feat: Improved config further
This commit is contained in:
parent
09fb8cf56e
commit
e810bca085
1 changed files with 56 additions and 53 deletions
|
@ -7,57 +7,51 @@
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.services.bitwarden_directory_connector;
|
cfg = config.services.bitwarden_directory_connector;
|
||||||
|
|
||||||
ldap_data = ''
|
ldap_data = builtins.toJSON {
|
||||||
{
|
ssl = cfg.ldap.ssl;
|
||||||
"ssl": ${boolToString cfg.ldap.ssl},
|
startTls = cfg.ldap.startTls;
|
||||||
"startTls": ${boolToString cfg.ldap.startTls},
|
sslAllowUnauthorized = cfg.ldap.sslAllowUnauthorized;
|
||||||
"sslAllowUnauthorized": ${boolToString cfg.ldap.sslAllowUnauthorized},
|
port = cfg.ldap.port;
|
||||||
"port": ${toString cfg.ldap.port},
|
currentUser = false;
|
||||||
"currentUser": false,
|
ad = cfg.ldap.ad;
|
||||||
"ad": ${boolToString cfg.ldap.ad},
|
pagedSearch = true;
|
||||||
"pagedSearch": true,
|
password = "to_be_replaced";
|
||||||
"password": "to_be_replaced",
|
hostname = cfg.ldap.hostname;
|
||||||
"hostname": "${cfg.ldap.hostname}",
|
rootPath = cfg.ldap.root;
|
||||||
"rootPath": "${cfg.ldap.root}",
|
username = cfg.ldap.username;
|
||||||
"username": "${cfg.ldap.username}"
|
};
|
||||||
|
|
||||||
|
sync_data =
|
||||||
|
builtins.toJSON
|
||||||
|
({
|
||||||
|
removeDisabled = cfg.sync.removeDisabled;
|
||||||
|
overwriteExisting = cfg.sync.overwriteExisting;
|
||||||
|
largeImport = cfg.sync.largeImport;
|
||||||
|
creationDateAttribute = cfg.sync.creationDateAttribute;
|
||||||
|
memberAttribute = cfg.sync.memberAttribute;
|
||||||
|
interval = 5;
|
||||||
|
useEmailPrefixSuffix = cfg.sync.emailPrefixSuffix.enable;
|
||||||
|
users = cfg.sync.users.enable;
|
||||||
|
groups = cfg.sync.groups.enable;
|
||||||
}
|
}
|
||||||
'';
|
// optionalAttrs cfg.sync.emailPrefixSuffix.enable {
|
||||||
|
emailPrefixAttribute = cfg.sync.emailPrefixSuffix.prefixAttribute;
|
||||||
sync_data = ''
|
emailSuffix = cfg.sync.emailPrefixSuffix.suffix;
|
||||||
{
|
|
||||||
"removeDisabled": ${boolToString cfg.sync.removeDisabled},
|
|
||||||
"overwriteExisting": ${boolToString cfg.sync.overwriteExisting},
|
|
||||||
"largeImport": ${boolToString cfg.sync.largeImport},
|
|
||||||
"creationDateAttribute": "${cfg.sync.creationDateAttribute}",
|
|
||||||
"memberAttribute": "${cfg.sync.memberAttribute}",
|
|
||||||
|
|
||||||
"useEmailPrefixSuffix": ${boolToString cfg.sync.emailPrefixSuffix.enable},
|
|
||||||
${optionalString cfg.sync.emailPrefixSuffix.enable ''
|
|
||||||
"emailPrefixAttribute": "${cfg.sync.emailPrefixSuffix.prefixAttribute}",
|
|
||||||
"emailSuffix": "${cfg.sync.emailPrefixSuffix.suffix}",
|
|
||||||
''}
|
|
||||||
|
|
||||||
"users": ${boolToString cfg.sync.users.enable},
|
|
||||||
${optionalString cfg.sync.users.enable ''
|
|
||||||
"userPath": "${cfg.sync.users.path}",
|
|
||||||
"userObjectClass": "${cfg.sync.users.objectClass}",
|
|
||||||
"userEmailAttribute": "${cfg.sync.users.emailAttribute}",
|
|
||||||
"userFilter": "${cfg.sync.users.filter}",
|
|
||||||
''}
|
|
||||||
|
|
||||||
"groups": ${boolToString cfg.sync.groups.enable},
|
|
||||||
${optionalString cfg.sync.groups.enable ''
|
|
||||||
"groupPath": "${cfg.sync.groups.path}",
|
|
||||||
"groupObjectClass": "${cfg.sync.groups.objectClass}",
|
|
||||||
"groupNameAttribute": "${cfg.sync.groups.nameAttribute}",
|
|
||||||
"groupFilter": "${cfg.sync.groups.filter}",
|
|
||||||
''}
|
|
||||||
|
|
||||||
"interval": 5
|
|
||||||
}
|
}
|
||||||
'';
|
// optionalAttrs cfg.sync.users.enable {
|
||||||
|
userPath = cfg.sync.users.path;
|
||||||
|
userObjectClass = cfg.sync.users.objectClass;
|
||||||
|
userEmailAttribute = cfg.sync.users.emailAttribute;
|
||||||
|
userFilter = cfg.sync.users.filter;
|
||||||
|
}
|
||||||
|
// optionalAttrs cfg.sync.groups.enable {
|
||||||
|
groupPath = cfg.sync.groups.path;
|
||||||
|
groupObjectClass = cfg.sync.groups.objectClass;
|
||||||
|
groupNameAttribute = cfg.sync.groups.nameAttribute;
|
||||||
|
groupFilter = cfg.sync.groups.filter;
|
||||||
|
});
|
||||||
|
|
||||||
sed_string = string: builtins.replaceStrings ["." "/" "\n"] ["\\." "\\/" "\\n"] string;
|
json_string = string: builtins.replaceStrings ["\""] ["\\\""] string;
|
||||||
in {
|
in {
|
||||||
imports = [];
|
imports = [];
|
||||||
|
|
||||||
|
@ -68,7 +62,7 @@ in {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = pkgs.bitwarden-directory-connector;
|
default = pkgs.bitwarden-directory-connector;
|
||||||
defaultText = literalExpression "pkgs.bitwarden-directory-connector";
|
defaultText = literalExpression "pkgs.bitwarden-directory-connector";
|
||||||
description = lib.mdDoc "Reference to the Ditwarden Directory Connector package";
|
description = lib.mdDoc "Reference to the Bitwarden Directory Connector package";
|
||||||
example = literalExpression "pkgs.bitwarden-directory-connector-example";
|
example = literalExpression "pkgs.bitwarden-directory-connector-example";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -295,6 +289,7 @@ in {
|
||||||
wantedBy = ["multi-user.target"];
|
wantedBy = ["multi-user.target"];
|
||||||
after = ["network-online.target"];
|
after = ["network-online.target"];
|
||||||
wants = [];
|
wants = [];
|
||||||
|
path = [pkgs.jq];
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
BITWARDENCLI_CONNECTOR_APPDATA_DIR = cfg.directory;
|
BITWARDENCLI_CONNECTOR_APPDATA_DIR = cfg.directory;
|
||||||
|
@ -315,18 +310,26 @@ in {
|
||||||
${cfg.package}/bin/${cfg.binary_name} login
|
${cfg.package}/bin/${cfg.binary_name} login
|
||||||
|
|
||||||
# set the ldap details
|
# set the ldap details
|
||||||
sed -i 's/"ldap": null/"ldap": ${sed_string ldap_data}/' ${cfg.directory}/data.json
|
account=$(jq '.authenticatedAccounts[0]?' ${cfg.directory}/data.json)
|
||||||
|
jq ".[$account].directoryConfigurations.ldap |= ${json_string ldap_data}" ${cfg.directory}/data.json > ${cfg.directory}/data1.json
|
||||||
|
|
||||||
|
# remove the original
|
||||||
|
rm -f ${cfg.directory}/data.json
|
||||||
|
|
||||||
# set the client id
|
# set the client id
|
||||||
orgID=$(echo $BW_CLIENTID | sed 's/organization\.//g')
|
orgID=$(echo $BW_CLIENTID | sed 's/organization\.//g')
|
||||||
sed -i "s/\"organizationId\": null/\"organizationId\": \"$orgID\"/" ${cfg.directory}/data.json
|
jq ".[$account].directorySettings.organizationId |= \"$orgID\" " ${cfg.directory}/data1.json > ${cfg.directory}/data2.json
|
||||||
|
|
||||||
# and sync data
|
# and sync data
|
||||||
sed -i 's/"sync": null/"sync": ${sed_string sync_data}/' ${cfg.directory}/data.json
|
jq ".[$account].directorySettings.sync |= ${json_string sync_data}" ${cfg.directory}/data2.json > ${cfg.directory}/data.json
|
||||||
|
|
||||||
# final config
|
# final config
|
||||||
${cfg.package}/bin/${cfg.binary_name} config directory 0
|
${cfg.package}/bin/${cfg.binary_name} config directory 0
|
||||||
${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env}
|
${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env}
|
||||||
|
|
||||||
|
# cleanup temp files
|
||||||
|
rm -f ${cfg.directory}/data1.json
|
||||||
|
rm -f ${cfg.directory}/data2.json
|
||||||
'';
|
'';
|
||||||
|
|
||||||
ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync'';
|
ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync'';
|
||||||
|
|
Loading…
Reference in a new issue