80 lines
1.9 KiB
Nix
80 lines
1.9 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
user = "bwdc";
|
|
in {
|
|
imports = [
|
|
./_bitwarden_sync_module.nix
|
|
];
|
|
|
|
options = {};
|
|
|
|
config = {
|
|
age.secrets.bitwarden_sync_id = {
|
|
file = ../../secrets/bitwarden/id.age;
|
|
owner = user;
|
|
group = user;
|
|
};
|
|
age.secrets.bitwarden_sync_secret = {
|
|
file = ../../secrets/bitwarden/secret.age;
|
|
owner = user;
|
|
group = user;
|
|
};
|
|
age.secrets.bitwarden_sync_ldap = {
|
|
file = ../../secrets/ldap/pw.age;
|
|
owner = user;
|
|
group = user;
|
|
};
|
|
|
|
services.bitwarden-directory-connector = {
|
|
enable = true;
|
|
|
|
user = user;
|
|
|
|
domain = "https://pw.skynet.ie";
|
|
|
|
package = pkgs.callPackage ./_bitwarden-directory-connector.nix {};
|
|
|
|
ldap = {
|
|
ssl = false;
|
|
startTls = false;
|
|
sslAllowUnauthorized = false;
|
|
ad = false;
|
|
port = 389;
|
|
hostname = "account.skynet.ie";
|
|
rootPath = "dc=skynet,dc=ie";
|
|
username = "cn=admin,dc=skynet,dc=ie";
|
|
};
|
|
|
|
sync = {
|
|
removeDisabled = true;
|
|
overwriteExisting = false;
|
|
largeImport = false;
|
|
memberAttribute = "member";
|
|
creationDateAttribute = "skCreated";
|
|
|
|
users = true;
|
|
userPath = "ou=users";
|
|
userObjectClass = "inetOrgPerson";
|
|
userEmailAttribute = "skMail";
|
|
userFilter = "(|(memberOf=cn=skynet-committee,ou=groups,dc=skynet,dc=ie)(memberOf=cn=skynet-admins,ou=groups,dc=skynet,dc=ie))";
|
|
|
|
groups = true;
|
|
groupPath = "ou=groups";
|
|
groupObjectClass = "groupOfNames";
|
|
groupNameAttribute = "cn";
|
|
};
|
|
|
|
secrets = {
|
|
ldap = config.age.secrets.bitwarden_sync_ldap.path;
|
|
bitwarden = {
|
|
client_path_id = config.age.secrets.bitwarden_sync_id.path;
|
|
client_path_secret = config.age.secrets.bitwarden_sync_secret.path;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|