feat: Improved config further

This commit is contained in:
silver 2023-11-12 21:58:27 +00:00
parent 09fb8cf56e
commit e810bca085

View file

@ -7,57 +7,51 @@
with lib; let with lib; let
cfg = config.services.bitwarden_directory_connector; cfg = config.services.bitwarden_directory_connector;
ldap_data = '' ldap_data = builtins.toJSON {
{ ssl = cfg.ldap.ssl;
"ssl": ${boolToString cfg.ldap.ssl}, startTls = cfg.ldap.startTls;
"startTls": ${boolToString cfg.ldap.startTls}, sslAllowUnauthorized = cfg.ldap.sslAllowUnauthorized;
"sslAllowUnauthorized": ${boolToString cfg.ldap.sslAllowUnauthorized}, port = cfg.ldap.port;
"port": ${toString cfg.ldap.port}, currentUser = false;
"currentUser": false, ad = cfg.ldap.ad;
"ad": ${boolToString cfg.ldap.ad}, pagedSearch = true;
"pagedSearch": true, password = "to_be_replaced";
"password": "to_be_replaced", hostname = cfg.ldap.hostname;
"hostname": "${cfg.ldap.hostname}", rootPath = cfg.ldap.root;
"rootPath": "${cfg.ldap.root}", username = cfg.ldap.username;
"username": "${cfg.ldap.username}" };
sync_data =
builtins.toJSON
({
removeDisabled = cfg.sync.removeDisabled;
overwriteExisting = cfg.sync.overwriteExisting;
largeImport = cfg.sync.largeImport;
creationDateAttribute = cfg.sync.creationDateAttribute;
memberAttribute = cfg.sync.memberAttribute;
interval = 5;
useEmailPrefixSuffix = cfg.sync.emailPrefixSuffix.enable;
users = cfg.sync.users.enable;
groups = cfg.sync.groups.enable;
} }
''; // optionalAttrs cfg.sync.emailPrefixSuffix.enable {
emailPrefixAttribute = cfg.sync.emailPrefixSuffix.prefixAttribute;
sync_data = '' emailSuffix = cfg.sync.emailPrefixSuffix.suffix;
{
"removeDisabled": ${boolToString cfg.sync.removeDisabled},
"overwriteExisting": ${boolToString cfg.sync.overwriteExisting},
"largeImport": ${boolToString cfg.sync.largeImport},
"creationDateAttribute": "${cfg.sync.creationDateAttribute}",
"memberAttribute": "${cfg.sync.memberAttribute}",
"useEmailPrefixSuffix": ${boolToString cfg.sync.emailPrefixSuffix.enable},
${optionalString cfg.sync.emailPrefixSuffix.enable ''
"emailPrefixAttribute": "${cfg.sync.emailPrefixSuffix.prefixAttribute}",
"emailSuffix": "${cfg.sync.emailPrefixSuffix.suffix}",
''}
"users": ${boolToString cfg.sync.users.enable},
${optionalString cfg.sync.users.enable ''
"userPath": "${cfg.sync.users.path}",
"userObjectClass": "${cfg.sync.users.objectClass}",
"userEmailAttribute": "${cfg.sync.users.emailAttribute}",
"userFilter": "${cfg.sync.users.filter}",
''}
"groups": ${boolToString cfg.sync.groups.enable},
${optionalString cfg.sync.groups.enable ''
"groupPath": "${cfg.sync.groups.path}",
"groupObjectClass": "${cfg.sync.groups.objectClass}",
"groupNameAttribute": "${cfg.sync.groups.nameAttribute}",
"groupFilter": "${cfg.sync.groups.filter}",
''}
"interval": 5
} }
''; // optionalAttrs cfg.sync.users.enable {
userPath = cfg.sync.users.path;
userObjectClass = cfg.sync.users.objectClass;
userEmailAttribute = cfg.sync.users.emailAttribute;
userFilter = cfg.sync.users.filter;
}
// optionalAttrs cfg.sync.groups.enable {
groupPath = cfg.sync.groups.path;
groupObjectClass = cfg.sync.groups.objectClass;
groupNameAttribute = cfg.sync.groups.nameAttribute;
groupFilter = cfg.sync.groups.filter;
});
sed_string = string: builtins.replaceStrings ["." "/" "\n"] ["\\." "\\/" "\\n"] string; json_string = string: builtins.replaceStrings ["\""] ["\\\""] string;
in { in {
imports = []; imports = [];
@ -68,7 +62,7 @@ in {
type = types.package; type = types.package;
default = pkgs.bitwarden-directory-connector; default = pkgs.bitwarden-directory-connector;
defaultText = literalExpression "pkgs.bitwarden-directory-connector"; defaultText = literalExpression "pkgs.bitwarden-directory-connector";
description = lib.mdDoc "Reference to the Ditwarden Directory Connector package"; description = lib.mdDoc "Reference to the Bitwarden Directory Connector package";
example = literalExpression "pkgs.bitwarden-directory-connector-example"; example = literalExpression "pkgs.bitwarden-directory-connector-example";
}; };
@ -295,6 +289,7 @@ in {
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
after = ["network-online.target"]; after = ["network-online.target"];
wants = []; wants = [];
path = [pkgs.jq];
environment = { environment = {
BITWARDENCLI_CONNECTOR_APPDATA_DIR = cfg.directory; BITWARDENCLI_CONNECTOR_APPDATA_DIR = cfg.directory;
@ -315,18 +310,26 @@ in {
${cfg.package}/bin/${cfg.binary_name} login ${cfg.package}/bin/${cfg.binary_name} login
# set the ldap details # set the ldap details
sed -i 's/"ldap": null/"ldap": ${sed_string ldap_data}/' ${cfg.directory}/data.json account=$(jq '.authenticatedAccounts[0]?' ${cfg.directory}/data.json)
jq ".[$account].directoryConfigurations.ldap |= ${json_string ldap_data}" ${cfg.directory}/data.json > ${cfg.directory}/data1.json
# remove the original
rm -f ${cfg.directory}/data.json
# set the client id # set the client id
orgID=$(echo $BW_CLIENTID | sed 's/organization\.//g') orgID=$(echo $BW_CLIENTID | sed 's/organization\.//g')
sed -i "s/\"organizationId\": null/\"organizationId\": \"$orgID\"/" ${cfg.directory}/data.json jq ".[$account].directorySettings.organizationId |= \"$orgID\" " ${cfg.directory}/data1.json > ${cfg.directory}/data2.json
# and sync data # and sync data
sed -i 's/"sync": null/"sync": ${sed_string sync_data}/' ${cfg.directory}/data.json jq ".[$account].directorySettings.sync |= ${json_string sync_data}" ${cfg.directory}/data2.json > ${cfg.directory}/data.json
# final config # final config
${cfg.package}/bin/${cfg.binary_name} config directory 0 ${cfg.package}/bin/${cfg.binary_name} config directory 0
${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env} ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env}
# cleanup temp files
rm -f ${cfg.directory}/data1.json
rm -f ${cfg.directory}/data2.json
''; '';
ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync''; ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync'';