gerd.forgejo: now syncs external user data + initial work for script
Added the command needed to automatically add the ldap auth source
This commit is contained in:
eyjhb
parent
1454e64981
commit
a7508ae8af
1 changed files with 36 additions and 11 deletions
|
|
@ -1,7 +1,6 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
# https://wiki.nixos.org/wiki/Forgejo
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
|
||||
|
|
@ -14,23 +13,49 @@
|
|||
HTTPPORT = 3000;
|
||||
};
|
||||
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
# sync ldap and forgejo
|
||||
"cron.sync_external_users" = {
|
||||
RUN_AT_START = true;
|
||||
SCHEDULE = "@every 15m";
|
||||
UPDATE_EXISTING = true;
|
||||
};
|
||||
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
};
|
||||
};
|
||||
|
||||
# test = pkgs.writeScriptBin "test" ''
|
||||
# gitea \
|
||||
# --work-path /srv/forgejo/ \
|
||||
# admin auth add-ldap \
|
||||
# --name lldap \
|
||||
# --active \
|
||||
# --security-protocol unencrypted \
|
||||
# --skip-tls-verify \
|
||||
# --host localhost \
|
||||
# --port 3890 \
|
||||
# --user-filter '(&(memberof=cn=user,ou=groups,dc=fricloud,dc=dk)(|(uid=%[1]s)(mail=%[1]s)))' \
|
||||
# --admin-filter '(memberof=cn=lldap_admin,ou=groups,dc=fricloud,dc=dk)' \
|
||||
# --username-attribute uid \
|
||||
# --firstname-attribute givenName \
|
||||
# --surname-attribute sn \
|
||||
# --email-attribute mail \
|
||||
# --avatar-attribute jpegPhoto \
|
||||
# --synchronize-users \
|
||||
# --user-search-base 'ou=people,dc=fricloud,dc=dk' \
|
||||
# '';
|
||||
|
||||
|
||||
# TODO(eyJhb): remove after our ban expires (and nginx config)
|
||||
# already issued for this exact set of domains in the last 168 hours: git.fricloud.dk, retry after 2024-08-10T01:34:44Z
|
||||
security.acme.certs."git.fricloud.dk".extraDomainNames = [ "git2.fricloud.dk" ];
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."git.fricloud.dk" = {
|
||||
services.nginx.virtualHosts."git.fricloud.dk" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
extraConfig = ''
|
||||
client_max_body_size 512M;
|
||||
'';
|
||||
locations."/".proxyPass = "http://localhost:3000";
|
||||
};
|
||||
locations."/".proxyPass = "http://localhost:${builtins.toString config.services.forgejo.settings.server.HTTPPORT}";
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue