From 0bce2bf6fd72468dcd51717610af2f8f5e91279a Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Fri, 29 Sep 2023 10:42:19 +0200 Subject: [PATCH] fix lib, remove old openldap --- utils/modules/openldap.nix | 325 ----------------------- utils/pkgs/wow-addon-manager/default.nix | 2 +- 2 files changed, 1 insertion(+), 326 deletions(-) delete mode 100644 utils/modules/openldap.nix diff --git a/utils/modules/openldap.nix b/utils/modules/openldap.nix deleted file mode 100644 index 5acd3c9..0000000 --- a/utils/modules/openldap.nix +++ /dev/null @@ -1,325 +0,0 @@ -{ - pkgs, - config, - ... -}: { - services.openldap = { - enable = true; - - settings.attrs.olcLogLevel = "0"; - - settings.attrs.olcTLSCACertificateFile = config.sops.secrets.openldap-ca.path; - settings.attrs.olcTLSCertificateFile = config.sops.secrets.openldap-cert.path; - settings.attrs.olcTLSCertificateKeyFile = config.sops.secrets.openldap-key.path; - - settings.children = { - "cn=schema".includes = [ - "${pkgs.openldap}/etc/schema/core.ldif" - "${pkgs.openldap}/etc/schema/cosine.ldif" - "${pkgs.openldap}/etc/schema/inetorgperson.ldif" - "${pkgs.openldap}/etc/schema/nis.ldif" - ]; - - "olcDatabase={1}mdb".attrs = { - objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; - olcDatabase = "{1}mdb"; - olcDbDirectory = "/var/lib/openldap/data"; - olcRootPW.path = config.sops.secrets.openldap-rootpw.path; - olcRootDN = "cn=admin,dc=cloonar,dc=com"; - olcSuffix = "dc=cloonar,dc=com"; - olcAccess = [ - '' - {0}to attrs=userPassword - by self write by anonymous auth - by dn.base="cn=dovecot,dc=cloonar,dc=com" read - by dn.base="cn=gogs,ou=system,ou=users,dc=cloonar,dc=com" read - read by * none - '' - '' - {1}to attrs=loginShell - by self write - by * read - '' - '' - {2}to dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" - by dn.base="cn=dovecot,dc=mail,dc=cloonar,dc=com" read - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by * none - '' - '' - {3}to dn.subtree="ou=jabber,ou=users,dc=cloonar,dc=com" - by dn.base="cn=prosody,ou=system,ou=users,dc=eve" write - by * read - '' - '' - {4}to * by * read - '' - ]; - }; - "olcOverlay=syncprov,olcDatabase={1}mdb".attrs = { - objectClass = ["olcOverlayConfig" "olcSyncProvConfig"]; - olcOverlay = "syncprov"; - olcSpSessionLog = "100"; - }; - "olcDatabase={2}monitor".attrs = { - olcDatabase = "{2}monitor"; - objectClass = ["olcDatabaseConfig" "olcMonitorConfig"]; - olcAccess = [ - '' - {0}to * - by dn.exact="cn=netdata,ou=system,ou=users,dc=cloonar,dc=com" read - by * none - '' - ]; - }; - - "cn={1}bitwarden,cn=schema" = { - attrs = { - cn = "{1}bitwarden"; - objectClass = "olcSchemaConfig"; - olcObjectClasses = [ - '' - (1.3.6.1.4.1.28298.1.2.4 NAME 'bitwarden' - SUP uidObject AUXILIARY - DESC 'Added to an account to allow bitwarden access' - MUST (mail $ userPassword)) - '' - ] - }; - }; - # "cn={1}squid,cn=schema".attrs = { - # cn = "{1}squid"; - # objectClass = "olcSchemaConfig"; - # olcObjectClasses = [ - # '' - # (1.3.6.1.4.1.16548.1.2.4 NAME 'proxyUser' - # SUP top AUXILIARY - # DESC 'Account to allow a user to use the Squid proxy' - # MUST ( mail $ userPassword )) - # '' - # ]; - # }; - # "cn={1}grafana,cn=schema".attrs = { - # cn = "{1}grafana"; - # objectClass = "olcSchemaConfig"; - # olcObjectClasses = [ - # '' - # (1.3.6.1.4.1.28293.1.2.5 NAME 'grafana' - # SUP uidObject AUXILIARY - # DESC 'Added to an account to allow grafana access' - # MUST (mail)) - # '' - # ]; - # }; - "cn={2}postfix,cn=schema".attrs = { - cn = "{2}postfix"; - objectClass = "olcSchemaConfig"; - olcAttributeTypes = [ - '' - (1.3.6.1.4.1.12461.1.1.1 NAME 'postfixTransport' - DESC 'A string directing postfix which transport to use' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{20} SINGLE-VALUE)'' - '' - (1.3.6.1.4.1.12461.1.1.5 NAME 'mailbox' - DESC 'The absolute path to the mailbox for a mail account in a non-default location' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) - '' - '' - (1.3.6.1.4.1.12461.1.1.6 NAME 'quota' - DESC 'A string that represents the quota on a mailbox' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) - '' - '' - (1.3.6.1.4.1.12461.1.1.8 NAME 'maildrop' - DESC 'RFC822 Mailbox - mail alias' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}) - '' - ]; - olcObjectClasses = [ - '' - (1.3.6.1.4.1.12461.1.2.1 NAME 'mailAccount' - SUP top AUXILIARY - DESC 'Mail account objects' - MUST ( mail $ userPassword ) - MAY ( cn $ description $ quota)) - '' - '' - (1.3.6.1.4.1.12461.1.2.2 NAME 'mailAlias' - SUP top STRUCTURAL - DESC 'Mail aliasing/forwarding entry' - MUST ( mail $ maildrop ) - MAY ( cn $ description )) - '' - '' - (1.3.6.1.4.1.12461.1.2.3 NAME 'mailDomain' - SUP domain STRUCTURAL - DESC 'Virtual Domain entry to be used with postfix transport maps' - MUST ( dc ) - MAY ( postfixTransport $ description )) - '' - '' - (1.3.6.1.4.1.12461.1.2.4 NAME 'mailPostmaster' - SUP top AUXILIARY - DESC 'Added to a mailAlias to create a postmaster entry' - MUST roleOccupant) - '' - ]; - }; - "cn={1}openssh,cn=schema".attrs = { - cn = "{1}openssh"; - objectClass = "olcSchemaConfig"; - olcAttributeTypes = [ - '' - (1.3.6.1.4.1.24552.500.1.1.1.13 - NAME 'sshPublicKey' - DESC 'MANDATORY: OpenSSH Public key' - EQUALITY octetStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) - '' - ]; - olcObjectClasses = [ - '' - (1.3.6.1.4.1.24552.500.1.1.2.0 - NAME 'ldapPublicKey' - SUP top AUXILIARY - DESC 'MANDATORY: OpenSSH LPK objectclass' - MUST ( sshPublicKey $ uid )) - '' - ]; - }; - "cn={1}nginx,cn=schema".attrs = { - cn = "{1}nginx"; - objectClass = "olcSchemaConfig"; - olcObjectClasses = [ - '' - (1.3.6.1.4.1.28295.1.2.4 NAME 'nginx' - SUP top AUXILIARY - DESC 'Added to an account to allow nginx access' - MUST ( mail $ userPassword )) - '' - ]; - }; - - "cn={1}nextcloud,cn=schema".attrs = { - cn = "{1}nextcloud"; - objectClass = "olcSchemaConfig"; - olcAttributeTypes = [ - '' - (1.3.6.1.4.1.39430.1.1.1 - NAME 'ownCloudQuota' - DESC 'User Quota (e.g. 15 GB)' - SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') - '' - ]; - olcObjectClasses = [ - '' - (1.3.6.1.4.1.39430.1.2.1 - NAME 'ownCloud' - DESC 'ownCloud LDAP Schema' - AUXILIARY - MUST ( mail $ userPassword ) - MAY ( ownCloudQuota )) - '' - ]; - }; - "cn={1}gogs,cn=schema".attrs = { - cn = "{1}gitlab"; - objectClass = "olcSchemaConfig"; - olcObjectClasses = [ - '' - ( 1.3.6.1.4.1.28293.1.2.4 NAME 'gitlab' - SUP uidObject AUXILIARY - DESC 'Added to an account to allow gitlab access' - MUST (mail)) - '' - ]; - }; - "cn={1}iobroker,cn=schema".attrs = { - cn = "{1}homeAssistant"; - objectClass = "olcSchemaConfig"; - olcObjectClasses = [ - '' - (1.3.6.1.4.1.28297.1.2.4 NAME 'homeAssistant' - SUP uidObject AUXILIARY - DESC 'Added to an account to allow home-assistant access' - MUST (mail) ) - '' - ]; - }; - # "cn={1}ttrss,cn=schema".attrs = { - # cn = "{1}ttrss"; - # objectClass = "olcSchemaConfig"; - # olcObjectClasses = [ - # '' - # ( 1.3.6.1.4.1.28294.1.2.4 NAME 'ttrss' - # SUP top AUXILIARY - # DESC 'Added to an account to allow tinytinyrss access' - # MUST ( mail $ userPassword )) - # '' - # ]; - # }; - # "cn={1}prometheus,cn=schema".attrs = { - # cn = "{1}prometheus"; - # objectClass = "olcSchemaConfig"; - # olcObjectClasses = [ - # '' - # ( 1.3.6.1.4.1.28296.1.2.4 - # NAME 'prometheus' - # SUP uidObject AUXILIARY - # DESC 'Added to an account to allow prometheus access' - # MUST (mail)) - # '' - # ]; - # }; - # "cn={1}loki,cn=schema".attrs = { - # cn = "{1}loki"; - # objectClass = "olcSchemaConfig"; - # olcObjectClasses = [ - # '' - # ( 1.3.6.1.4.1.28299.1.2.4 - # NAME 'loki' - # SUP uidObject AUXILIARY - # DESC 'Added to an account to allow loki access' - # MUST (mail)) - # '' - # ]; - # }; - # "cn={1}flood,cn=schema".attrs = { - # cn = "{1}flood"; - # objectClass = "olcSchemaConfig"; - # olcObjectClasses = [ - # '' - # (1.3.6.1.4.1.28300.1.2.4 NAME 'flood' - # SUP uidObject AUXILIARY - # DESC 'Added to an account to allow flood access' - # MUST (mail)) - # '' - # ]; - # }; - }; - }; - - sops.secrets.openldap-rootpw = { - owner = "openldap"; - sopsFile = ./secrets.yaml; - }; - sops.secrets.openldap-ca = { - owner = "openldap"; - sopsFile = ./secrets.yaml; - }; - sops.secrets.openldap-cert = { - owner = "openldap"; - sopsFile = ./secrets.yaml; - }; - sops.secrets.openldap-key = { - owner = "openldap"; - sopsFile = ./secrets.yaml; - }; - - networking.firewall.allowedTCPPorts = [636]; -} diff --git a/utils/pkgs/wow-addon-manager/default.nix b/utils/pkgs/wow-addon-manager/default.nix index d2db55a..ea61590 100644 --- a/utils/pkgs/wow-addon-manager/default.nix +++ b/utils/pkgs/wow-addon-manager/default.nix @@ -1,4 +1,4 @@ -{ lib, fetchgit, buildGoModule, ... }: +{ lib, fetchFromGithub, buildGoModule, ... }: buildGoModule rec { name = "wow-addon-manager";