feat: packaged up Bitwardens Directory Connector

2023-11-06 04:16:33 +00:00 · 2023-11-06 04:16:33 +00:00 · 54f54d31b1
commit 54f54d31b1
parent 8bb2c26a99
5 changed files with 475 additions and 1 deletions
--- a/applications/bitwarden/bitwarden_sync.nix
+++ b/applications/bitwarden/bitwarden_sync.nix
@ -0,0 +1,64 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
+in {
+  imports = [
+    ./_bitwarden_sync_module.nix
+  ];
+
+  options = {};
+
+  config = {
+    age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age;
+    age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age;
+
+    services.bitwarden_connector = {
+      enable = true;
+
+      domain = "https://pw.skynet.ie";
+
+      ldap = {
+        ssl = false;
+        startTls = false;
+        sslAllowUnauthorized = false;
+        ad = false;
+        port = 389;
+        hostname = "account.skynet.ie";
+        root = "dc=skynet,dc=ie";
+        username = "cn=admin,dc=skynet,dc=ie";
+        pw_env = "LDAP_ADMIN_PW";
+      };
+
+      sync = {
+        removeDisabled = true;
+        overwriteExisting = false;
+        largeImport = false;
+        memberAttribute = "member";
+        creationDateAttribute = "skCreated";
+        emailPrefixSuffix.enable = false;
+        users = {
+          enable = true;
+          path = "ou=users";
+          objectClass = "inetOrgPerson";
+          emailAttribute = "skMail";
+          filter = "(|(memberOf=cn=skynet-committee,ou=groups,dc=skynet,dc=ie)(memberOf=cn=skynet-admins,ou=groups,dc=skynet,dc=ie))";
+        };
+        groups = {
+          enable = true;
+          path = "ou=groups";
+          objectClass = "groupOfNames";
+          nameAttribute = "cn";
+          filter = "";
+        };
+      };
+
+      env = {
+        bitwarden = config.age.secrets.bitwarden_sync_api.path;
+        ldap = config.age.secrets.bitwarden_sync_ldap.path;
+      };
+    };
+  };
+}