forked from DGNum/infrastructure
83 lines
2.8 KiB
Nix
83 lines
2.8 KiB
Nix
{ pkgs, ... }@args:
|
|
pkgs.writeText "mod-dhcp_sql" ''
|
|
sql dhcp_sql {
|
|
dialect = "sqlite"
|
|
driver = "rlm_sql_''${dialect}"
|
|
|
|
sqlite {
|
|
filename = "/tmp/freeradius.db"
|
|
busy_timeout = 200
|
|
bootstrap = "${import ./dhcp-sqlsquema.nix args}"
|
|
}
|
|
|
|
radius_db = "radius"
|
|
|
|
read_groups = no
|
|
|
|
pool {
|
|
start = ''${thread[pool].start_servers}
|
|
min = ''${thread[pool].min_spare_servers}
|
|
max = ''${thread[pool].max_servers}
|
|
spare = ''${thread[pool].max_spare_servers}
|
|
uses = 0
|
|
retry_delay = 30
|
|
lifetime = 0
|
|
idle_timeout = 60
|
|
}
|
|
|
|
group_attribute = "''${.:instance}-SQL-Group"
|
|
|
|
# -*- text -*-
|
|
#
|
|
# dhcp/sqlite/queries.conf -- SQLite configuration for DHCP schema (schema.sql)
|
|
#
|
|
# $Id: 0cc720220d237d98934dd23173ccb4e09bd0cb01 $
|
|
|
|
# Safe characters list for sql queries. Everything else is replaced
|
|
# with their mime-encoded equivalents.
|
|
# The default list should be ok
|
|
# safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
|
|
|
|
#######################################################################
|
|
# Query config: Identifier
|
|
#######################################################################
|
|
# This is the identifier that will get substituted, escaped, and added
|
|
# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used
|
|
# below everywhere an identifier substitution is needed so you you can
|
|
# be sure the identifier passed from the client is escaped properly.
|
|
#
|
|
sql_user_name = "%{control:DHCP-SQL-Option-Identifier}"
|
|
|
|
#######################################################################
|
|
# Attribute Lookup Queries
|
|
#######################################################################
|
|
# These queries setup the reply items in ''${dhcpreply_table} and
|
|
# ''${group_reply_query}. You can use any query/tables you want, but
|
|
# the return data for each row MUST be in the following order:
|
|
#
|
|
# 0. Row ID (currently unused)
|
|
# 1. Identifier
|
|
# 2. Item Attr Name
|
|
# 3. Item Attr Value
|
|
# 4. Item Attr Operation
|
|
#######################################################################
|
|
|
|
authorize_reply_query = "\
|
|
SELECT id, identifier, attribute, value, op \
|
|
FROM dhcpreply \
|
|
WHERE identifier = '%{SQL-User-Name}' AND context = '%{control:DHCP-SQL-Option-Context}' \
|
|
ORDER BY id"
|
|
|
|
authorize_group_reply_query = "\
|
|
SELECT id, groupname, attribute, value, op \
|
|
FROM dhcpgroupreply \
|
|
WHERE groupname = '%{''${group_attribute}}' AND context = '%{control:DHCP-SQL-Option-Context}' \
|
|
ORDER BY id"
|
|
|
|
group_membership_query = "\
|
|
SELECT groupname \
|
|
FROM dhcpgroup \
|
|
WHERE identifier='%{SQL-User-Name}' AND context = '%{control:DHCP-SQL-Option-Context}' \
|
|
ORDER BY priority"
|
|
}
|
|
''
|