From 9aabdedb832930a1d32fca26273e0eeb3d3235e6 Mon Sep 17 00:00:00 2001
From: catvayor <catvayor@katvayor.net>
Date: Sun, 4 May 2025 00:17:27 +0200
Subject: [PATCH] fix(vault01/radius): add configuration declaration

---
 machines/nixos/vault01/k-radius/default.nix   |  2 +-
 .../packages/04-request-dgsi-vlan.patch       | 22 +++++++++++++++----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/machines/nixos/vault01/k-radius/default.nix b/machines/nixos/vault01/k-radius/default.nix
index 63f71a5..da90903 100644
--- a/machines/nixos/vault01/k-radius/default.nix
+++ b/machines/nixos/vault01/k-radius/default.nix
@@ -39,7 +39,7 @@
       # before they can authenticate via RADIUS.
       radius_required_groups = [ "radius_access@sso.dgnum.eu" ];
 
-      dgsi_endpoint = "https://profil.dgnum.eu/api/user/";
+      dgsi_endpoint = "https://profil.dgnum.eu/api/user";
     };
 
     authTokenFile = config.age.secrets."radius-auth_token_file".path;
diff --git a/machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch b/machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch
index 025ed77..4802c65 100644
--- a/machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch
+++ b/machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch
@@ -1,5 +1,5 @@
 diff --git a/pykanidm/kanidm/radius/__init__.py b/pykanidm/kanidm/radius/__init__.py
-index e707cf602..167d8e006 100644
+index e707cf602..1eeca862c 100644
 --- a/kanidm/radius/__init__.py
 +++ b/kanidm/radius/__init__.py
 @@ -8,6 +8,7 @@ import logging
@@ -32,11 +32,11 @@ index e707cf602..167d8e006 100644
 +    dgsi_info = requests.get(kanidm_client.config.dgsi_endpoint + "/" + name, headers={
 +            "Authorization": "Token " + kanidm_client.config.dgsi_token
 +        })
-+    if dgsi_info.status != 200:
-+        logging.error("dgsi: error getting vlan of %s : %s.", name, dgsi_info.status)
++    if dgsi_info.status_code != 200:
++        logging.error("dgsi: error getting vlan of %s : %s.", name, dgsi_info.status_code)
 +        return radiusd.RLM_MODULE_FAIL
 +
-+    uservlan: int = dgsi_info.json().get("vlan_id", default=kanidm_client.config.radius_default_vlan);
++    uservlan: int = dgsi_info.json().get("vlan_id", kanidm_client.config.radius_default_vlan);
 +
      if uservlan == int(0):
          logging.info("Invalid uservlan of 0")
@@ -84,6 +84,20 @@ index cbd3fe1f0..000000000
 -            return radius_group.vlan
 -    logging.debug("returning already set vlan: %s", acc)
 -    return acc
+diff --git a/pykanidm/kanidm/types.py b/pykanidm/kanidm/types.py
+index 2f9bf209d..8755b290d 100644
+--- a/kanidm/types.py
++++ b/kanidm/types.py
+@@ -179,6 +179,9 @@ class KanidmClientConfig(BaseModel):
+     radius_groups: List[RadiusGroup] = []
+     radius_clients: List[RadiusClient] = []
+ 
++    dgsi_endpoint: str = ""
++    dgsi_token: str = ""
++
+     connect_timeout: int = 30
+ 
+     @classmethod
 -- 
 2.48.1