feat: add dex SSO service
parent
2086636237
commit
af899a7176
|
@ -130,7 +130,7 @@
|
||||||
};
|
};
|
||||||
users = [
|
users = [
|
||||||
{ name = "forgejo_search";
|
{ name = "forgejo_search";
|
||||||
email = "forgejo_search@tsamsehu.perli.casa";
|
mail = "forgejo_search@tsamsehu.perli.casa";
|
||||||
uidnumber = 993;
|
uidnumber = 993;
|
||||||
primarygroup = 5503;
|
primarygroup = 5503;
|
||||||
passappsha256 = [ "8adb23d6e1bd7db026a5784ff84efcbd57e4d9aea0e0798b78740a3ee335282c" ];
|
passappsha256 = [ "8adb23d6e1bd7db026a5784ff84efcbd57e4d9aea0e0798b78740a3ee335282c" ];
|
||||||
|
@ -140,7 +140,7 @@
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{ name = "jellyfin_search";
|
{ name = "jellyfin_search";
|
||||||
email = "jellyfin_search@samsehu.perli.casa";
|
mail = "jellyfin_search@samsehu.perli.casa";
|
||||||
uidnumber = 994;
|
uidnumber = 994;
|
||||||
primarygroup = 5503;
|
primarygroup = 5503;
|
||||||
passappsha256 = [ "21fa12ba3e63cd4cb96f4009720d385f4d52461ae3ab70fac8dedaa6b7917ce9" ];
|
passappsha256 = [ "21fa12ba3e63cd4cb96f4009720d385f4d52461ae3ab70fac8dedaa6b7917ce9" ];
|
||||||
|
@ -150,7 +150,7 @@
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{ name = "nextcloud_system_user";
|
{ name = "nextcloud_system_user";
|
||||||
email = "nextcloud@samsehu.perli.casa";
|
mail = "nextcloud@samsehu.perli.casa";
|
||||||
uidnumber = 988;
|
uidnumber = 988;
|
||||||
primarygroup = 5503;
|
primarygroup = 5503;
|
||||||
passappsha256 = [ "0f11783cdf378aa867a2b590e422f8d645fd3d7fab52fb73bac3c62a64d91651" ];
|
passappsha256 = [ "0f11783cdf378aa867a2b590e422f8d645fd3d7fab52fb73bac3c62a64d91651" ];
|
||||||
|
@ -159,17 +159,17 @@
|
||||||
object = "ou=people,dc=samsehu,dc=perli,dc=casa"; }
|
object = "ou=people,dc=samsehu,dc=perli,dc=casa"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{ name = "desttinghim";
|
{ name = "dex";
|
||||||
mail = "contact@example.com";
|
mail = "dex@samsehu.perli.casa";
|
||||||
uidnumber = 1001;
|
uidnumber = 988;
|
||||||
primarygroup = 5501;
|
primarygroup = 5503;
|
||||||
otherGroups = [ 5504 5505 5506 ];
|
passappsha256 = [ "ab473aa297a6f7c919f116a5bf3af6e11905843df0a526ffe005742335e1c9d3" ];
|
||||||
}
|
capabilities = [
|
||||||
{ name = "geemili";
|
{ action = "search";
|
||||||
mail = "contact@example.com";
|
object = "ou=people,dc=samsehu,dc=perli,dc=casa"; }
|
||||||
uidnumber = 1000;
|
{ action = "search";
|
||||||
primarygroup = 5501;
|
object = "ou=groups,dc=samsehu,dc=perli,dc=casa"; }
|
||||||
otherGroups = [ 5504 5505 5506 ];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
groups = [
|
groups = [
|
||||||
|
@ -192,6 +192,63 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.dex = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "dex";
|
||||||
|
};
|
||||||
|
users.groups.dex = {};
|
||||||
|
services.dex = {
|
||||||
|
enable = true;
|
||||||
|
environmentFile = config.age.secrets.DEX_ENVIRONMENT_FILE.path;
|
||||||
|
settings = {
|
||||||
|
issuer = "https://dex.samsehu.perli.casa";
|
||||||
|
storage.type = "memory";
|
||||||
|
web.http = "127.0.0.1:5556";
|
||||||
|
|
||||||
|
# services that can get a token from our dex instance
|
||||||
|
staticClients = [
|
||||||
|
{
|
||||||
|
id = "forgejo";
|
||||||
|
secret = "forgejo-secret";
|
||||||
|
name = "Forgejo";
|
||||||
|
redirectURIs = [ "https://git.samsehu.perli.casa/user/oauth2/dex/callback" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
# authentication sources
|
||||||
|
connectors = [
|
||||||
|
{
|
||||||
|
type = "ldap";
|
||||||
|
id = "glauth";
|
||||||
|
name = "glauth LDAP";
|
||||||
|
config = {
|
||||||
|
host = "127.0.0.1:3893";
|
||||||
|
insecureNoSSL = true;
|
||||||
|
insecureSkipVerify = true;
|
||||||
|
startTLS = false;
|
||||||
|
bindDN = "cn=dex,ou=apps,dc=samsehu,dc=perli,dc=casa";
|
||||||
|
bindPW = "$DEX_GLAUTH_BIND_DN_PASSWORD";
|
||||||
|
|
||||||
|
userSearch = {
|
||||||
|
baseDN = "ou=people,dc=samsehu,dc=perli,dc=casa";
|
||||||
|
username = "cn";
|
||||||
|
idAttr = "uid";
|
||||||
|
emailAttr = "mail";
|
||||||
|
};
|
||||||
|
|
||||||
|
groupSearch = {
|
||||||
|
baseDN = "ou=groups,dc=samsehu,dc=perli,dc=casa";
|
||||||
|
userMatchers = [
|
||||||
|
{ userAttr = "cn"; groupAttr = "uniqueMember"; }
|
||||||
|
];
|
||||||
|
nameAttr = "ou";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.blocky = {
|
services.blocky = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
|
@ -346,6 +403,7 @@
|
||||||
'';
|
'';
|
||||||
|
|
||||||
virtualHosts."jellyfin.samsehu.perli.casa".extraConfig = ''
|
virtualHosts."jellyfin.samsehu.perli.casa".extraConfig = ''
|
||||||
|
bind 100.64.0.3 192.168.0.69
|
||||||
reverse_proxy localhost:8096
|
reverse_proxy localhost:8096
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
@ -368,6 +426,11 @@
|
||||||
bind 100.64.0.3
|
bind 100.64.0.3
|
||||||
reverse_proxy localhost:5555
|
reverse_proxy localhost:5555
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
virtualHosts."dex.samsehu.perli.casa".extraConfig = ''
|
||||||
|
bind 100.64.0.3
|
||||||
|
reverse_proxy localhost:5556
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# Headscale for access to the network while away from home
|
# Headscale for access to the network while away from home
|
||||||
|
@ -394,6 +457,8 @@
|
||||||
{ name = "git.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
{ name = "git.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
||||||
{ name = "nextcloud.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
{ name = "nextcloud.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
||||||
{ name = "glauth.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
{ name = "glauth.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
||||||
|
{ name = "dex.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
||||||
|
{ name = "jellyfin.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue