add ldap support to home-assistant
This commit is contained in:
ibizaman
parent
4d56e9782a
commit
88c9fabcb9
2 changed files with 33 additions and 0 deletions
modules
|
|
@ -4,6 +4,18 @@ let
|
||||||
cfg = config.shb.home-assistant;
|
cfg = config.shb.home-assistant;
|
||||||
|
|
||||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||||
|
|
||||||
|
ldap_auth_script_repo = pkgs.fetchFromGitHub {
|
||||||
|
owner = "lldap";
|
||||||
|
repo = "lldap";
|
||||||
|
rev = "7d1f5abc137821c500de99c94f7579761fc949d8";
|
||||||
|
sha256 = "sha256-8D+7ww70Ja6Qwdfa+7MpjAAHewtCWNf/tuTAExoUrg0=";
|
||||||
|
};
|
||||||
|
|
||||||
|
ldap_auth_script = pkgs.writeShellScriptBin "ldap_auth.sh" ''
|
||||||
|
export PATH=${pkgs.gnused}/bin:${pkgs.curl}/bin:${pkgs.jq}/bin
|
||||||
|
exec ${pkgs.bash}/bin/bash ${ldap_auth_script_repo}/example_configs/lldap-ha-auth.sh $@
|
||||||
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.shb.home-assistant = {
|
options.shb.home-assistant = {
|
||||||
|
|
@ -21,6 +33,12 @@ in
|
||||||
example = "mydomain.com";
|
example = "mydomain.com";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ldapEndpoint = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "host serving the LDAP server";
|
||||||
|
example = "http://127.0.0.1:389";
|
||||||
|
};
|
||||||
|
|
||||||
sopsFile = lib.mkOption {
|
sopsFile = lib.mkOption {
|
||||||
type = lib.types.path;
|
type = lib.types.path;
|
||||||
description = "Sops file location";
|
description = "Sops file location";
|
||||||
|
|
@ -80,6 +98,17 @@ in
|
||||||
latitude = "!secret latitude_home";
|
latitude = "!secret latitude_home";
|
||||||
longitude = "!secret longitude_home";
|
longitude = "!secret longitude_home";
|
||||||
time_zone = "America/Los_Angeles";
|
time_zone = "America/Los_Angeles";
|
||||||
|
auth_providers = [
|
||||||
|
# Ensure you have the homeassistant provider enabled if you want to continue using your existing accounts
|
||||||
|
{ type = "homeassistant"; }
|
||||||
|
{ type = "command_line";
|
||||||
|
command = ldap_auth_script + "/bin/ldap_auth.sh";
|
||||||
|
# Only allow users in the 'homeassistant_user' group to login.
|
||||||
|
# Change to ["https://lldap.example.com"] to allow all users
|
||||||
|
args = [ cfg.ldapEndpoint "homeassistant_user" ];
|
||||||
|
meta = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
"automation ui" = "!include automations.yaml";
|
"automation ui" = "!include automations.yaml";
|
||||||
"scene ui" = "!include scenes.yaml";
|
"scene ui" = "!include scenes.yaml";
|
||||||
|
|
|
||||||
|
|
@ -83,6 +83,8 @@ in
|
||||||
environment = {
|
environment = {
|
||||||
LLDAP_JWT_SECRET_FILE = "/run/secrets/lldap/jwt_secret";
|
LLDAP_JWT_SECRET_FILE = "/run/secrets/lldap/jwt_secret";
|
||||||
LLDAP_LDAP_USER_PASS_FILE = "/run/secrets/lldap/user_password";
|
LLDAP_LDAP_USER_PASS_FILE = "/run/secrets/lldap/user_password";
|
||||||
|
|
||||||
|
# RUST_LOG = "debug";
|
||||||
};
|
};
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
|
|
@ -94,6 +96,8 @@ in
|
||||||
ldap_port = 3890;
|
ldap_port = 3890;
|
||||||
|
|
||||||
ldap_base_dn = cfg.dcdomain;
|
ldap_base_dn = cfg.dcdomain;
|
||||||
|
|
||||||
|
# verbose = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue