feat: Improved config further

This commit is contained in:
silver 2023-11-12 21:58:27 +00:00
parent 09fb8cf56e
commit e810bca085

View file

@ -7,57 +7,51 @@
with lib; let
cfg = config.services.bitwarden_directory_connector;
ldap_data = ''
{
"ssl": ${boolToString cfg.ldap.ssl},
"startTls": ${boolToString cfg.ldap.startTls},
"sslAllowUnauthorized": ${boolToString cfg.ldap.sslAllowUnauthorized},
"port": ${toString cfg.ldap.port},
"currentUser": false,
"ad": ${boolToString cfg.ldap.ad},
"pagedSearch": true,
"password": "to_be_replaced",
"hostname": "${cfg.ldap.hostname}",
"rootPath": "${cfg.ldap.root}",
"username": "${cfg.ldap.username}"
ldap_data = builtins.toJSON {
ssl = cfg.ldap.ssl;
startTls = cfg.ldap.startTls;
sslAllowUnauthorized = cfg.ldap.sslAllowUnauthorized;
port = cfg.ldap.port;
currentUser = false;
ad = cfg.ldap.ad;
pagedSearch = true;
password = "to_be_replaced";
hostname = cfg.ldap.hostname;
rootPath = cfg.ldap.root;
username = cfg.ldap.username;
};
sync_data =
builtins.toJSON
({
removeDisabled = cfg.sync.removeDisabled;
overwriteExisting = cfg.sync.overwriteExisting;
largeImport = cfg.sync.largeImport;
creationDateAttribute = cfg.sync.creationDateAttribute;
memberAttribute = cfg.sync.memberAttribute;
interval = 5;
useEmailPrefixSuffix = cfg.sync.emailPrefixSuffix.enable;
users = cfg.sync.users.enable;
groups = cfg.sync.groups.enable;
}
'';
sync_data = ''
{
"removeDisabled": ${boolToString cfg.sync.removeDisabled},
"overwriteExisting": ${boolToString cfg.sync.overwriteExisting},
"largeImport": ${boolToString cfg.sync.largeImport},
"creationDateAttribute": "${cfg.sync.creationDateAttribute}",
"memberAttribute": "${cfg.sync.memberAttribute}",
"useEmailPrefixSuffix": ${boolToString cfg.sync.emailPrefixSuffix.enable},
${optionalString cfg.sync.emailPrefixSuffix.enable ''
"emailPrefixAttribute": "${cfg.sync.emailPrefixSuffix.prefixAttribute}",
"emailSuffix": "${cfg.sync.emailPrefixSuffix.suffix}",
''}
"users": ${boolToString cfg.sync.users.enable},
${optionalString cfg.sync.users.enable ''
"userPath": "${cfg.sync.users.path}",
"userObjectClass": "${cfg.sync.users.objectClass}",
"userEmailAttribute": "${cfg.sync.users.emailAttribute}",
"userFilter": "${cfg.sync.users.filter}",
''}
"groups": ${boolToString cfg.sync.groups.enable},
${optionalString cfg.sync.groups.enable ''
"groupPath": "${cfg.sync.groups.path}",
"groupObjectClass": "${cfg.sync.groups.objectClass}",
"groupNameAttribute": "${cfg.sync.groups.nameAttribute}",
"groupFilter": "${cfg.sync.groups.filter}",
''}
"interval": 5
// optionalAttrs cfg.sync.emailPrefixSuffix.enable {
emailPrefixAttribute = cfg.sync.emailPrefixSuffix.prefixAttribute;
emailSuffix = cfg.sync.emailPrefixSuffix.suffix;
}
'';
// optionalAttrs cfg.sync.users.enable {
userPath = cfg.sync.users.path;
userObjectClass = cfg.sync.users.objectClass;
userEmailAttribute = cfg.sync.users.emailAttribute;
userFilter = cfg.sync.users.filter;
}
// optionalAttrs cfg.sync.groups.enable {
groupPath = cfg.sync.groups.path;
groupObjectClass = cfg.sync.groups.objectClass;
groupNameAttribute = cfg.sync.groups.nameAttribute;
groupFilter = cfg.sync.groups.filter;
});
sed_string = string: builtins.replaceStrings ["." "/" "\n"] ["\\." "\\/" "\\n"] string;
json_string = string: builtins.replaceStrings ["\""] ["\\\""] string;
in {
imports = [];
@ -68,7 +62,7 @@ in {
type = types.package;
default = pkgs.bitwarden-directory-connector;
defaultText = literalExpression "pkgs.bitwarden-directory-connector";
description = lib.mdDoc "Reference to the Ditwarden Directory Connector package";
description = lib.mdDoc "Reference to the Bitwarden Directory Connector package";
example = literalExpression "pkgs.bitwarden-directory-connector-example";
};
@ -295,6 +289,7 @@ in {
wantedBy = ["multi-user.target"];
after = ["network-online.target"];
wants = [];
path = [pkgs.jq];
environment = {
BITWARDENCLI_CONNECTOR_APPDATA_DIR = cfg.directory;
@ -315,18 +310,26 @@ in {
${cfg.package}/bin/${cfg.binary_name} login
# set the ldap details
sed -i 's/"ldap": null/"ldap": ${sed_string ldap_data}/' ${cfg.directory}/data.json
account=$(jq '.authenticatedAccounts[0]?' ${cfg.directory}/data.json)
jq ".[$account].directoryConfigurations.ldap |= ${json_string ldap_data}" ${cfg.directory}/data.json > ${cfg.directory}/data1.json
# remove the original
rm -f ${cfg.directory}/data.json
# set the client id
orgID=$(echo $BW_CLIENTID | sed 's/organization\.//g')
sed -i "s/\"organizationId\": null/\"organizationId\": \"$orgID\"/" ${cfg.directory}/data.json
jq ".[$account].directorySettings.organizationId |= \"$orgID\" " ${cfg.directory}/data1.json > ${cfg.directory}/data2.json
# and sync data
sed -i 's/"sync": null/"sync": ${sed_string sync_data}/' ${cfg.directory}/data.json
jq ".[$account].directorySettings.sync |= ${json_string sync_data}" ${cfg.directory}/data2.json > ${cfg.directory}/data.json
# final config
${cfg.package}/bin/${cfg.binary_name} config directory 0
${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env}
# cleanup temp files
rm -f ${cfg.directory}/data1.json
rm -f ${cfg.directory}/data2.json
'';
ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync'';