infrastructure/machines/vault01/k-radius/mod-dhcp_sql.nix
catvayor e9c5489bc2 feat(dhcp): dhcp configuration
limit to 300 vlans because of freeRadius limitation
2024-05-23 10:39:24 +02:00

83 lines
2.8 KiB
Nix

{ pkgs, ... }@args:
pkgs.writeText "mod-dhcp_sql" ''
sql dhcp_sql {
dialect = "sqlite"
driver = "rlm_sql_''${dialect}"
sqlite {
filename = "/tmp/freeradius.db"
busy_timeout = 200
bootstrap = "${import ./dhcp-sqlsquema.nix args}"
}
radius_db = "radius"
read_groups = no
pool {
start = ''${thread[pool].start_servers}
min = ''${thread[pool].min_spare_servers}
max = ''${thread[pool].max_servers}
spare = ''${thread[pool].max_spare_servers}
uses = 0
retry_delay = 30
lifetime = 0
idle_timeout = 60
}
group_attribute = "''${.:instance}-SQL-Group"
# -*- text -*-
#
# dhcp/sqlite/queries.conf -- SQLite configuration for DHCP schema (schema.sql)
#
# $Id: 0cc720220d237d98934dd23173ccb4e09bd0cb01 $
# Safe characters list for sql queries. Everything else is replaced
# with their mime-encoded equivalents.
# The default list should be ok
# safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
#######################################################################
# Query config: Identifier
#######################################################################
# This is the identifier that will get substituted, escaped, and added
# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used
# below everywhere an identifier substitution is needed so you you can
# be sure the identifier passed from the client is escaped properly.
#
sql_user_name = "%{control:DHCP-SQL-Option-Identifier}"
#######################################################################
# Attribute Lookup Queries
#######################################################################
# These queries setup the reply items in ''${dhcpreply_table} and
# ''${group_reply_query}. You can use any query/tables you want, but
# the return data for each row MUST be in the following order:
#
# 0. Row ID (currently unused)
# 1. Identifier
# 2. Item Attr Name
# 3. Item Attr Value
# 4. Item Attr Operation
#######################################################################
authorize_reply_query = "\
SELECT id, identifier, attribute, value, op \
FROM dhcpreply \
WHERE identifier = '%{SQL-User-Name}' AND context = '%{control:DHCP-SQL-Option-Context}' \
ORDER BY id"
authorize_group_reply_query = "\
SELECT id, groupname, attribute, value, op \
FROM dhcpgroupreply \
WHERE groupname = '%{''${group_attribute}}' AND context = '%{control:DHCP-SQL-Option-Context}' \
ORDER BY id"
group_membership_query = "\
SELECT groupname \
FROM dhcpgroup \
WHERE identifier='%{SQL-User-Name}' AND context = '%{control:DHCP-SQL-Option-Context}' \
ORDER BY priority"
}
''