forked from DGNum/infrastructure
feat(k-radius): Allow to enable extra mods and sites
This commit is contained in:
parent
8c14c5d2c6
commit
f9250e8886
1 changed files with 66 additions and 1 deletions
|
@ -11,6 +11,9 @@ let
|
||||||
mkIf
|
mkIf
|
||||||
mkOption
|
mkOption
|
||||||
types
|
types
|
||||||
|
mapAttrsToList
|
||||||
|
optionalString
|
||||||
|
zipListsWith
|
||||||
;
|
;
|
||||||
|
|
||||||
settingsFormat = pkgs.formats.toml { };
|
settingsFormat = pkgs.formats.toml { };
|
||||||
|
@ -44,6 +47,32 @@ in
|
||||||
description = "File to the auth token for the service account.";
|
description = "File to the auth token for the service account.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extra-mods = mkOption {
|
||||||
|
type = types.attrsOf types.path;
|
||||||
|
description = "Additional files to be linked in mods-enabled.";
|
||||||
|
default = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
extra-sites = mkOption {
|
||||||
|
type = types.attrsOf types.path;
|
||||||
|
description = "Additional files to be linked in sites-enabled.";
|
||||||
|
default = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
dictionary = mkOption {
|
||||||
|
type = types.attrsOf (
|
||||||
|
types.enum [
|
||||||
|
"abinary"
|
||||||
|
"date"
|
||||||
|
"ipaddr"
|
||||||
|
"integer"
|
||||||
|
"string"
|
||||||
|
]
|
||||||
|
);
|
||||||
|
description = "Declare additionnal attributes to be listed in the dictionary.";
|
||||||
|
default = { };
|
||||||
|
};
|
||||||
|
|
||||||
radiusClients = mkOption {
|
radiusClients = mkOption {
|
||||||
type = types.attrsOf (
|
type = types.attrsOf (
|
||||||
types.submodule {
|
types.submodule {
|
||||||
|
@ -77,6 +106,12 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
privateKeyPasswordFile = mkOption { type = types.path; };
|
privateKeyPasswordFile = mkOption { type = types.path; };
|
||||||
|
|
||||||
|
checkConfiguration = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
description = "Check the configuration before starting the deamon. Usefull for debugging.";
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
@ -104,6 +139,8 @@ in
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wants = [ "network.target" ];
|
wants = [ "network.target" ];
|
||||||
|
startLimitIntervalSec = 20;
|
||||||
|
startLimitBurst = 5;
|
||||||
|
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -p ${cfg.configDir}
|
mkdir -p ${cfg.configDir}
|
||||||
|
@ -164,8 +201,35 @@ in
|
||||||
sed -i ${cfg.configDir}/mods-available/eap \
|
sed -i ${cfg.configDir}/mods-available/eap \
|
||||||
-e "s/whatever/$(cat "${cfg.privateKeyPasswordFile}")/"
|
-e "s/whatever/$(cat "${cfg.privateKeyPasswordFile}")/"
|
||||||
|
|
||||||
|
# Build the dictionary
|
||||||
|
cat <<EOF > ${cfg.configDir}/dictionary
|
||||||
|
${
|
||||||
|
let
|
||||||
|
attrs = mapAttrsToList (name: type: { inherit name type; }) cfg.dictionary;
|
||||||
|
idList = builtins.genList (id: 3000 + id) (builtins.length attrs);
|
||||||
|
in
|
||||||
|
builtins.concatStringsSep "\n" (
|
||||||
|
zipListsWith ({ name, type }: id: "ATTRIBUTE ${name} ${toString id} ${type}") attrs idList
|
||||||
|
)
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Link extra-mods
|
||||||
|
${builtins.concatStringsSep "\n" (
|
||||||
|
mapAttrsToList (name: path: "ln -nsf ${path} ${cfg.configDir}/mods-enabled/${name}") cfg.extra-mods
|
||||||
|
)}
|
||||||
|
|
||||||
|
# Link extra-sites
|
||||||
|
${builtins.concatStringsSep "\n" (
|
||||||
|
mapAttrsToList (
|
||||||
|
name: path: "ln -nsf ${path} ${cfg.configDir}/sites-enabled/${name}"
|
||||||
|
) cfg.extra-sites
|
||||||
|
)}
|
||||||
|
|
||||||
# Check the configuration
|
# Check the configuration
|
||||||
# ${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout
|
${
|
||||||
|
optionalString (!cfg.checkConfiguration) "# "
|
||||||
|
}${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout
|
||||||
'';
|
'';
|
||||||
|
|
||||||
path = [
|
path = [
|
||||||
|
@ -187,6 +251,7 @@ in
|
||||||
LogsDirectory = "radius";
|
LogsDirectory = "radius";
|
||||||
StateDirectory = "radius";
|
StateDirectory = "radius";
|
||||||
RuntimeDirectory = "radius";
|
RuntimeDirectory = "radius";
|
||||||
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||||
Environment = [
|
Environment = [
|
||||||
"KANIDM_RLM_CONFIG=/var/lib/radius/kanidm.toml"
|
"KANIDM_RLM_CONFIG=/var/lib/radius/kanidm.toml"
|
||||||
"PYTHONPATH=${rlm_python.pythonPath}"
|
"PYTHONPATH=${rlm_python.pythonPath}"
|
||||||
|
|
Loading…
Reference in a new issue