From 4000a76678f37ad36ccaa9957eba0737c6e78607 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <tazjin@google.com>
Date: Mon, 8 Jun 2020 00:35:45 +0000
Subject: feat(monorepo-gerrit): Configure Gerrit for LDAP authentication

---
 ops/nixos/modules/monorepo-gerrit.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'ops')

diff --git a/ops/nixos/modules/monorepo-gerrit.nix b/ops/nixos/modules/monorepo-gerrit.nix
index 2b8e5e7738..6721b1c5fd 100644
--- a/ops/nixos/modules/monorepo-gerrit.nix
+++ b/ops/nixos/modules/monorepo-gerrit.nix
@@ -11,6 +11,21 @@
       log.jsonLogging = true;
       log.textLogging = false;
       # TODO: gitweb config
+
+      # Configures integration with the locally running OpenLDAP
+      auth.type = "LDAP";
+      ldap = {
+        server = "ldap://localhost";
+        accountBase = "ou=users,dc=tvl,dc=fyi";
+        accountPattern = "(&(objectClass=organizationalPerson)(cn=\${username}))";
+        accountFullName = "cn";
+        accountEmailAddress = "mail";
+        groupBase = "ou=groups,dc=tvl,dc=fyi";
+        gerrit.canonicalWebUrl = "https://cl.tvl.fyi";
+
+        # TODO(tazjin): Assuming this is what we'll be doing ...
+        groupMemberPattern = "(&(objectClass=group)(member=\${dn}))";
+      };
     };
   };
 }
-- 
cgit 1.4.1