diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix index 31c8eeb..75a977e 100644 --- a/applications/bitwarden/_bitwarden_sync_module.nix +++ b/applications/bitwarden/_bitwarden_sync_module.nix @@ -7,57 +7,51 @@ with lib; let cfg = config.services.bitwarden_directory_connector; - ldap_data = '' - { - "ssl": ${boolToString cfg.ldap.ssl}, - "startTls": ${boolToString cfg.ldap.startTls}, - "sslAllowUnauthorized": ${boolToString cfg.ldap.sslAllowUnauthorized}, - "port": ${toString cfg.ldap.port}, - "currentUser": false, - "ad": ${boolToString cfg.ldap.ad}, - "pagedSearch": true, - "password": "to_be_replaced", - "hostname": "${cfg.ldap.hostname}", - "rootPath": "${cfg.ldap.root}", - "username": "${cfg.ldap.username}" - } - ''; + ldap_data = builtins.toJSON { + ssl = cfg.ldap.ssl; + startTls = cfg.ldap.startTls; + sslAllowUnauthorized = cfg.ldap.sslAllowUnauthorized; + port = cfg.ldap.port; + currentUser = false; + ad = cfg.ldap.ad; + pagedSearch = true; + password = "to_be_replaced"; + hostname = cfg.ldap.hostname; + rootPath = cfg.ldap.root; + username = cfg.ldap.username; + }; - sync_data = '' - { - "removeDisabled": ${boolToString cfg.sync.removeDisabled}, - "overwriteExisting": ${boolToString cfg.sync.overwriteExisting}, - "largeImport": ${boolToString cfg.sync.largeImport}, - "creationDateAttribute": "${cfg.sync.creationDateAttribute}", - "memberAttribute": "${cfg.sync.memberAttribute}", + sync_data = + builtins.toJSON + ({ + removeDisabled = cfg.sync.removeDisabled; + overwriteExisting = cfg.sync.overwriteExisting; + largeImport = cfg.sync.largeImport; + creationDateAttribute = cfg.sync.creationDateAttribute; + memberAttribute = cfg.sync.memberAttribute; + interval = 5; + useEmailPrefixSuffix = cfg.sync.emailPrefixSuffix.enable; + users = cfg.sync.users.enable; + groups = cfg.sync.groups.enable; + } + // optionalAttrs cfg.sync.emailPrefixSuffix.enable { + emailPrefixAttribute = cfg.sync.emailPrefixSuffix.prefixAttribute; + emailSuffix = cfg.sync.emailPrefixSuffix.suffix; + } + // optionalAttrs cfg.sync.users.enable { + userPath = cfg.sync.users.path; + userObjectClass = cfg.sync.users.objectClass; + userEmailAttribute = cfg.sync.users.emailAttribute; + userFilter = cfg.sync.users.filter; + } + // optionalAttrs cfg.sync.groups.enable { + groupPath = cfg.sync.groups.path; + groupObjectClass = cfg.sync.groups.objectClass; + groupNameAttribute = cfg.sync.groups.nameAttribute; + groupFilter = cfg.sync.groups.filter; + }); - "useEmailPrefixSuffix": ${boolToString cfg.sync.emailPrefixSuffix.enable}, - ${optionalString cfg.sync.emailPrefixSuffix.enable '' - "emailPrefixAttribute": "${cfg.sync.emailPrefixSuffix.prefixAttribute}", - "emailSuffix": "${cfg.sync.emailPrefixSuffix.suffix}", - ''} - - "users": ${boolToString cfg.sync.users.enable}, - ${optionalString cfg.sync.users.enable '' - "userPath": "${cfg.sync.users.path}", - "userObjectClass": "${cfg.sync.users.objectClass}", - "userEmailAttribute": "${cfg.sync.users.emailAttribute}", - "userFilter": "${cfg.sync.users.filter}", - ''} - - "groups": ${boolToString cfg.sync.groups.enable}, - ${optionalString cfg.sync.groups.enable '' - "groupPath": "${cfg.sync.groups.path}", - "groupObjectClass": "${cfg.sync.groups.objectClass}", - "groupNameAttribute": "${cfg.sync.groups.nameAttribute}", - "groupFilter": "${cfg.sync.groups.filter}", - ''} - - "interval": 5 - } - ''; - - sed_string = string: builtins.replaceStrings ["." "/" "\n"] ["\\." "\\/" "\\n"] string; + json_string = string: builtins.replaceStrings ["\""] ["\\\""] string; in { imports = []; @@ -68,7 +62,7 @@ in { type = types.package; default = pkgs.bitwarden-directory-connector; defaultText = literalExpression "pkgs.bitwarden-directory-connector"; - description = lib.mdDoc "Reference to the Ditwarden Directory Connector package"; + description = lib.mdDoc "Reference to the Bitwarden Directory Connector package"; example = literalExpression "pkgs.bitwarden-directory-connector-example"; }; @@ -295,6 +289,7 @@ in { wantedBy = ["multi-user.target"]; after = ["network-online.target"]; wants = []; + path = [pkgs.jq]; environment = { BITWARDENCLI_CONNECTOR_APPDATA_DIR = cfg.directory; @@ -315,18 +310,26 @@ in { ${cfg.package}/bin/${cfg.binary_name} login # set the ldap details - sed -i 's/"ldap": null/"ldap": ${sed_string ldap_data}/' ${cfg.directory}/data.json + account=$(jq '.authenticatedAccounts[0]?' ${cfg.directory}/data.json) + jq ".[$account].directoryConfigurations.ldap |= ${json_string ldap_data}" ${cfg.directory}/data.json > ${cfg.directory}/data1.json + + # remove the original + rm -f ${cfg.directory}/data.json # set the client id orgID=$(echo $BW_CLIENTID | sed 's/organization\.//g') - sed -i "s/\"organizationId\": null/\"organizationId\": \"$orgID\"/" ${cfg.directory}/data.json + jq ".[$account].directorySettings.organizationId |= \"$orgID\" " ${cfg.directory}/data1.json > ${cfg.directory}/data2.json # and sync data - sed -i 's/"sync": null/"sync": ${sed_string sync_data}/' ${cfg.directory}/data.json + jq ".[$account].directorySettings.sync |= ${json_string sync_data}" ${cfg.directory}/data2.json > ${cfg.directory}/data.json # final config ${cfg.package}/bin/${cfg.binary_name} config directory 0 ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env} + + # cleanup temp files + rm -f ${cfg.directory}/data1.json + rm -f ${cfg.directory}/data2.json ''; ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync'';