Portunus
services.portunus.dex.enable
Whether to enable Dex ldap connector.
To activate dex, first a search user must be created in the Portunus web ui
and then the password must to be set as the DEX_SEARCH_USER_PASSWORD environment variable
in the setting
.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.dex.oidcClients
List of OIDC clients.
The OIDC secret must be set as the DEX_CLIENT_${id} environment variable
in the setting.
::: {.note} Make sure the id only contains characters that are allowed in an environment variable name, e.g. no -. :::
Type: list of (submodule)
Default
[ ]
Example
[{callbackURL = "https://example.com/client/oidc/callback";id = "service";}]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.dex.oidcClients.*.callbackURL
URL where the OIDC client should redirect
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.dex.oidcClients.*.id
ID of the OIDC client
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.dex.port
Port where dex should listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
5556
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.domain
Subdomain which gets reverse proxied to Portunus webserver.
Type: string
Example
"sso.example.com"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.enable
Whether to enable Portunus, a self-contained user/group management and authentication service for LDAP.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.group
Group account under which Portunus runs its webserver.
Type: string
Default
"portunus"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.ldap.group
Group account under which Portunus runs its LDAP server.
Type: string
Default
"openldap"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.ldap.package
The OpenLDAP package to use.
Type: package
Default
pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.ldap.searchUserName
The login name of the search user. This user account must be configured in Portunus either manually or via seeding.
Type: string
Default
""
Example
"admin"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.ldap.suffix
The DN of the topmost entry in your LDAP directory. Please refer to the Portunus documentation for more information on how this impacts the structure of the LDAP directory.
Type: string
Example
"dc=example,dc=org"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.ldap.tls
Whether to enable LDAPS protocol.
This also adds two entries to the /etc/hosts file to point to localhost,
so that CLIs and programs can use ldaps protocol and verify the certificate without opening the firewall port for the protocol.
This requires a TLS certificate for to be configured via .
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.ldap.user
User account under which Portunus runs its LDAP server.
Type: string
Default
"openldap"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.package
The portunus package to use.
Type: package
Default
pkgs.portunus
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.port
Port where the Portunus webserver should listen on.
This must be put behind a TLS-capable reverse proxy because Portunus only listens on localhost.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
8080
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.seedPath
Path to a portunus seed file in json format. See https://github.com/majewsky/portunus#seeding-users-and-groups-from-static-configuration for available options.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.seedSettings
Seed settings for users and groups. See upstream for format https://github.com/majewsky/portunus#seeding-users-and-groups-from-static-configuration
Type: null or (attribute set of list of attribute set of anything)
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.stateDir
Path where Portunus stores its state.
Type: path
Default
"/var/lib/portunus"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix
services.portunus.user
User account under which Portunus runs its webserver.
Type: string
Default
"portunus"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/portunus.nix