Ldap WIP

modules/server/containers/apps/gitea.nix

@@ -2,6 +2,8 @@
 let 
   version = "latest";
   serverCfg = config.syscfg.server;
+
+  LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.hostDomain));
 in {
   sops = true;
   db = true;
@@ -115,6 +117,8 @@ in {
 
       $GT admin user create --username "$DEFAULT_ADMIN_USERNAME" --password "$DEFAULT_ADMIN_PASSWORD" --email "$DEFAULT_ADMIN_EMAIL" --admin || true
 
+      touch ${serverCfg.dataPath}/gitea/data-runner/config.yml
+      
       RUNNER_TOKEN=$($GT actions generate-runner-token)
       $GTR register \
         --instance "https://${containerCfg.subdomain}.${serverCfg.hostDomain}" \
@@ -124,6 +128,16 @@ in {
         --no-interactive
 
 
+      ${lib.optionalString (serverCfg.containers ? authentik) ''
+      # --port 636 
+      $GT admin add_ldap --id 1 --name Authentik --host "authentik-ldap" --port 3389 --security-protocol "unencrypted" \
+          --bind-dn "cn=ldap-service,ou=users,${LDAP_DC_DOMAIN}" --bind-password $LDAP_PASSWORD \
+          --user-search-base "ou=users,${LDAP_DC_DOMAIN}" --user-filter "(|(username=%s)(email=%s))" \
+          --username-attribute "username" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail" \
+          --synchronize-users
+      ''}
+
+
       echo "Completed Gitea Setup"
       '';
   };