Oncall: Difference between revisions
Created page with "[http://oncall.tools Oncall] is a web-app for shift planning, developed by LinkedIn. == Setup == {{Note|Parts of this module are not yet stable will be available with the upcoming NixOS release 25.05.}} To enable and run Oncall add following line to your system configuration and apply it <syntaxhighlight lang="nix"> services.oncall.enable = true; </syntaxhighlight> Go to http://localhost to access it. Category:Server Category:Web Applications" |
Oncall use secrets option |
||
| (One intermediate revision by the same user not shown) | |||
| Line 4: | Line 4: | ||
{{Note|Parts of this module are not yet stable will be available with the upcoming NixOS release 25.05.}} | {{Note|Parts of this module are not yet stable will be available with the upcoming NixOS release 25.05.}} | ||
{{Warning|This setup example is for local and testing environments only. Please not that in this case secrets such as the passwords get copied into the Nix store and are globally readable.}} | |||
To enable and run Oncall add following line to your system configuration and apply it | To enable and run Oncall add following line to your system configuration and apply it | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
services.oncall.enable = true; | { | ||
pkgs, | |||
lib, | |||
... | |||
}: | |||
let | |||
ldapDomain = "example.org"; | |||
ldapSuffix = "dc=example,dc=org"; | |||
ldapRootUser = "root"; | |||
ldapRootPassword = "foobar23"; | |||
testUser = "myuser"; | |||
testPassword = "foobar23"; | |||
in | |||
{ | |||
environment.etc."oncall-secrets.yml".text = '' | |||
auth: | |||
ldap_bind_password: "${ldapRootPassword}" | |||
''; | |||
services.oncall = { | |||
enable = true; | |||
settings = { | |||
auth = { | |||
module = "oncall.auth.modules.ldap_import"; | |||
ldap_url = "ldap://localhost"; | |||
ldap_user_suffix = ""; | |||
ldap_bind_user = "cn=root,${ldapSuffix}"; | |||
ldap_base_dn = "ou=accounts,${ldapSuffix}"; | |||
ldap_search_filter = "(uid=%s)"; | |||
import_user = true; | |||
attrs = { | |||
username = "uid"; | |||
full_name = "cn"; | |||
email = "mail"; | |||
mobile = "mobile"; | |||
}; | |||
}; | |||
}; | |||
secrets = [ "/etc/oncall-secrets.yml" ]; | |||
}; | |||
services.openldap = { | |||
enable = true; | |||
settings = { | |||
children = { | |||
"cn=schema".includes = [ | |||
"${pkgs.openldap}/etc/schema/core.ldif" | |||
"${pkgs.openldap}/etc/schema/cosine.ldif" | |||
"${pkgs.openldap}/etc/schema/inetorgperson.ldif" | |||
"${pkgs.openldap}/etc/schema/nis.ldif" | |||
]; | |||
"olcDatabase={1}mdb" = { | |||
attrs = { | |||
objectClass = [ | |||
"olcDatabaseConfig" | |||
"olcMdbConfig" | |||
]; | |||
olcDatabase = "{1}mdb"; | |||
olcDbDirectory = "/var/lib/openldap/db"; | |||
olcSuffix = ldapSuffix; | |||
olcRootDN = "cn=${ldapRootUser},${ldapSuffix}"; | |||
olcRootPW = ldapRootPassword; | |||
}; | |||
}; | |||
}; | |||
}; | |||
declarativeContents = { | |||
${ldapSuffix} = '' | |||
dn: ${ldapSuffix} | |||
objectClass: top | |||
objectClass: dcObject | |||
objectClass: organization | |||
o: ${ldapDomain} | |||
dn: ou=accounts,${ldapSuffix} | |||
objectClass: top | |||
objectClass: organizationalUnit | |||
dn: uid=${testUser},ou=accounts,${ldapSuffix} | |||
objectClass: person | |||
objectClass: posixAccount | |||
uid: ${testUser} | |||
homeDirectory: /home/${testUser} | |||
uidNumber: 1234 | |||
gidNumber: 1234 | |||
userPassword: ${testPassword} | |||
cn: "Test User" | |||
sn: "User" | |||
''; | |||
}; | |||
}; | |||
} | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Go to http://localhost to access it. | Go to http://localhost to access it. Login with the test user <code>myuser</code> and the password <code>foobar23</code>. | ||
[[Category:Server]] | [[Category:Server]] | ||
[[Category:Web Applications]] | [[Category:Web Applications]] | ||
Latest revision as of 05:00, 31 March 2025
Oncall is a web-app for shift planning, developed by LinkedIn.
Setup
To enable and run Oncall add following line to your system configuration and apply it
{
pkgs,
lib,
...
}:
let
ldapDomain = "example.org";
ldapSuffix = "dc=example,dc=org";
ldapRootUser = "root";
ldapRootPassword = "foobar23";
testUser = "myuser";
testPassword = "foobar23";
in
{
environment.etc."oncall-secrets.yml".text = ''
auth:
ldap_bind_password: "${ldapRootPassword}"
'';
services.oncall = {
enable = true;
settings = {
auth = {
module = "oncall.auth.modules.ldap_import";
ldap_url = "ldap://localhost";
ldap_user_suffix = "";
ldap_bind_user = "cn=root,${ldapSuffix}";
ldap_base_dn = "ou=accounts,${ldapSuffix}";
ldap_search_filter = "(uid=%s)";
import_user = true;
attrs = {
username = "uid";
full_name = "cn";
email = "mail";
mobile = "mobile";
};
};
};
secrets = [ "/etc/oncall-secrets.yml" ];
};
services.openldap = {
enable = true;
settings = {
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
"${pkgs.openldap}/etc/schema/nis.ldif"
];
"olcDatabase={1}mdb" = {
attrs = {
objectClass = [
"olcDatabaseConfig"
"olcMdbConfig"
];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/db";
olcSuffix = ldapSuffix;
olcRootDN = "cn=${ldapRootUser},${ldapSuffix}";
olcRootPW = ldapRootPassword;
};
};
};
};
declarativeContents = {
${ldapSuffix} = ''
dn: ${ldapSuffix}
objectClass: top
objectClass: dcObject
objectClass: organization
o: ${ldapDomain}
dn: ou=accounts,${ldapSuffix}
objectClass: top
objectClass: organizationalUnit
dn: uid=${testUser},ou=accounts,${ldapSuffix}
objectClass: person
objectClass: posixAccount
uid: ${testUser}
homeDirectory: /home/${testUser}
uidNumber: 1234
gidNumber: 1234
userPassword: ${testPassword}
cn: "Test User"
sn: "User"
'';
};
};
}
Go to http://localhost to access it. Login with the test user myuser and the password foobar23.