64 lines
1.5 KiB
Nix
64 lines
1.5 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
in {
|
|
imports = [
|
|
./_bitwarden_sync_module.nix
|
|
];
|
|
|
|
options = {};
|
|
|
|
config = {
|
|
age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age;
|
|
age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age;
|
|
|
|
services.bitwarden_connector = {
|
|
enable = true;
|
|
|
|
domain = "https://pw.skynet.ie";
|
|
|
|
ldap = {
|
|
ssl = false;
|
|
startTls = false;
|
|
sslAllowUnauthorized = false;
|
|
ad = false;
|
|
port = 389;
|
|
hostname = "account.skynet.ie";
|
|
root = "dc=skynet,dc=ie";
|
|
username = "cn=admin,dc=skynet,dc=ie";
|
|
pw_env = "LDAP_ADMIN_PW";
|
|
};
|
|
|
|
sync = {
|
|
removeDisabled = true;
|
|
overwriteExisting = false;
|
|
largeImport = false;
|
|
memberAttribute = "member";
|
|
creationDateAttribute = "skCreated";
|
|
emailPrefixSuffix.enable = false;
|
|
users = {
|
|
enable = true;
|
|
path = "ou=users";
|
|
objectClass = "inetOrgPerson";
|
|
emailAttribute = "skMail";
|
|
filter = "(|(memberOf=cn=skynet-committee,ou=groups,dc=skynet,dc=ie)(memberOf=cn=skynet-admins,ou=groups,dc=skynet,dc=ie))";
|
|
};
|
|
groups = {
|
|
enable = true;
|
|
path = "ou=groups";
|
|
objectClass = "groupOfNames";
|
|
nameAttribute = "cn";
|
|
filter = "";
|
|
};
|
|
};
|
|
|
|
env = {
|
|
bitwarden = config.age.secrets.bitwarden_sync_api.path;
|
|
ldap = config.age.secrets.bitwarden_sync_ldap.path;
|
|
};
|
|
};
|
|
};
|
|
}
|