Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat: improved and unified config, now will be almost the same as what is in nixpkgs

Browse source
This commit is contained in:
silver 2023-11-12 03:27:30 +00:00
parent c27f1749a2
commit 09fb8cf56e
3 changed files with 54 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
applications/bitwarden/_bitwarden-directory-connector.nix
View file

@ -8,6 +8,7 @@
pkg-config, pkg-config,
libsecret, libsecret,
nodejs_18, nodejs_18,
makeWrapper,
}: let }: let
buildNpmPackage' = buildNpmPackage.override {nodejs = nodejs_18;}; buildNpmPackage' = buildNpmPackage.override {nodejs = nodejs_18;};
in in
@ -18,7 +19,7 @@ in
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bitwarden"; owner = "bitwarden";
repo = "directory-connector"; repo = "directory-connector";
rev = "b2bc45137013b258bffda2c2703715cb9f6e687f"; rev = "v${version}";
hash = "sha256-CgaCnMWNVWCJBypNcdoseVCwD8Mlq4YaWpK+VZT/7Qk="; hash = "sha256-CgaCnMWNVWCJBypNcdoseVCwD8Mlq4YaWpK+VZT/7Qk=";
leaveDotGit = true; leaveDotGit = true;
}; };
@ -31,8 +32,16 @@ in
npmBuildScript = "build:cli:prod"; npmBuildScript = "build:cli:prod";
installPhase = '' installPhase = ''
mkdir -p $out runHook preInstall
mkdir -p $out/bin
cp -R {build-cli,node_modules} $out cp -R {build-cli,node_modules} $out
runHook postInstall
'';
# needs to be wrapped with nodejs so that it can be executed
postInstall = ''
chmod +x $out/build-cli/bwdc.js
makeWrapper $out/build-cli/bwdc.js $out/bin/${pname} --prefix PATH:"${lib.makeBinPath [nodejs_18]}"
''; '';
buildInputs = [ buildInputs = [
@ -43,6 +52,7 @@ in
git git
python3 python3
pkg-config pkg-config
makeWrapper
]; ];
meta = with lib; { meta = with lib; {
@ -51,5 +61,6 @@ in
license = licenses.gpl3Only; license = licenses.gpl3Only;
maintainers = with maintainers; [Silver-Golden]; maintainers = with maintainers; [Silver-Golden];
platforms = platforms.linux; platforms = platforms.linux;
mainProgram = "${pname}";
}; };
} }

64
applications/bitwarden/_bitwarden_sync_module.nix
View file

@ -5,18 +5,13 @@
... ...
}: }:
with lib; let with lib; let
# to be changed once the package is accepted cfg = config.services.bitwarden_directory_connector;
connector = pkgs.callPackage ./_bitwarden-directory-connector.nix {};
cfg = config.services.bitwarden_connector;
nodejs = pkgs.nodejs-18_x;
ldap_data = '' ldap_data = ''
{ {
"ssl": ${boolToString cfg.ldap.ssl}, "ssl": ${boolToString cfg.ldap.ssl},
"startTls": ${boolToString cfg.ldap.startTls}, "startTls": ${boolToString cfg.ldap.startTls},
"sslAllowUnauthorized": ${boolToString cfg.ldap.startTls}, "sslAllowUnauthorized": ${boolToString cfg.ldap.sslAllowUnauthorized},
"port": ${toString cfg.ldap.port}, "port": ${toString cfg.ldap.port},
"currentUser": false, "currentUser": false,
"ad": ${boolToString cfg.ldap.ad}, "ad": ${boolToString cfg.ldap.ad},
@ -66,9 +61,23 @@ with lib; let
in { in {
imports = []; imports = [];
options.services.bitwarden_connector = { options.services.bitwarden_directory_connector = {
enable = mkEnableOption "Bitwarden Directory Connector"; enable = mkEnableOption "Bitwarden Directory Connector";
package = mkOption {
type = types.package;
default = pkgs.bitwarden-directory-connector;
defaultText = literalExpression "pkgs.bitwarden-directory-connector";
description = lib.mdDoc "Reference to the Ditwarden Directory Connector package";
example = literalExpression "pkgs.bitwarden-directory-connector-example";
};
binary_name = mkOption {
type = types.str;
description = lib.mdDoc "The main binary for the connector.";
default = "bitwarden-directory-connector";
};
domain = mkOption { domain = mkOption {
type = types.str; type = types.str;
description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessable on."; description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessable on.";
@ -84,7 +93,7 @@ in {
directory = mkOption { directory = mkOption {
type = types.str; type = types.str;
description = lib.mdDoc "Folder to store the config file."; description = lib.mdDoc "Folder to store the config file.";
default = "/etc/bitwarden/${cfg.user}"; default = "/etc/bitwarden/bwdc";
}; };
ldap = { ldap = {
@ -96,7 +105,7 @@ in {
startTls = mkOption { startTls = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = lib.mdDoc "Use startTls."; description = lib.mdDoc "Use STARTTLS.";
}; };
sslAllowUnauthorized = mkOption { sslAllowUnauthorized = mkOption {
type = types.bool; type = types.bool;
@ -141,7 +150,7 @@ in {
interval = mkOption { interval = mkOption {
type = types.str; type = types.str;
default = "*:0,15,30,45"; default = "*:0,15,30,45";
description = lib.mdDoc "When to run the connector, cron syntax."; description = lib.mdDoc "When to run the connector, OnCalendar syntax.";
}; };
removeDisabled = mkOption { removeDisabled = mkOption {
type = types.bool; type = types.bool;
@ -157,7 +166,7 @@ in {
largeImport = mkOption { largeImport = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = lib.mdDoc "Enable if you ar syncing more than 2000 users/groups."; description = lib.mdDoc "Enable if you are syncing more than 2000 users/groups.";
}; };
memberAttribute = mkOption { memberAttribute = mkOption {
@ -247,10 +256,9 @@ in {
}; };
env = { env = {
description = "Env files to be passed in.";
ldap = mkOption rec { ldap = mkOption rec {
type = types.str; type = types.str;
description = "Auth for the LDAP, has ${cfg.ldap.pw_env}"; description = "Auth for the LDAP, has value defined in {option}`ldap.pw_env";
}; };
bitwarden = mkOption rec { bitwarden = mkOption rec {
type = types.str; type = types.str;
@ -271,18 +279,18 @@ in {
}; };
systemd = { systemd = {
timers."${cfg.user}" = { timers.bitwarden_directory_connector = {
description = "Timer for ${cfg.user}"; description = "Sync timer for Bitwarden Directory Connector";
wantedBy = ["timers.target"]; wantedBy = ["timers.target"];
partOf = ["${cfg.user}.service"]; partOf = ["bitwarden_directory_connector.service"];
timerConfig = { timerConfig = {
OnCalendar = cfg.sync.interval; OnCalendar = cfg.sync.interval;
Unit = "${cfg.user}.service"; Unit = "bitwarden_directory_connector.service";
Persistent = true; Persistent = true;
}; };
}; };
services."${cfg.user}" = { services.bitwarden_directory_connector = {
description = "Main process for Bitwarden Directory Connector"; description = "Main process for Bitwarden Directory Connector";
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
after = ["network-online.target"]; after = ["network-online.target"];
@ -297,14 +305,14 @@ in {
Type = "oneshot"; Type = "oneshot";
User = "${cfg.user}"; User = "${cfg.user}";
Group = "${cfg.user}"; Group = "${cfg.user}";
ExecStartPre = pkgs.writeShellScript "${cfg.user}-config" '' ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" ''
# create the config file # create the config file
${nodejs}/bin/node ${connector}/build-cli/bwdc.js data-file ${cfg.package}/bin/${cfg.binary_name} data-file
${nodejs}/bin/node ${connector}/build-cli/bwdc.js config server ${cfg.domain} ${cfg.package}/bin/${cfg.binary_name} config server ${cfg.domain}
# now login to set credentials # now login to set credentials
${nodejs}/bin/node ${connector}/build-cli/bwdc.js login ${cfg.package}/bin/${cfg.binary_name} login
# set the ldap details # set the ldap details
sed -i 's/"ldap": null/"ldap": ${sed_string ldap_data}/' ${cfg.directory}/data.json sed -i 's/"ldap": null/"ldap": ${sed_string ldap_data}/' ${cfg.directory}/data.json
@ -317,11 +325,11 @@ in {
sed -i 's/"sync": null/"sync": ${sed_string sync_data}/' ${cfg.directory}/data.json sed -i 's/"sync": null/"sync": ${sed_string sync_data}/' ${cfg.directory}/data.json
# final config # final config
${nodejs}/bin/node ${connector}/build-cli/bwdc.js config directory 0 ${cfg.package}/bin/${cfg.binary_name} config directory 0
${nodejs}/bin/node ${connector}/build-cli/bwdc.js config ldap.password --secretenv ${cfg.ldap.pw_env} ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env}
''; '';
ExecStart = ''${nodejs}/bin/node ${connector}/build-cli/bwdc.js sync''; ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync'';
EnvironmentFile = [ EnvironmentFile = [
"${cfg.env.ldap}" "${cfg.env.ldap}"
@ -331,4 +339,8 @@ in {
}; };
}; };
}; };
meta = with lib; {
maintainers = with maintainers; [Silver-Golden];
};
} }

4
applications/bitwarden/bitwarden_sync.nix
View file

@ -15,11 +15,13 @@ in {
age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age; age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age;
age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age; age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age;
services.bitwarden_connector = { services.bitwarden_directory_connector = {
enable = true; enable = true;
domain = "https://pw.skynet.ie"; domain = "https://pw.skynet.ie";
package = pkgs.callPackage ./_bitwarden-directory-connector.nix {};
ldap = { ldap = {
ssl = false; ssl = false;
startTls = false; startTls = false;