Ldap WIP

2026-05-14 15:43:52 +02:00
parent 252373f956
commit 2e6c044b89
9 changed files with 70 additions and 9 deletions
--- a/modules/server/containers/apps/authentik.nix
+++ b/modules/server/containers/apps/authentik.nix
@@ -9,6 +9,7 @@ let
      AUTHENTIK_LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.hostDomain));
    } 
    // (if serverCfg.containers?jellyfin then { JELLYFIN_DOMAIN = "${serverCfg.containers.jellyfin.subdomain}.${serverCfg.hostDomain}";} else {})
+    // (if serverCfg.containers?gitea then { GITEA_DOMAIN = "${serverCfg.containers.gitea.subdomain}.${serverCfg.hostDomain}";} else {})
    // (if serverCfg.containers?nextcloud then { NEXTCLOUD_DOMAIN = "${serverCfg.containers.nextcloud.subdomain}.${serverCfg.hostDomain}";} else {});
  };
 in {
@@ -98,6 +99,7 @@ in {
      $AK apply_blueprint /blueprints/custom/traefik.yaml
      $AK apply_blueprint /blueprints/custom/ldap.yaml

+      ${lib.optionalString (serverCfg.containers ? gitea) ''$AK apply_blueprint /blueprints/custom/gitea.yaml''}
      ${lib.optionalString (serverCfg.containers ? jellyfin) ''$AK apply_blueprint /blueprints/custom/jellyfin.yaml''}
      ${lib.optionalString (serverCfg.containers ? nextcloud) ''$AK apply_blueprint /blueprints/custom/nextcloud.yaml''}

--- a/modules/server/containers/apps/gitea.nix
+++ b/modules/server/containers/apps/gitea.nix
@@ -2,6 +2,8 @@
 let 
  version = "latest";
  serverCfg = config.syscfg.server;
+
+  LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.hostDomain));
 in {
  sops = true;
  db = true;
@@ -115,6 +117,8 @@ in {

      $GT admin user create --username "$DEFAULT_ADMIN_USERNAME" --password "$DEFAULT_ADMIN_PASSWORD" --email "$DEFAULT_ADMIN_EMAIL" --admin || true

+      touch ${serverCfg.dataPath}/gitea/data-runner/config.yml
+      
      RUNNER_TOKEN=$($GT actions generate-runner-token)
      $GTR register \
        --instance "https://${containerCfg.subdomain}.${serverCfg.hostDomain}" \
@@ -124,6 +128,16 @@ in {
        --no-interactive


+      ${lib.optionalString (serverCfg.containers ? authentik) ''
+      # --port 636 
+      $GT admin add_ldap --id 1 --name Authentik --host "authentik-ldap" --port 3389 --security-protocol "unencrypted" \
+          --bind-dn "cn=ldap-service,ou=users,${LDAP_DC_DOMAIN}" --bind-password $LDAP_PASSWORD \
+          --user-search-base "ou=users,${LDAP_DC_DOMAIN}" --user-filter "(|(username=%s)(email=%s))" \
+          --username-attribute "username" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail" \
+          --synchronize-users
+      ''}
+
+
      echo "Completed Gitea Setup"
      '';
  };
--- a/modules/server/containers/apps/jellyfin.nix
+++ b/modules/server/containers/apps/jellyfin.nix
@@ -9,7 +9,7 @@ let
      "jellyfin:x:1000:"
    ];
  };
-  image = pkgs.dockerTools.buildImage{#pkgs.dockerTools.streamLayeredImage { # 
+  image = pkgs.dockerTools.streamLayeredImage { # pkgs.dockerTools.buildImage{#
    name = pkgs.jellyfin.name;
    tag = pkgs.jellyfin.version;  
    contents = [ pkgs.cacert nss pkgs.jellyfin pkgs.bashInteractive ];
@@ -48,8 +48,7 @@ in {
  containers = {
    server = builder.mkContainer {
      subdomain = containerCfg.subdomain;
-      #imageStream = image;
-      imageFile = image;
+      imageStream = image;
      port = 8096;
      extraEnv = {
        HOME = "/config/data";
@@ -147,6 +146,14 @@ in {
        echo "ERROR: LDAP Plugin Setup Failed."
        exit 1
      fi
+
+      if ! ${pkgs.curl}/bin/curl -sSf -X POST "$JELLYFIN_URL/System/Restart" \
+          -H "Authorization: MediaBrowser Token=\"$JELLYFIN_TOKEN\"" \
+          -H "Content-Length: 0"; then
+        echo "ERROR: Server failed to accept restart command."
+        exit 1
+      fi
+
      echo "Completed Setup"

    '';