1 files changed, 29 insertions, 0 deletions
diff --git a/systems/zoldene/synapse.nix b/systems/zoldene/synapse.nix
index 1d892a7..cfcdc9a 100644
--- a/systems/zoldene/synapse.nix
+++ b/systems/zoldene/synapse.nix
@@ -72,9 +72,32 @@
    services.matrix-synapse = {
      enable = true;
+      log.root.level = "WARNING";
+      plugins = [
+        config.services.matrix-synapse.package.plugins.matrix-synapse-ldap3
+      ];
      extraConfigFiles = [
        config.secrets.fullPaths."matrix/homeserver_secrets.yaml"
      ];
+      settings.modules = [
+        {
+          module = "ldap_auth_provider.LdapAuthProviderModule";
+          config = {
+            enabled = true;
+            uri = "ldaps://${config.myEnv.tools.matrix.ldap.host}:636";
+            start_tls = false;
+            base = config.myEnv.tools.matrix.ldap.base;
+            attributes = {
+              uid = "uid";
+              mail = "mail";
+              name = "cn";
+            };
+            bind_dn = config.myEnv.tools.matrix.ldap.dn;
+            bind_password_file = config.secrets.fullPaths."matrix/ldap_password";
+            filter = config.myEnv.tools.matrix.ldap.filter;
+          };
+        }
+      ];
      settings.server_name = "immae.eu";
      settings.signing_key_path = config.secrets.fullPaths."matrix/signing.key";
      settings.listeners = [
@@ -152,6 +175,12 @@
        ];
      };
    };
+    secrets.keys."matrix/ldap_password" = {
+      permissions = "0400";
+      user = "matrix-synapse";
+      group = "matrix-synapse";
+      text = config.myEnv.tools.matrix.ldap.password;
+    };
    secrets.keys."matrix/signing.key" = {
      permissions = "0400";
      user = "matrix-synapse";

diff --git a/systems/zoldene/synapse.nix b/systems/zoldene/synapse.nix index 1d892a7..cfcdc9a 100644 --- a/systems/zoldene/synapse.nix +++ b/systems/zoldene/synapse.nix
@@ -72,9 +72,32 @@
72		72
73	services.matrix-synapse = {	73	services.matrix-synapse = {
74	enable = true;	74	enable = true;
		75	log.root.level = "WARNING";
		76	plugins = [
		77	config.services.matrix-synapse.package.plugins.matrix-synapse-ldap3
		78	];
75	extraConfigFiles = [	79	extraConfigFiles = [
76	config.secrets.fullPaths."matrix/homeserver_secrets.yaml"	80	config.secrets.fullPaths."matrix/homeserver_secrets.yaml"
77	];	81	];
		82	settings.modules = [
		83	{
		84	module = "ldap_auth_provider.LdapAuthProviderModule";
		85	config = {
		86	enabled = true;
		87	uri = "ldaps://${config.myEnv.tools.matrix.ldap.host}:636";
		88	start_tls = false;
		89	base = config.myEnv.tools.matrix.ldap.base;
		90	attributes = {
		91	uid = "uid";
		92	mail = "mail";
		93	name = "cn";
		94	};
		95	bind_dn = config.myEnv.tools.matrix.ldap.dn;
		96	bind_password_file = config.secrets.fullPaths."matrix/ldap_password";
		97	filter = config.myEnv.tools.matrix.ldap.filter;
		98	};
		99	}
		100	];
78	settings.server_name = "immae.eu";	101	settings.server_name = "immae.eu";
79	settings.signing_key_path = config.secrets.fullPaths."matrix/signing.key";	102	settings.signing_key_path = config.secrets.fullPaths."matrix/signing.key";
80	settings.listeners = [	103	settings.listeners = [
@@ -152,6 +175,12 @@
152	];	175	];
153	};	176	};
154	};	177	};
		178	secrets.keys."matrix/ldap_password" = {
		179	permissions = "0400";
		180	user = "matrix-synapse";
		181	group = "matrix-synapse";
		182	text = config.myEnv.tools.matrix.ldap.password;
		183	};
155	secrets.keys."matrix/signing.key" = {	184	secrets.keys."matrix/signing.key" = {
156	permissions = "0400";	185	permissions = "0400";
157	user = "matrix-synapse";	186	user = "matrix-synapse";