diff options
| author | Vincent Ambo <tazjin@google.com> | 2020-06-08T00·35+0000 |
|---|---|---|
| committer | Vincent Ambo <tazjin@google.com> | 2020-06-11T21·13+0000 |
| commit | 4000a76678f37ad36ccaa9957eba0737c6e78607 (patch) | |
| tree | 976added7a8f584216237abbd2d702154857bf5c | |
| parent | 740b4b37fcfbe3d212c67ea855a8c3d3a0a2197b (diff) | |
feat(monorepo-gerrit): Configure Gerrit for LDAP authentication r/899
| -rw-r--r-- | ops/nixos/modules/monorepo-gerrit.nix | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ops/nixos/modules/monorepo-gerrit.nix b/ops/nixos/modules/monorepo-gerrit.nix index 2b8e5e773852..6721b1c5fd15 100644 --- a/ops/nixos/modules/monorepo-gerrit.nix +++ b/ops/nixos/modules/monorepo-gerrit.nix @@ -11,6 +11,21 @@ log.jsonLogging = true; log.textLogging = false; # TODO: gitweb config + + # Configures integration with the locally running OpenLDAP + auth.type = "LDAP"; + ldap = { + server = "ldap://localhost"; + accountBase = "ou=users,dc=tvl,dc=fyi"; + accountPattern = "(&(objectClass=organizationalPerson)(cn=\${username}))"; + accountFullName = "cn"; + accountEmailAddress = "mail"; + groupBase = "ou=groups,dc=tvl,dc=fyi"; + gerrit.canonicalWebUrl = "https://cl.tvl.fyi"; + + # TODO(tazjin): Assuming this is what we'll be doing ... + groupMemberPattern = "(&(objectClass=group)(member=\${dn}))"; + }; }; }; } |