1
0
Fork 0

make home-assistant service work without ldap integration

This commit is contained in:
ibizaman 2024-01-07 14:42:07 -08:00 committed by Pierre Penninckx
parent 719ec6c62e
commit a5e9af27b5

View file

@ -33,10 +33,54 @@ in
example = "mydomain.com"; example = "mydomain.com";
}; };
ldapEndpoint = lib.mkOption { ldap = lib.mkOption {
type = lib.types.str; description = ''
description = "host serving the LDAP server"; LDAP Integration App. [Manual](https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html)
example = "http://127.0.0.1:389";
Enabling this app will create a new LDAP configuration or update one that exists with
the given host.
'';
default = {};
type = lib.types.submodule {
options = {
enable = lib.mkEnableOption "LDAP app.";
host = lib.mkOption {
type = lib.types.str;
description = ''
Host serving the LDAP server.
If set, the Home Assistant auth will be disabled. To keep it, set
`keepDefaultAuth` to `true`.
'';
default = "127.0.0.1";
};
port = lib.mkOption {
type = lib.types.port;
description = ''
Port of the service serving the LDAP server.
'';
default = 389;
};
userGroup = lib.mkOption {
type = lib.types.str;
description = "Group users must belong to to be able to login to Nextcloud.";
default = "homeassistant_user";
};
keepDefaultAuth = lib.mkOption {
type = lib.types.bool;
description = ''
Keep Home Assistant auth active, even if LDAP is configured. Usually, you want to enable
this to transfer existing users to LDAP and then you can disabled it.
'';
default = false;
};
};
};
}; };
sopsFile = lib.mkOption { sopsFile = lib.mkOption {
@ -100,17 +144,20 @@ in
longitude = "!secret longitude_home"; longitude = "!secret longitude_home";
time_zone = "!secret time_zone"; time_zone = "!secret time_zone";
unit_system = "metric"; unit_system = "metric";
auth_providers = [ auth_providers =
# Ensure you have the homeassistant provider enabled if you want to continue using your existing accounts (lib.optionals (!cfg.ldap.enable || cfg.ldap.keepDefaultAuth) [
# { type = "homeassistant"; } {
{ type = "command_line"; type = "homeassistant";
command = ldap_auth_script + "/bin/ldap_auth.sh"; }
# Only allow users in the 'homeassistant_user' group to login. ])
# Change to ["https://lldap.example.com"] to allow all users ++ (lib.optionals cfg.ldap.enable [
args = [ cfg.ldapEndpoint "homeassistant_user" ]; {
meta = true; type = "command_line";
} command = ldap_auth_script + "/bin/ldap_auth.sh";
]; args = [ "http://${cfg.ldap.host}:${toString cfg.ldap.port}" cfg.ldap.userGroup ];
meta = true;
}
]);
}; };
"automation ui" = "!include automations.yaml"; "automation ui" = "!include automations.yaml";
"scene ui" = "!include scenes.yaml"; "scene ui" = "!include scenes.yaml";
@ -159,29 +206,29 @@ in
}; };
}; };
systemd.services.home-assistant.preStart = systemd.services.home-assistant.preStart = lib.mkIf cfg.ldap.enable (
let let
onboarding = pkgs.writeText "onboarding" '' onboarding = pkgs.writeText "onboarding" ''
{ {
"version": 4, "version": 4,
"minor_version": 1, "minor_version": 1,
"key": "onboarding", "key": "onboarding",
"data": { "data": {
"done": [ "done": [
"user", "user",
"core_config" "core_config"
] ]
}
} }
}
''; '';
storage = "${config.services.home-assistant.configDir}/.storage"; storage = "${config.services.home-assistant.configDir}/.storage";
file = "${storage}/onboarding"; file = "${storage}/onboarding";
in in
'' ''
if ! -f ${file}; then if ! -f ${file}; then
mkdir -p ${storage} && cp ${onboarding} ${file} mkdir -p ${storage} && cp ${onboarding} ${file}
fi fi
''; '');
sops.secrets."home-assistant" = { sops.secrets."home-assistant" = {
inherit (cfg) sopsFile; inherit (cfg) sopsFile;