about summary refs log tree commit diff
path: root/ops
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@google.com>2020-06-08T00·35+0000
committerVincent Ambo <tazjin@google.com>2020-06-11T21·13+0000
commit4000a76678f37ad36ccaa9957eba0737c6e78607 (patch)
tree976added7a8f584216237abbd2d702154857bf5c /ops
parent740b4b37fcfbe3d212c67ea855a8c3d3a0a2197b (diff)
feat(monorepo-gerrit): Configure Gerrit for LDAP authentication r/899
Diffstat (limited to 'ops')
-rw-r--r--ops/nixos/modules/monorepo-gerrit.nix15
1 files changed, 15 insertions, 0 deletions
diff --git a/ops/nixos/modules/monorepo-gerrit.nix b/ops/nixos/modules/monorepo-gerrit.nix
index 2b8e5e773852..6721b1c5fd15 100644
--- a/ops/nixos/modules/monorepo-gerrit.nix
+++ b/ops/nixos/modules/monorepo-gerrit.nix
@@ -11,6 +11,21 @@
       log.jsonLogging = true;
       log.textLogging = false;
       # TODO: gitweb config
+
+      # Configures integration with the locally running OpenLDAP
+      auth.type = "LDAP";
+      ldap = {
+        server = "ldap://localhost";
+        accountBase = "ou=users,dc=tvl,dc=fyi";
+        accountPattern = "(&(objectClass=organizationalPerson)(cn=\${username}))";
+        accountFullName = "cn";
+        accountEmailAddress = "mail";
+        groupBase = "ou=groups,dc=tvl,dc=fyi";
+        gerrit.canonicalWebUrl = "https://cl.tvl.fyi";
+
+        # TODO(tazjin): Assuming this is what we'll be doing ...
+        groupMemberPattern = "(&(objectClass=group)(member=\${dn}))";
+      };
     };
   };
 }