DGNum/infrastructure
10
6
Fork 3
Code Issues 24 Pull requests 19 Projects 1 Releases Packages Wiki Activity Actions

fix(vault01/radius): add configuration declaration
All checks were successful
Check meta / check_dns (pull_request) Successful in 15s
Details
Check meta / check_meta (pull_request) Successful in 15s
Details
Run pre-commit on all files / pre-commit (pull_request) Successful in 29s
Details
Check workflows / check_workflows (pull_request) Successful in 17s
Details
Build all the nodes / ap01 (pull_request) Successful in 36s
Details
Build all the nodes / bridge01 (pull_request) Successful in 58s
Details
Build all the nodes / build01 (pull_request) Successful in 1m3s
Details
Build all the nodes / cof02 (pull_request) Successful in 1m3s
Details
Build all the nodes / compute01 (pull_request) Successful in 1m24s
Details
Build all the nodes / geo01 (pull_request) Successful in 1m14s
Details
Build all the nodes / geo02 (pull_request) Successful in 55s
Details
Build all the nodes / hypervisor01 (pull_request) Successful in 55s
Details
Build all the nodes / hypervisor02 (pull_request) Successful in 54s
Details
Build all the nodes / hypervisor03 (pull_request) Successful in 54s
Details
Build all the nodes / iso (pull_request) Successful in 1m4s
Details
Build all the nodes / krz01 (pull_request) Successful in 1m37s
Details
Build all the nodes / lab-router01 (pull_request) Successful in 55s
Details
Build all the nodes / netaccess01 (pull_request) Successful in 21s
Details
Build all the nodes / netcore00 (pull_request) Successful in 22s
Details
Build all the nodes / netcore01 (pull_request) Successful in 22s
Details
Build all the nodes / netcore02 (pull_request) Successful in 22s
Details
Build all the nodes / rescue01 (pull_request) Successful in 1m10s
Details
Build all the nodes / storage01 (pull_request) Successful in 1m24s
Details
Build all the nodes / tower01 (pull_request) Successful in 54s
Details
Build all the nodes / vault01 (pull_request) Successful in 1m17s
Details
Build all the nodes / web01 (pull_request) Successful in 1m19s
Details
Build all the nodes / web02 (pull_request) Successful in 58s
Details
Build the shell / build-shell (pull_request) Successful in 24s
Details
Build all the nodes / web03 (pull_request) Successful in 1m2s
Details
Build all the nodes / ap01 (push) Successful in 38s
Details
Build all the nodes / bridge01 (push) Successful in 57s
Details
Build all the nodes / build01 (push) Successful in 1m3s
Details
Build all the nodes / cof02 (push) Successful in 1m0s
Details
Build all the nodes / geo01 (push) Successful in 56s
Details
Build all the nodes / compute01 (push) Successful in 1m25s
Details
Build all the nodes / geo02 (push) Successful in 54s
Details
Build all the nodes / hypervisor01 (push) Successful in 55s
Details
Build all the nodes / hypervisor02 (push) Successful in 56s
Details
Build all the nodes / hypervisor03 (push) Successful in 57s
Details
Build all the nodes / iso (push) Successful in 1m6s
Details
Build all the nodes / netaccess01 (push) Successful in 22s
Details
Build all the nodes / netcore00 (push) Successful in 23s
Details
Build all the nodes / netcore01 (push) Successful in 23s
Details
Build all the nodes / netcore02 (push) Successful in 23s
Details
Build all the nodes / lab-router01 (push) Successful in 58s
Details
Build all the nodes / krz01 (push) Successful in 1m42s
Details
Build all the nodes / tower01 (push) Successful in 59s
Details
Build all the nodes / rescue01 (push) Successful in 1m15s
Details
Build all the nodes / vault01 (push) Successful in 1m6s
Details
Build all the nodes / storage01 (push) Successful in 1m37s
Details
Build the shell / build-shell (push) Successful in 24s
Details
Build all the nodes / web01 (push) Successful in 1m24s
Details
Build all the nodes / web02 (push) Successful in 59s
Details
Build all the nodes / web03 (push) Successful in 1m5s
Details
Run pre-commit on all files / pre-commit (push) Successful in 32s
Details
Check workflows / check_workflows (push) Successful in 20s
Details

Browse source
This commit is contained in:
catvayor 2025-05-04 00:17:27 +02:00
parent 40f5fc2a55
commit 9aabdedb83
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
2 changed files with 19 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
machines/nixos/vault01/k-radius/default.nix
View file

@ -39,7 +39,7 @@
# before they can authenticate via RADIUS.
radius_required_groups = [ "radius_access@sso.dgnum.eu" ];
dgsi_endpoint = "https://profil.dgnum.eu/api/user/";
dgsi_endpoint = "https://profil.dgnum.eu/api/user";
};
authTokenFile = config.age.secrets."radius-auth_token_file".path;

22
machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch
View file

@ -1,5 +1,5 @@
diff --git a/pykanidm/kanidm/radius/__init__.py b/pykanidm/kanidm/radius/__init__.py
index e707cf602..167d8e006 100644
index e707cf602..1eeca862c 100644
--- a/kanidm/radius/__init__.py
+++ b/kanidm/radius/__init__.py
@@ -8,6 +8,7 @@ import logging
@ -32,11 +32,11 @@ index e707cf602..167d8e006 100644
+ dgsi_info = requests.get(kanidm_client.config.dgsi_endpoint + "/" + name, headers={
+ "Authorization": "Token " + kanidm_client.config.dgsi_token
+ })
+ if dgsi_info.status != 200:
+ logging.error("dgsi: error getting vlan of %s : %s.", name, dgsi_info.status)
+ if dgsi_info.status_code != 200:
+ logging.error("dgsi: error getting vlan of %s : %s.", name, dgsi_info.status_code)
+ return radiusd.RLM_MODULE_FAIL
+
+ uservlan: int = dgsi_info.json().get("vlan_id", default=kanidm_client.config.radius_default_vlan);
+ uservlan: int = dgsi_info.json().get("vlan_id", kanidm_client.config.radius_default_vlan);
+
if uservlan == int(0):
logging.info("Invalid uservlan of 0")
@ -84,6 +84,20 @@ index cbd3fe1f0..000000000
- return radius_group.vlan
- logging.debug("returning already set vlan: %s", acc)
- return acc
diff --git a/pykanidm/kanidm/types.py b/pykanidm/kanidm/types.py
index 2f9bf209d..8755b290d 100644
--- a/kanidm/types.py
+++ b/kanidm/types.py
@@ -179,6 +179,9 @@ class KanidmClientConfig(BaseModel):
radius_groups: List[RadiusGroup] = []
radius_clients: List[RadiusClient] = []
+ dgsi_endpoint: str = ""
+ dgsi_token: str = ""
+
connect_timeout: int = 30
@classmethod
--
2.48.1