From c55d7e13d4e689f155f0483505181c4dd1ce5904 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 19 Jun 2024 01:55:44 +0200 Subject: Use ldap in matrix --- systems/backup-2/flake.lock | 26 +++++++++++++------------- systems/dilion/flake.lock | 10 +++++----- systems/eldiron/flake.lock | 26 +++++++++++++------------- systems/monitoring-1/flake.lock | 18 +++++++++--------- systems/quatresaisons/flake.lock | 10 +++++----- systems/zoldene/flake.lock | 6 +++--- systems/zoldene/synapse.nix | 29 +++++++++++++++++++++++++++++ 7 files changed, 77 insertions(+), 48 deletions(-) (limited to 'systems') diff --git a/systems/backup-2/flake.lock b/systems/backup-2/flake.lock index fe310da..4750406 100644 --- a/systems/backup-2/flake.lock +++ b/systems/backup-2/flake.lock @@ -22,7 +22,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-M+KSiWf7rl3kh+gzcQtH/cOHsMh5hr7gnN2+yaVwdmo=", + "narHash": "sha256-S6sETV9+RccMB5LcH4vOZJiTdhLS3SRIjFRvEfjd9Ag=", "path": "../../flakes/private/chatons", "type": "path" }, @@ -74,7 +74,7 @@ "environment": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -86,7 +86,7 @@ "environment_2": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../../flakes/private/environment", "type": "path" }, @@ -98,7 +98,7 @@ "environment_3": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -110,7 +110,7 @@ "environment_4": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -122,7 +122,7 @@ "environment_5": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -134,7 +134,7 @@ "environment_6": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -146,7 +146,7 @@ "environment_7": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -352,7 +352,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-xy7SjExBM+j9moitbibUP/lr/wp4u+av+ERVq98icGQ=", + "narHash": "sha256-tY5qk98NpdM4osbPYFeo6/pHiQQU4a4iKw2jCJP99q8=", "path": "../../flakes/private/mail-relay", "type": "path" }, @@ -371,7 +371,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-o0I224ximrIlryjv6VOQSKkE3r18lqE0xJyl0EAOx0M=", + "narHash": "sha256-Aqubcd5AOuP6XUdvjeCXIP6Yksn8uBXbS62kWXBop1w=", "path": "../../flakes/private/milters", "type": "path" }, @@ -389,7 +389,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-naDZz+X25NfKpA4J2JjK8gy3nwBL8DQo5Ip3vbpx1vA=", + "narHash": "sha256-F7GennKqLc6Cx3DuU6qSPUHmjvpfrrfOshor41vaCz4=", "path": "../../flakes/private/monitoring", "type": "path" }, @@ -925,7 +925,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-P4N7XBkotxwMOsmmoIaKJ5etrN3TzrGXKJnDfzWKOYI=", + "narHash": "sha256-LDicilQIpNXKg/UD6uyf66h/iL/rhDOkkVjTMdKRzX4=", "path": "../../flakes/private/opendmarc", "type": "path" }, @@ -1104,7 +1104,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-4BSHUGdctTxvJObi9jz6S5FH22ZtIpbIZbShFP40Ds0=", + "narHash": "sha256-zbQxRzS3bTCQO/0D/AJYNU/xwBmXgfU82PDLxVyXcAQ=", "path": "../../flakes/private/system", "type": "path" }, diff --git a/systems/dilion/flake.lock b/systems/dilion/flake.lock index 91d5bc4..c8e6638 100644 --- a/systems/dilion/flake.lock +++ b/systems/dilion/flake.lock @@ -59,7 +59,7 @@ "environment": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../../flakes/private/environment", "type": "path" }, @@ -71,7 +71,7 @@ "environment_2": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -83,7 +83,7 @@ "environment_3": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -207,7 +207,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-naDZz+X25NfKpA4J2JjK8gy3nwBL8DQo5Ip3vbpx1vA=", + "narHash": "sha256-F7GennKqLc6Cx3DuU6qSPUHmjvpfrrfOshor41vaCz4=", "path": "../../flakes/private/monitoring", "type": "path" }, @@ -599,7 +599,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-4BSHUGdctTxvJObi9jz6S5FH22ZtIpbIZbShFP40Ds0=", + "narHash": "sha256-zbQxRzS3bTCQO/0D/AJYNU/xwBmXgfU82PDLxVyXcAQ=", "path": "../../flakes/private/system", "type": "path" }, diff --git a/systems/eldiron/flake.lock b/systems/eldiron/flake.lock index 5395c34..193ef5e 100644 --- a/systems/eldiron/flake.lock +++ b/systems/eldiron/flake.lock @@ -129,7 +129,7 @@ "environment": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -141,7 +141,7 @@ "environment_2": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -153,7 +153,7 @@ "environment_3": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -165,7 +165,7 @@ "environment_4": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -177,7 +177,7 @@ "environment_5": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -189,7 +189,7 @@ "environment_6": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -1989,7 +1989,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-M+KSiWf7rl3kh+gzcQtH/cOHsMh5hr7gnN2+yaVwdmo=", + "narHash": "sha256-S6sETV9+RccMB5LcH4vOZJiTdhLS3SRIjFRvEfjd9Ag=", "path": "../../flakes/private/chatons", "type": "path" }, @@ -2001,7 +2001,7 @@ "private-environment": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../../flakes/private/environment", "type": "path" }, @@ -2020,7 +2020,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-o0I224ximrIlryjv6VOQSKkE3r18lqE0xJyl0EAOx0M=", + "narHash": "sha256-Aqubcd5AOuP6XUdvjeCXIP6Yksn8uBXbS62kWXBop1w=", "path": "../../flakes/private/milters", "type": "path" }, @@ -2038,7 +2038,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-naDZz+X25NfKpA4J2JjK8gy3nwBL8DQo5Ip3vbpx1vA=", + "narHash": "sha256-F7GennKqLc6Cx3DuU6qSPUHmjvpfrrfOshor41vaCz4=", "path": "../../flakes/private/monitoring", "type": "path" }, @@ -2073,7 +2073,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-P4N7XBkotxwMOsmmoIaKJ5etrN3TzrGXKJnDfzWKOYI=", + "narHash": "sha256-LDicilQIpNXKg/UD6uyf66h/iL/rhDOkkVjTMdKRzX4=", "path": "../../flakes/private/opendmarc", "type": "path" }, @@ -2134,7 +2134,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-biB3cB3cuWYGfYbxuHLddpjV/2zHWr4AS5gLths3/qQ=", + "narHash": "sha256-mhoBv1NxQoAMlfFGkgGC28cjMTgUxgb2oqNS+k6kWH4=", "path": "../../flakes/private/ssh", "type": "path" }, @@ -2153,7 +2153,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-4BSHUGdctTxvJObi9jz6S5FH22ZtIpbIZbShFP40Ds0=", + "narHash": "sha256-zbQxRzS3bTCQO/0D/AJYNU/xwBmXgfU82PDLxVyXcAQ=", "path": "../../flakes/private/system", "type": "path" }, diff --git a/systems/monitoring-1/flake.lock b/systems/monitoring-1/flake.lock index c585d8f..1dc0e86 100644 --- a/systems/monitoring-1/flake.lock +++ b/systems/monitoring-1/flake.lock @@ -22,7 +22,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-M+KSiWf7rl3kh+gzcQtH/cOHsMh5hr7gnN2+yaVwdmo=", + "narHash": "sha256-S6sETV9+RccMB5LcH4vOZJiTdhLS3SRIjFRvEfjd9Ag=", "path": "../../flakes/private/chatons", "type": "path" }, @@ -74,7 +74,7 @@ "environment": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -86,7 +86,7 @@ "environment_2": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../../flakes/private/environment", "type": "path" }, @@ -98,7 +98,7 @@ "environment_3": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -110,7 +110,7 @@ "environment_4": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -122,7 +122,7 @@ "environment_5": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -259,7 +259,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-xy7SjExBM+j9moitbibUP/lr/wp4u+av+ERVq98icGQ=", + "narHash": "sha256-tY5qk98NpdM4osbPYFeo6/pHiQQU4a4iKw2jCJP99q8=", "path": "../../flakes/private/mail-relay", "type": "path" }, @@ -277,7 +277,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-naDZz+X25NfKpA4J2JjK8gy3nwBL8DQo5Ip3vbpx1vA=", + "narHash": "sha256-F7GennKqLc6Cx3DuU6qSPUHmjvpfrrfOshor41vaCz4=", "path": "../../flakes/private/monitoring", "type": "path" }, @@ -735,7 +735,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-4BSHUGdctTxvJObi9jz6S5FH22ZtIpbIZbShFP40Ds0=", + "narHash": "sha256-zbQxRzS3bTCQO/0D/AJYNU/xwBmXgfU82PDLxVyXcAQ=", "path": "../../flakes/private/system", "type": "path" }, diff --git a/systems/quatresaisons/flake.lock b/systems/quatresaisons/flake.lock index ed86b4e..95c61b8 100644 --- a/systems/quatresaisons/flake.lock +++ b/systems/quatresaisons/flake.lock @@ -59,7 +59,7 @@ "environment": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../../flakes/private/environment", "type": "path" }, @@ -71,7 +71,7 @@ "environment_2": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -83,7 +83,7 @@ "environment_3": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -239,7 +239,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-naDZz+X25NfKpA4J2JjK8gy3nwBL8DQo5Ip3vbpx1vA=", + "narHash": "sha256-F7GennKqLc6Cx3DuU6qSPUHmjvpfrrfOshor41vaCz4=", "path": "../../flakes/private/monitoring", "type": "path" }, @@ -712,7 +712,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-4BSHUGdctTxvJObi9jz6S5FH22ZtIpbIZbShFP40Ds0=", + "narHash": "sha256-zbQxRzS3bTCQO/0D/AJYNU/xwBmXgfU82PDLxVyXcAQ=", "path": "../../flakes/private/system", "type": "path" }, diff --git a/systems/zoldene/flake.lock b/systems/zoldene/flake.lock index 972b275..f07de8c 100644 --- a/systems/zoldene/flake.lock +++ b/systems/zoldene/flake.lock @@ -59,7 +59,7 @@ "environment": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../environment", "type": "path" }, @@ -436,7 +436,7 @@ "private-environment": { "locked": { "lastModified": 1, - "narHash": "sha256-44KJj+te7cnv7QP9VNXCgwnWDthdW626uvKaWf8ddBE=", + "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", "path": "../../flakes/private/environment", "type": "path" }, @@ -455,7 +455,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-4BSHUGdctTxvJObi9jz6S5FH22ZtIpbIZbShFP40Ds0=", + "narHash": "sha256-zbQxRzS3bTCQO/0D/AJYNU/xwBmXgfU82PDLxVyXcAQ=", "path": "../../flakes/private/system", "type": "path" }, diff --git a/systems/zoldene/synapse.nix b/systems/zoldene/synapse.nix index 1d892a7..cfcdc9a 100644 --- a/systems/zoldene/synapse.nix +++ b/systems/zoldene/synapse.nix @@ -72,9 +72,32 @@ services.matrix-synapse = { enable = true; + log.root.level = "WARNING"; + plugins = [ + config.services.matrix-synapse.package.plugins.matrix-synapse-ldap3 + ]; extraConfigFiles = [ config.secrets.fullPaths."matrix/homeserver_secrets.yaml" ]; + settings.modules = [ + { + module = "ldap_auth_provider.LdapAuthProviderModule"; + config = { + enabled = true; + uri = "ldaps://${config.myEnv.tools.matrix.ldap.host}:636"; + start_tls = false; + base = config.myEnv.tools.matrix.ldap.base; + attributes = { + uid = "uid"; + mail = "mail"; + name = "cn"; + }; + bind_dn = config.myEnv.tools.matrix.ldap.dn; + bind_password_file = config.secrets.fullPaths."matrix/ldap_password"; + filter = config.myEnv.tools.matrix.ldap.filter; + }; + } + ]; settings.server_name = "immae.eu"; settings.signing_key_path = config.secrets.fullPaths."matrix/signing.key"; settings.listeners = [ @@ -152,6 +175,12 @@ ]; }; }; + secrets.keys."matrix/ldap_password" = { + permissions = "0400"; + user = "matrix-synapse"; + group = "matrix-synapse"; + text = config.myEnv.tools.matrix.ldap.password; + }; secrets.keys."matrix/signing.key" = { permissions = "0400"; user = "matrix-synapse"; -- cgit v1.2.3