gerd.forgejo: now syncs external user data + initial work for script

Added the command needed to automatically add the ldap auth source
This commit is contained in:
eyjhb 2024-08-09 22:10:34 +02:00
parent 1454e64981
commit a7508ae8af
No known key found for this signature in database
GPG key ID: 609F508E3239F920

View file

@ -1,7 +1,6 @@
{ config, ... }: { config, ... }:
{ {
# https://wiki.nixos.org/wiki/Forgejo
services.forgejo = { services.forgejo = {
enable = true; enable = true;
@ -14,23 +13,49 @@
HTTPPORT = 3000; HTTPPORT = 3000;
}; };
# sync ldap and forgejo
"cron.sync_external_users" = {
RUN_AT_START = true;
SCHEDULE = "@every 15m";
UPDATE_EXISTING = true;
};
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
}; };
}; };
# test = pkgs.writeScriptBin "test" ''
# gitea \
# --work-path /srv/forgejo/ \
# admin auth add-ldap \
# --name lldap \
# --active \
# --security-protocol unencrypted \
# --skip-tls-verify \
# --host localhost \
# --port 3890 \
# --user-filter '(&(memberof=cn=user,ou=groups,dc=fricloud,dc=dk)(|(uid=%[1]s)(mail=%[1]s)))' \
# --admin-filter '(memberof=cn=lldap_admin,ou=groups,dc=fricloud,dc=dk)' \
# --username-attribute uid \
# --firstname-attribute givenName \
# --surname-attribute sn \
# --email-attribute mail \
# --avatar-attribute jpegPhoto \
# --synchronize-users \
# --user-search-base 'ou=people,dc=fricloud,dc=dk' \
# '';
# TODO(eyJhb): remove after our ban expires (and nginx config) # TODO(eyJhb): remove after our ban expires (and nginx config)
# already issued for this exact set of domains in the last 168 hours: git.fricloud.dk, retry after 2024-08-10T01:34:44Z # already issued for this exact set of domains in the last 168 hours: git.fricloud.dk, retry after 2024-08-10T01:34:44Z
security.acme.certs."git.fricloud.dk".extraDomainNames = [ "git2.fricloud.dk" ]; security.acme.certs."git.fricloud.dk".extraDomainNames = [ "git2.fricloud.dk" ];
services.nginx = { services.nginx.virtualHosts."git.fricloud.dk" = {
virtualHosts."git.fricloud.dk" = { forceSSL = true;
forceSSL = true; enableACME = true;
enableACME = true; extraConfig = ''
extraConfig = '' client_max_body_size 512M;
client_max_body_size 512M; '';
''; locations."/".proxyPass = "http://localhost:${builtins.toString config.services.forgejo.settings.server.HTTPPORT}";
locations."/".proxyPass = "http://localhost:3000";
};
}; };
} }