diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-01-27 18:01:49 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-27 18:01:49 +0000 |
commit | a390a2178d0bd383f3fedb5733dd05a3ea0ac5d2 (patch) | |
tree | 54bcb81ea23868287cc1437a4c41a3023501d8c5 /nixos | |
parent | 4b5f8e5995bcd4862957f015885db0cbee0b4651 (diff) | |
parent | c42449612c3abc9b4b5339c0d6aff05bc29ec039 (diff) | |
download | nixlib-a390a2178d0bd383f3fedb5733dd05a3ea0ac5d2.tar nixlib-a390a2178d0bd383f3fedb5733dd05a3ea0ac5d2.tar.gz nixlib-a390a2178d0bd383f3fedb5733dd05a3ea0ac5d2.tar.bz2 nixlib-a390a2178d0bd383f3fedb5733dd05a3ea0ac5d2.tar.lz nixlib-a390a2178d0bd383f3fedb5733dd05a3ea0ac5d2.tar.xz nixlib-a390a2178d0bd383f3fedb5733dd05a3ea0ac5d2.tar.zst nixlib-a390a2178d0bd383f3fedb5733dd05a3ea0ac5d2.zip |
Merge staging-next into staging
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/hardware/ratbagd.nix | 8 | ||||
-rw-r--r-- | nixos/modules/services/misc/portunus.nix | 95 | ||||
-rw-r--r-- | nixos/tests/pomerium.nix | 4 |
3 files changed, 61 insertions, 46 deletions
diff --git a/nixos/modules/services/hardware/ratbagd.nix b/nixos/modules/services/hardware/ratbagd.nix index c939d5e40a24..5567bcbafd16 100644 --- a/nixos/modules/services/hardware/ratbagd.nix +++ b/nixos/modules/services/hardware/ratbagd.nix @@ -11,6 +11,8 @@ in options = { services.ratbagd = { enable = mkEnableOption (lib.mdDoc "ratbagd for configuring gaming mice"); + + package = mkPackageOption pkgs "libratbag" { }; }; }; @@ -18,10 +20,10 @@ in config = mkIf cfg.enable { # Give users access to the "ratbagctl" tool - environment.systemPackages = [ pkgs.libratbag ]; + environment.systemPackages = [ cfg.package ]; - services.dbus.packages = [ pkgs.libratbag ]; + services.dbus.packages = [ cfg.package ]; - systemd.packages = [ pkgs.libratbag ]; + systemd.packages = [ cfg.package ]; }; } diff --git a/nixos/modules/services/misc/portunus.nix b/nixos/modules/services/misc/portunus.nix index 47af24f024cd..ebb3bc8f0851 100644 --- a/nixos/modules/services/misc/portunus.nix +++ b/nixos/modules/services/misc/portunus.nix @@ -37,6 +37,15 @@ in ''; }; + seedSettings = lib.mkOption { + type = with lib.types; nullOr (attrsOf (listOf (attrsOf anything))); + default = null; + description = lib.mdDoc '' + Seed settings for users and groups. + See upstream for format <https://github.com/majewsky/portunus#seeding-users-and-groups-from-static-configuration> + ''; + }; + stateDir = mkOption { type = types.path; default = "/var/lib/portunus"; @@ -172,49 +181,53 @@ in "127.0.0.1" = [ cfg.domain ]; }; - services.dex = mkIf cfg.dex.enable { - enable = true; - settings = { - issuer = "https://${cfg.domain}/dex"; - web.http = "127.0.0.1:${toString cfg.dex.port}"; - storage = { - type = "sqlite3"; - config.file = "/var/lib/dex/dex.db"; - }; - enablePasswordDB = false; - connectors = [{ - type = "ldap"; - id = "ldap"; - name = "LDAP"; - config = { - host = "${cfg.domain}:636"; - bindDN = "uid=${cfg.ldap.searchUserName},ou=users,${cfg.ldap.suffix}"; - bindPW = "$DEX_SEARCH_USER_PASSWORD"; - userSearch = { - baseDN = "ou=users,${cfg.ldap.suffix}"; - filter = "(objectclass=person)"; - username = "uid"; - idAttr = "uid"; - emailAttr = "mail"; - nameAttr = "cn"; - preferredUsernameAttr = "uid"; - }; - groupSearch = { - baseDN = "ou=groups,${cfg.ldap.suffix}"; - filter = "(objectclass=groupOfNames)"; - nameAttr = "cn"; - userMatchers = [{ userAttr = "DN"; groupAttr = "member"; }]; - }; + services = { + dex = mkIf cfg.dex.enable { + enable = true; + settings = { + issuer = "https://${cfg.domain}/dex"; + web.http = "127.0.0.1:${toString cfg.dex.port}"; + storage = { + type = "sqlite3"; + config.file = "/var/lib/dex/dex.db"; }; - }]; - - staticClients = forEach cfg.dex.oidcClients (client: { - inherit (client) id; - redirectURIs = [ client.callbackURL ]; - name = "OIDC for ${client.id}"; - secretEnv = "DEX_CLIENT_${client.id}"; - }); + enablePasswordDB = false; + connectors = [{ + type = "ldap"; + id = "ldap"; + name = "LDAP"; + config = { + host = "${cfg.domain}:636"; + bindDN = "uid=${cfg.ldap.searchUserName},ou=users,${cfg.ldap.suffix}"; + bindPW = "$DEX_SEARCH_USER_PASSWORD"; + userSearch = { + baseDN = "ou=users,${cfg.ldap.suffix}"; + filter = "(objectclass=person)"; + username = "uid"; + idAttr = "uid"; + emailAttr = "mail"; + nameAttr = "cn"; + preferredUsernameAttr = "uid"; + }; + groupSearch = { + baseDN = "ou=groups,${cfg.ldap.suffix}"; + filter = "(objectclass=groupOfNames)"; + nameAttr = "cn"; + userMatchers = [{ userAttr = "DN"; groupAttr = "member"; }]; + }; + }; + }]; + + staticClients = forEach cfg.dex.oidcClients (client: { + inherit (client) id; + redirectURIs = [ client.callbackURL ]; + name = "OIDC for ${client.id}"; + secretEnv = "DEX_CLIENT_${client.id}"; + }); + }; }; + + portunus.seedPath = lib.mkIf (cfg.seedSettings != null) (pkgs.writeText "seed.json" (builtins.toJSON cfg.seedSettings)); }; systemd.services = { diff --git a/nixos/tests/pomerium.nix b/nixos/tests/pomerium.nix index abaf56c518e0..d0204488e8ef 100644 --- a/nixos/tests/pomerium.nix +++ b/nixos/tests/pomerium.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "pomerium"; meta = with lib.maintainers; { - maintainers = [ lukegb ]; + maintainers = [ lukegb devusb ]; }; nodes = let base = myIP: { pkgs, lib, ... }: { @@ -103,7 +103,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { with subtest("ui"): pomerium.succeed( # check for a string that only appears if the UI is displayed correctly - "chromium --no-sandbox --headless --disable-gpu --dump-dom --host-resolver-rules='MAP login.required 127.0.0.1:80' http://login.required/.pomerium | grep 'contact your administrator'" + "chromium --no-sandbox --headless --disable-gpu --dump-dom --host-resolver-rules='MAP login.required 127.0.0.1:80' http://login.required/.pomerium | grep 'User Details Not Available'" ) ''; }) |