Oncall: Difference between revisions
Created page with "[http://oncall.tools Oncall] is a web-app for shift planning, developed by LinkedIn. == Setup == {{Note|Parts of this module are not yet stable will be available with the upcoming NixOS release 25.05.}} To enable and run Oncall add following line to your system configuration and apply it <syntaxhighlight lang="nix"> services.oncall.enable = true; </syntaxhighlight> Go to http://localhost to access it. Category:Server Category:Web Applications" |
mNo edit summary |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
== Setup == | == Setup == | ||
{{ | {{Warning|This setup example is for local and testing environments only. Please not that in this case secrets such as the passwords get copied into the Nix store and are globally readable.}} | ||
To enable and run Oncall add following line to your system configuration and apply it | To enable and run Oncall add following line to your system configuration and apply it | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
services.oncall.enable = true; | { | ||
pkgs, | |||
lib, | |||
... | |||
}: | |||
let | |||
ldapDomain = "example.org"; | |||
ldapSuffix = "dc=example,dc=org"; | |||
ldapRootUser = "root"; | |||
ldapRootPassword = "foobar23"; | |||
testUser = "myuser"; | |||
testPassword = "foobar23"; | |||
in | |||
{ | |||
environment.etc."oncall-secrets.yml".text = '' | |||
auth: | |||
ldap_bind_password: "${ldapRootPassword}" | |||
''; | |||
services.oncall = { | |||
enable = true; | |||
settings = { | |||
auth = { | |||
module = "oncall.auth.modules.ldap_import"; | |||
ldap_url = "ldap://localhost"; | |||
ldap_user_suffix = ""; | |||
ldap_bind_user = "cn=root,${ldapSuffix}"; | |||
ldap_base_dn = "ou=accounts,${ldapSuffix}"; | |||
ldap_search_filter = "(uid=%s)"; | |||
import_user = true; | |||
attrs = { | |||
username = "uid"; | |||
full_name = "cn"; | |||
email = "mail"; | |||
call = "telephoneNumber"; | |||
sms = "mobile"; | |||
}; | |||
}; | |||
}; | |||
secretFile = "/etc/oncall-secrets.yml"; | |||
}; | |||
services.openldap = { | |||
enable = true; | |||
settings = { | |||
children = { | |||
"cn=schema".includes = [ | |||
"${pkgs.openldap}/etc/schema/core.ldif" | |||
"${pkgs.openldap}/etc/schema/cosine.ldif" | |||
"${pkgs.openldap}/etc/schema/inetorgperson.ldif" | |||
"${pkgs.openldap}/etc/schema/nis.ldif" | |||
]; | |||
"olcDatabase={1}mdb" = { | |||
attrs = { | |||
objectClass = [ | |||
"olcDatabaseConfig" | |||
"olcMdbConfig" | |||
]; | |||
olcDatabase = "{1}mdb"; | |||
olcDbDirectory = "/var/lib/openldap/db"; | |||
olcSuffix = ldapSuffix; | |||
olcRootDN = "cn=${ldapRootUser},${ldapSuffix}"; | |||
olcRootPW = ldapRootPassword; | |||
}; | |||
}; | |||
}; | |||
}; | |||
declarativeContents = { | |||
${ldapSuffix} = '' | |||
dn: ${ldapSuffix} | |||
objectClass: top | |||
objectClass: dcObject | |||
objectClass: organization | |||
o: ${ldapDomain} | |||
dn: ou=accounts,${ldapSuffix} | |||
objectClass: top | |||
objectClass: organizationalUnit | |||
dn: uid=${testUser},ou=accounts,${ldapSuffix} | |||
objectClass: top | |||
objectClass: inetOrgPerson | |||
uid: ${testUser} | |||
userPassword: ${testPassword} | |||
cn: Test User | |||
sn: User | |||
mail: test@example.org | |||
telephoneNumber: 012345678910 | |||
mobile: 012345678910 | |||
''; | |||
}; | |||
}; | |||
} | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Go to http://localhost to access it. | Go to http://localhost to access it. Login with the test user <code>myuser</code> and the password <code>foobar23</code>. | ||
[[Category:Server]] | [[Category:Server]] | ||
[[Category:Web Applications]] | [[Category:Web Applications]] | ||
Latest revision as of 09:15, 1 June 2025
Oncall is a web-app for shift planning, developed by LinkedIn.
Setup
⚠︎
Warning: This setup example is for local and testing environments only. Please not that in this case secrets such as the passwords get copied into the Nix store and are globally readable.
To enable and run Oncall add following line to your system configuration and apply it
{
pkgs,
lib,
...
}:
let
ldapDomain = "example.org";
ldapSuffix = "dc=example,dc=org";
ldapRootUser = "root";
ldapRootPassword = "foobar23";
testUser = "myuser";
testPassword = "foobar23";
in
{
environment.etc."oncall-secrets.yml".text = ''
auth:
ldap_bind_password: "${ldapRootPassword}"
'';
services.oncall = {
enable = true;
settings = {
auth = {
module = "oncall.auth.modules.ldap_import";
ldap_url = "ldap://localhost";
ldap_user_suffix = "";
ldap_bind_user = "cn=root,${ldapSuffix}";
ldap_base_dn = "ou=accounts,${ldapSuffix}";
ldap_search_filter = "(uid=%s)";
import_user = true;
attrs = {
username = "uid";
full_name = "cn";
email = "mail";
call = "telephoneNumber";
sms = "mobile";
};
};
};
secretFile = "/etc/oncall-secrets.yml";
};
services.openldap = {
enable = true;
settings = {
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
"${pkgs.openldap}/etc/schema/nis.ldif"
];
"olcDatabase={1}mdb" = {
attrs = {
objectClass = [
"olcDatabaseConfig"
"olcMdbConfig"
];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/db";
olcSuffix = ldapSuffix;
olcRootDN = "cn=${ldapRootUser},${ldapSuffix}";
olcRootPW = ldapRootPassword;
};
};
};
};
declarativeContents = {
${ldapSuffix} = ''
dn: ${ldapSuffix}
objectClass: top
objectClass: dcObject
objectClass: organization
o: ${ldapDomain}
dn: ou=accounts,${ldapSuffix}
objectClass: top
objectClass: organizationalUnit
dn: uid=${testUser},ou=accounts,${ldapSuffix}
objectClass: top
objectClass: inetOrgPerson
uid: ${testUser}
userPassword: ${testPassword}
cn: Test User
sn: User
mail: test@example.org
telephoneNumber: 012345678910
mobile: 012345678910
'';
};
};
}
Go to http://localhost to access it. Login with the test user myuser and the password foobar23.