nixos/applications/bitwarden/bitwarden_sync.nix

63 lines
1.5 KiB
Nix

{
pkgs,
config,
lib,
...
}: let
in {
imports = [
./_bitwarden_sync_module.nix
];
options = {};
config = {
age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age;
age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age;
services.bitwarden_directory_connector = {
enable = true;
domain = "https://pw.skynet.ie";
package = pkgs.callPackage ./_bitwarden-directory-connector.nix {};
pw_env = "LDAP_ADMIN_PW";
ldap = {
ssl = false;
startTls = false;
sslAllowUnauthorized = false;
ad = false;
port = 389;
hostname = "account.skynet.ie";
rootPath = "dc=skynet,dc=ie";
username = "cn=admin,dc=skynet,dc=ie";
};
sync = {
removeDisabled = true;
overwriteExisting = false;
largeImport = false;
memberAttribute = "member";
creationDateAttribute = "skCreated";
users = true;
userPath = "ou=users";
userObjectClass = "inetOrgPerson";
userEmailAttribute = "skMail";
userFilter = "(|(memberOf=cn=skynet-committee,ou=groups,dc=skynet,dc=ie)(memberOf=cn=skynet-admins,ou=groups,dc=skynet,dc=ie))";
groups = true;
groupPath = "ou=groups";
groupObjectClass = "groupOfNames";
groupNameAttribute = "cn";
};
env = {
bitwarden = config.age.secrets.bitwarden_sync_api.path;
ldap = config.age.secrets.bitwarden_sync_ldap.path;
};
};
};
}