feat: add dex SSO service
parent
2086636237
commit
af899a7176
|
@ -130,7 +130,7 @@
|
|||
};
|
||||
users = [
|
||||
{ name = "forgejo_search";
|
||||
email = "forgejo_search@tsamsehu.perli.casa";
|
||||
mail = "forgejo_search@tsamsehu.perli.casa";
|
||||
uidnumber = 993;
|
||||
primarygroup = 5503;
|
||||
passappsha256 = [ "8adb23d6e1bd7db026a5784ff84efcbd57e4d9aea0e0798b78740a3ee335282c" ];
|
||||
|
@ -140,7 +140,7 @@
|
|||
];
|
||||
}
|
||||
{ name = "jellyfin_search";
|
||||
email = "jellyfin_search@samsehu.perli.casa";
|
||||
mail = "jellyfin_search@samsehu.perli.casa";
|
||||
uidnumber = 994;
|
||||
primarygroup = 5503;
|
||||
passappsha256 = [ "21fa12ba3e63cd4cb96f4009720d385f4d52461ae3ab70fac8dedaa6b7917ce9" ];
|
||||
|
@ -150,7 +150,7 @@
|
|||
];
|
||||
}
|
||||
{ name = "nextcloud_system_user";
|
||||
email = "nextcloud@samsehu.perli.casa";
|
||||
mail = "nextcloud@samsehu.perli.casa";
|
||||
uidnumber = 988;
|
||||
primarygroup = 5503;
|
||||
passappsha256 = [ "0f11783cdf378aa867a2b590e422f8d645fd3d7fab52fb73bac3c62a64d91651" ];
|
||||
|
@ -159,17 +159,17 @@
|
|||
object = "ou=people,dc=samsehu,dc=perli,dc=casa"; }
|
||||
];
|
||||
}
|
||||
{ name = "desttinghim";
|
||||
mail = "contact@example.com";
|
||||
uidnumber = 1001;
|
||||
primarygroup = 5501;
|
||||
otherGroups = [ 5504 5505 5506 ];
|
||||
}
|
||||
{ name = "geemili";
|
||||
mail = "contact@example.com";
|
||||
uidnumber = 1000;
|
||||
primarygroup = 5501;
|
||||
otherGroups = [ 5504 5505 5506 ];
|
||||
{ name = "dex";
|
||||
mail = "dex@samsehu.perli.casa";
|
||||
uidnumber = 988;
|
||||
primarygroup = 5503;
|
||||
passappsha256 = [ "ab473aa297a6f7c919f116a5bf3af6e11905843df0a526ffe005742335e1c9d3" ];
|
||||
capabilities = [
|
||||
{ action = "search";
|
||||
object = "ou=people,dc=samsehu,dc=perli,dc=casa"; }
|
||||
{ action = "search";
|
||||
object = "ou=groups,dc=samsehu,dc=perli,dc=casa"; }
|
||||
];
|
||||
}
|
||||
];
|
||||
groups = [
|
||||
|
@ -192,6 +192,63 @@
|
|||
};
|
||||
};
|
||||
|
||||
users.users.dex = {
|
||||
isSystemUser = true;
|
||||
group = "dex";
|
||||
};
|
||||
users.groups.dex = {};
|
||||
services.dex = {
|
||||
enable = true;
|
||||
environmentFile = config.age.secrets.DEX_ENVIRONMENT_FILE.path;
|
||||
settings = {
|
||||
issuer = "https://dex.samsehu.perli.casa";
|
||||
storage.type = "memory";
|
||||
web.http = "127.0.0.1:5556";
|
||||
|
||||
# services that can get a token from our dex instance
|
||||
staticClients = [
|
||||
{
|
||||
id = "forgejo";
|
||||
secret = "forgejo-secret";
|
||||
name = "Forgejo";
|
||||
redirectURIs = [ "https://git.samsehu.perli.casa/user/oauth2/dex/callback" ];
|
||||
}
|
||||
];
|
||||
|
||||
# authentication sources
|
||||
connectors = [
|
||||
{
|
||||
type = "ldap";
|
||||
id = "glauth";
|
||||
name = "glauth LDAP";
|
||||
config = {
|
||||
host = "127.0.0.1:3893";
|
||||
insecureNoSSL = true;
|
||||
insecureSkipVerify = true;
|
||||
startTLS = false;
|
||||
bindDN = "cn=dex,ou=apps,dc=samsehu,dc=perli,dc=casa";
|
||||
bindPW = "$DEX_GLAUTH_BIND_DN_PASSWORD";
|
||||
|
||||
userSearch = {
|
||||
baseDN = "ou=people,dc=samsehu,dc=perli,dc=casa";
|
||||
username = "cn";
|
||||
idAttr = "uid";
|
||||
emailAttr = "mail";
|
||||
};
|
||||
|
||||
groupSearch = {
|
||||
baseDN = "ou=groups,dc=samsehu,dc=perli,dc=casa";
|
||||
userMatchers = [
|
||||
{ userAttr = "cn"; groupAttr = "uniqueMember"; }
|
||||
];
|
||||
nameAttr = "ou";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.blocky = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
@ -346,6 +403,7 @@
|
|||
'';
|
||||
|
||||
virtualHosts."jellyfin.samsehu.perli.casa".extraConfig = ''
|
||||
bind 100.64.0.3 192.168.0.69
|
||||
reverse_proxy localhost:8096
|
||||
'';
|
||||
|
||||
|
@ -368,6 +426,11 @@
|
|||
bind 100.64.0.3
|
||||
reverse_proxy localhost:5555
|
||||
'';
|
||||
|
||||
virtualHosts."dex.samsehu.perli.casa".extraConfig = ''
|
||||
bind 100.64.0.3
|
||||
reverse_proxy localhost:5556
|
||||
'';
|
||||
};
|
||||
|
||||
# Headscale for access to the network while away from home
|
||||
|
@ -394,6 +457,8 @@
|
|||
{ name = "git.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "nextcloud.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "glauth.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "dex.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "jellyfin.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
|
||||
];
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue