forked from DGNum/infrastructure
feat(k-radius): Allow to enable extra mods and sites
This commit is contained in:
parent
8c14c5d2c6
commit
f9250e8886
1 changed files with 66 additions and 1 deletions
|
@ -11,6 +11,9 @@ let
|
|||
mkIf
|
||||
mkOption
|
||||
types
|
||||
mapAttrsToList
|
||||
optionalString
|
||||
zipListsWith
|
||||
;
|
||||
|
||||
settingsFormat = pkgs.formats.toml { };
|
||||
|
@ -44,6 +47,32 @@ in
|
|||
description = "File to the auth token for the service account.";
|
||||
};
|
||||
|
||||
extra-mods = mkOption {
|
||||
type = types.attrsOf types.path;
|
||||
description = "Additional files to be linked in mods-enabled.";
|
||||
default = { };
|
||||
};
|
||||
|
||||
extra-sites = mkOption {
|
||||
type = types.attrsOf types.path;
|
||||
description = "Additional files to be linked in sites-enabled.";
|
||||
default = { };
|
||||
};
|
||||
|
||||
dictionary = mkOption {
|
||||
type = types.attrsOf (
|
||||
types.enum [
|
||||
"abinary"
|
||||
"date"
|
||||
"ipaddr"
|
||||
"integer"
|
||||
"string"
|
||||
]
|
||||
);
|
||||
description = "Declare additionnal attributes to be listed in the dictionary.";
|
||||
default = { };
|
||||
};
|
||||
|
||||
radiusClients = mkOption {
|
||||
type = types.attrsOf (
|
||||
types.submodule {
|
||||
|
@ -77,6 +106,12 @@ in
|
|||
};
|
||||
|
||||
privateKeyPasswordFile = mkOption { type = types.path; };
|
||||
|
||||
checkConfiguration = mkOption {
|
||||
type = types.bool;
|
||||
description = "Check the configuration before starting the deamon. Usefull for debugging.";
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -104,6 +139,8 @@ in
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
wants = [ "network.target" ];
|
||||
startLimitIntervalSec = 20;
|
||||
startLimitBurst = 5;
|
||||
|
||||
preStart = ''
|
||||
mkdir -p ${cfg.configDir}
|
||||
|
@ -164,8 +201,35 @@ in
|
|||
sed -i ${cfg.configDir}/mods-available/eap \
|
||||
-e "s/whatever/$(cat "${cfg.privateKeyPasswordFile}")/"
|
||||
|
||||
# Build the dictionary
|
||||
cat <<EOF > ${cfg.configDir}/dictionary
|
||||
${
|
||||
let
|
||||
attrs = mapAttrsToList (name: type: { inherit name type; }) cfg.dictionary;
|
||||
idList = builtins.genList (id: 3000 + id) (builtins.length attrs);
|
||||
in
|
||||
builtins.concatStringsSep "\n" (
|
||||
zipListsWith ({ name, type }: id: "ATTRIBUTE ${name} ${toString id} ${type}") attrs idList
|
||||
)
|
||||
}
|
||||
EOF
|
||||
|
||||
# Link extra-mods
|
||||
${builtins.concatStringsSep "\n" (
|
||||
mapAttrsToList (name: path: "ln -nsf ${path} ${cfg.configDir}/mods-enabled/${name}") cfg.extra-mods
|
||||
)}
|
||||
|
||||
# Link extra-sites
|
||||
${builtins.concatStringsSep "\n" (
|
||||
mapAttrsToList (
|
||||
name: path: "ln -nsf ${path} ${cfg.configDir}/sites-enabled/${name}"
|
||||
) cfg.extra-sites
|
||||
)}
|
||||
|
||||
# Check the configuration
|
||||
# ${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout
|
||||
${
|
||||
optionalString (!cfg.checkConfiguration) "# "
|
||||
}${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout
|
||||
'';
|
||||
|
||||
path = [
|
||||
|
@ -187,6 +251,7 @@ in
|
|||
LogsDirectory = "radius";
|
||||
StateDirectory = "radius";
|
||||
RuntimeDirectory = "radius";
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
Environment = [
|
||||
"KANIDM_RLM_CONFIG=/var/lib/radius/kanidm.toml"
|
||||
"PYTHONPATH=${rlm_python.pythonPath}"
|
||||
|
|
Loading…
Reference in a new issue