nixos/applications/bitwarden/bitwarden_sync.nix

65 lines
1.5 KiB
Nix
Raw Normal View History

{
pkgs,
config,
lib,
...
}: let
in {
imports = [
./_bitwarden_sync_module.nix
];
options = {};
config = {
age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age;
age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age;
services.bitwarden_connector = {
enable = true;
domain = "https://pw.skynet.ie";
ldap = {
ssl = false;
startTls = false;
sslAllowUnauthorized = false;
ad = false;
port = 389;
hostname = "account.skynet.ie";
root = "dc=skynet,dc=ie";
username = "cn=admin,dc=skynet,dc=ie";
pw_env = "LDAP_ADMIN_PW";
};
sync = {
removeDisabled = true;
overwriteExisting = false;
largeImport = false;
memberAttribute = "member";
creationDateAttribute = "skCreated";
emailPrefixSuffix.enable = false;
users = {
enable = true;
path = "ou=users";
objectClass = "inetOrgPerson";
emailAttribute = "skMail";
filter = "(|(memberOf=cn=skynet-committee,ou=groups,dc=skynet,dc=ie)(memberOf=cn=skynet-admins,ou=groups,dc=skynet,dc=ie))";
};
groups = {
enable = true;
path = "ou=groups";
objectClass = "groupOfNames";
nameAttribute = "cn";
filter = "";
};
};
env = {
bitwarden = config.age.secrets.bitwarden_sync_api.path;
ldap = config.age.secrets.bitwarden_sync_ldap.path;
};
};
};
}