCHEDULE = "@every 15m"; + UPDATE_EXISTING = true; + }; + service.DISABLE_REGISTRATION = true; }; - }; + # test = pkgs.writeScriptBin "test" '' + # gitea \ + # --work-path /srv/forgejo/ \ + # admin auth add-ldap \ + # --name lldap \ + # --active \ + # --security-protocol unencrypted \ + # --skip-tls-verify \ + # --host localhost \ + # --port 3890 \ + # --user-filter '(&(memberof=cn=user,ou=groups,dc=fricloud,dc=dk)(|(uid=%[1]s)(mail=%[1]s)))' \ + # --admin-filter '(memberof=cn=lldap_admin,ou=groups,dc=fricloud,dc=dk)' \ + # --username-attribute uid \ + # --firstname-attribute givenName \ + # --surname-attribute sn \ + # --email-attribute mail \ + # --avatar-attribute jpegPhoto \ + # --synchronize-users \ + # --user-search-base 'ou=people,dc=fricloud,dc=dk' \ + # ''; + + # TODO(eyJhb): remove after our ban expires (and nginx config) # already issued for this exact set of domains in the last 168 hours: git.fricloud.dk, retry after 2024-08-10T01:34:44Z security.acme.certs."git.fricloud.dk".extraDomainNames = [ "git2.fricloud.dk" ]; - services.nginx = { - virtualHosts."git.fricloud.dk" = { - forceSSL = true; - enableACME = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations."/".proxyPass = "http://localhost:3000"; - }; + services.nginx.virtualHosts."git.fricloud.dk" = { + forceSSL = true; + enableACME = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "http://localhost:${builtins.toString config.services.forgejo.settings.server.HTTPPORT}"; }; }