feat: Improved config further
This commit is contained in:
parent
09fb8cf56e
commit
e810bca085
1 changed files with 56 additions and 53 deletions
|
@ -7,57 +7,51 @@
|
|||
with lib; let
|
||||
cfg = config.services.bitwarden_directory_connector;
|
||||
|
||||
ldap_data = ''
|
||||
{
|
||||
"ssl": ${boolToString cfg.ldap.ssl},
|
||||
"startTls": ${boolToString cfg.ldap.startTls},
|
||||
"sslAllowUnauthorized": ${boolToString cfg.ldap.sslAllowUnauthorized},
|
||||
"port": ${toString cfg.ldap.port},
|
||||
"currentUser": false,
|
||||
"ad": ${boolToString cfg.ldap.ad},
|
||||
"pagedSearch": true,
|
||||
"password": "to_be_replaced",
|
||||
"hostname": "${cfg.ldap.hostname}",
|
||||
"rootPath": "${cfg.ldap.root}",
|
||||
"username": "${cfg.ldap.username}"
|
||||
ldap_data = builtins.toJSON {
|
||||
ssl = cfg.ldap.ssl;
|
||||
startTls = cfg.ldap.startTls;
|
||||
sslAllowUnauthorized = cfg.ldap.sslAllowUnauthorized;
|
||||
port = cfg.ldap.port;
|
||||
currentUser = false;
|
||||
ad = cfg.ldap.ad;
|
||||
pagedSearch = true;
|
||||
password = "to_be_replaced";
|
||||
hostname = cfg.ldap.hostname;
|
||||
rootPath = cfg.ldap.root;
|
||||
username = cfg.ldap.username;
|
||||
};
|
||||
|
||||
sync_data =
|
||||
builtins.toJSON
|
||||
({
|
||||
removeDisabled = cfg.sync.removeDisabled;
|
||||
overwriteExisting = cfg.sync.overwriteExisting;
|
||||
largeImport = cfg.sync.largeImport;
|
||||
creationDateAttribute = cfg.sync.creationDateAttribute;
|
||||
memberAttribute = cfg.sync.memberAttribute;
|
||||
interval = 5;
|
||||
useEmailPrefixSuffix = cfg.sync.emailPrefixSuffix.enable;
|
||||
users = cfg.sync.users.enable;
|
||||
groups = cfg.sync.groups.enable;
|
||||
}
|
||||
'';
|
||||
|
||||
sync_data = ''
|
||||
{
|
||||
"removeDisabled": ${boolToString cfg.sync.removeDisabled},
|
||||
"overwriteExisting": ${boolToString cfg.sync.overwriteExisting},
|
||||
"largeImport": ${boolToString cfg.sync.largeImport},
|
||||
"creationDateAttribute": "${cfg.sync.creationDateAttribute}",
|
||||
"memberAttribute": "${cfg.sync.memberAttribute}",
|
||||
|
||||
"useEmailPrefixSuffix": ${boolToString cfg.sync.emailPrefixSuffix.enable},
|
||||
${optionalString cfg.sync.emailPrefixSuffix.enable ''
|
||||
"emailPrefixAttribute": "${cfg.sync.emailPrefixSuffix.prefixAttribute}",
|
||||
"emailSuffix": "${cfg.sync.emailPrefixSuffix.suffix}",
|
||||
''}
|
||||
|
||||
"users": ${boolToString cfg.sync.users.enable},
|
||||
${optionalString cfg.sync.users.enable ''
|
||||
"userPath": "${cfg.sync.users.path}",
|
||||
"userObjectClass": "${cfg.sync.users.objectClass}",
|
||||
"userEmailAttribute": "${cfg.sync.users.emailAttribute}",
|
||||
"userFilter": "${cfg.sync.users.filter}",
|
||||
''}
|
||||
|
||||
"groups": ${boolToString cfg.sync.groups.enable},
|
||||
${optionalString cfg.sync.groups.enable ''
|
||||
"groupPath": "${cfg.sync.groups.path}",
|
||||
"groupObjectClass": "${cfg.sync.groups.objectClass}",
|
||||
"groupNameAttribute": "${cfg.sync.groups.nameAttribute}",
|
||||
"groupFilter": "${cfg.sync.groups.filter}",
|
||||
''}
|
||||
|
||||
"interval": 5
|
||||
// optionalAttrs cfg.sync.emailPrefixSuffix.enable {
|
||||
emailPrefixAttribute = cfg.sync.emailPrefixSuffix.prefixAttribute;
|
||||
emailSuffix = cfg.sync.emailPrefixSuffix.suffix;
|
||||
}
|
||||
'';
|
||||
// optionalAttrs cfg.sync.users.enable {
|
||||
userPath = cfg.sync.users.path;
|
||||
userObjectClass = cfg.sync.users.objectClass;
|
||||
userEmailAttribute = cfg.sync.users.emailAttribute;
|
||||
userFilter = cfg.sync.users.filter;
|
||||
}
|
||||
// optionalAttrs cfg.sync.groups.enable {
|
||||
groupPath = cfg.sync.groups.path;
|
||||
groupObjectClass = cfg.sync.groups.objectClass;
|
||||
groupNameAttribute = cfg.sync.groups.nameAttribute;
|
||||
groupFilter = cfg.sync.groups.filter;
|
||||
});
|
||||
|
||||
sed_string = string: builtins.replaceStrings ["." "/" "\n"] ["\\." "\\/" "\\n"] string;
|
||||
json_string = string: builtins.replaceStrings ["\""] ["\\\""] string;
|
||||
in {
|
||||
imports = [];
|
||||
|
||||
|
@ -68,7 +62,7 @@ in {
|
|||
type = types.package;
|
||||
default = pkgs.bitwarden-directory-connector;
|
||||
defaultText = literalExpression "pkgs.bitwarden-directory-connector";
|
||||
description = lib.mdDoc "Reference to the Ditwarden Directory Connector package";
|
||||
description = lib.mdDoc "Reference to the Bitwarden Directory Connector package";
|
||||
example = literalExpression "pkgs.bitwarden-directory-connector-example";
|
||||
};
|
||||
|
||||
|
@ -295,6 +289,7 @@ in {
|
|||
wantedBy = ["multi-user.target"];
|
||||
after = ["network-online.target"];
|
||||
wants = [];
|
||||
path = [pkgs.jq];
|
||||
|
||||
environment = {
|
||||
BITWARDENCLI_CONNECTOR_APPDATA_DIR = cfg.directory;
|
||||
|
@ -315,18 +310,26 @@ in {
|
|||
${cfg.package}/bin/${cfg.binary_name} login
|
||||
|
||||
# set the ldap details
|
||||
sed -i 's/"ldap": null/"ldap": ${sed_string ldap_data}/' ${cfg.directory}/data.json
|
||||
account=$(jq '.authenticatedAccounts[0]?' ${cfg.directory}/data.json)
|
||||
jq ".[$account].directoryConfigurations.ldap |= ${json_string ldap_data}" ${cfg.directory}/data.json > ${cfg.directory}/data1.json
|
||||
|
||||
# remove the original
|
||||
rm -f ${cfg.directory}/data.json
|
||||
|
||||
# set the client id
|
||||
orgID=$(echo $BW_CLIENTID | sed 's/organization\.//g')
|
||||
sed -i "s/\"organizationId\": null/\"organizationId\": \"$orgID\"/" ${cfg.directory}/data.json
|
||||
jq ".[$account].directorySettings.organizationId |= \"$orgID\" " ${cfg.directory}/data1.json > ${cfg.directory}/data2.json
|
||||
|
||||
# and sync data
|
||||
sed -i 's/"sync": null/"sync": ${sed_string sync_data}/' ${cfg.directory}/data.json
|
||||
jq ".[$account].directorySettings.sync |= ${json_string sync_data}" ${cfg.directory}/data2.json > ${cfg.directory}/data.json
|
||||
|
||||
# final config
|
||||
${cfg.package}/bin/${cfg.binary_name} config directory 0
|
||||
${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env}
|
||||
|
||||
# cleanup temp files
|
||||
rm -f ${cfg.directory}/data1.json
|
||||
rm -f ${cfg.directory}/data2.json
|
||||
'';
|
||||
|
||||
ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync'';
|
||||
|
|
Loading…
Reference in a new issue