diff options
| author |  Alexander Foremny <aforemny@posteo.de> | 2024-02-23 08:07:11 +0100 |
|---|---|---|
| committer | Alexander Foremny <aforemny@posteo.de> | 2024-02-26 04:36:24 +0100 |
| commit | 597ec76b7cb1527b1df215548a8f50bddccd8606 (patch) | |
| tree | 9ea88686f3b15689e222a1d286a6726f6ce59ace /apps/static-users | |
| parent | d2873fe0f6a117d7157c2a6f204a864f9edeb668 (diff) | |
apps/authelia: init
Diffstat (limited to 'apps/static-users')
| -rw-r--r-- | apps/static-users/appspec.nix | 17 | ||||
| -rw-r--r-- | apps/static-users/capabilities.nix | 22 | ||||
| -rw-r--r-- | apps/static-users/secrets.nix | 7 |
3 files changed, 34 insertions, 12 deletions
diff --git a/apps/static-users/appspec.nix b/apps/static-users/appspec.nix index 6ab5c7d..cb55ea7 100644 --- a/apps/static-users/appspec.nix +++ b/apps/static-users/appspec.nix @@ -1,12 +1,21 @@ -{ lib, ... }: { +{ appConfig, lib, ... }: { description = "static-users"; endOfLife = null; options.users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule { + type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { + options.passwordFile = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = "system-secrets/${appConfig.appId}/${appConfig.users.${name}.username}.password"; + }; options.publicKeyFile = lib.mkOption { - type = lib.types.path; + type = lib.types.nullOr lib.types.path; + default = null; + }; + options.username = lib.mkOption { + type = lib.types.str; + default = name; }; - }); + })); default = { }; }; } diff --git a/apps/static-users/capabilities.nix b/apps/static-users/capabilities.nix index de8d1f0..1861888 100644 --- a/apps/static-users/capabilities.nix +++ b/apps/static-users/capabilities.nix @@ -1,8 +1,14 @@ -{ appConfig, lib, ... }: -lib.concatMapAttrs - (name: attrs: lib.optionalAttrs (attrs ? publicKeyFile) { - ${name} = { - inherit (attrs) publicKeyFile; - }; - }) - appConfig.users +{ appConfig, config, lib, ... }: +{ + password-credentials = lib.concatMapAttrs + (name: attrs: lib.optionalAttrs (attrs.passwordFile != null) { + ${name} = { inherit (attrs) username passwordFile; }; + }) + # TODO appConfig should come from config to have been fully evaluated + config.fysiweb-apps.${appConfig.owner}.${appConfig.appName}.${appConfig.appInstanceName}.users; + ssh-credentials = lib.concatMapAttrs + (name: attrs: lib.optionalAttrs (attrs.publicKeyFile != null) { + ${name} = { inherit (attrs) publicKeyFile; }; + }) + appConfig.users; +} diff --git a/apps/static-users/secrets.nix b/apps/static-users/secrets.nix new file mode 100644 index 0000000..ef6f35f --- /dev/null +++ b/apps/static-users/secrets.nix @@ -0,0 +1,7 @@ +{ appConfig, lib, ... }: +lib.mapAttrsToList + (username: _: { + type = "random-string"; + path = "system-secrets/${appConfig.appId}/${username}.password"; + }) + appConfig.users |