search

majewsky / portunus

Self-contained user/group management and authentication service
GNU General Public License v3.0
75 stars 5 forks source link

seeding from template #3

Closed majewsky closed 1 year ago

majewsky commented 1 year ago

There should be a way to seed technical users from config. Something like

$ cat seed.json
{
  "users": [ {
     "name": "foo",
      "passwordFromCommand": "cat /etc/secrets/foo-password.txt",
      "groups": [ "bar" ],
      ...
   } ],
   "groups": [ ...]
}

that gets merged with database.json on startup.

SuperSandro2000 commented 1 year ago

This would be really convenient for the Nixos module because merging json lists requires extra handling and having manual steps to setup a module is not really great.

Substituting a placeholder password string with the real secret isn't to hard but it would be convenient if an environment variable could be used instead which can be easily loaded from sops-nix with the help of systemd's EnvironmentFile setting.

majewsky commented 1 year ago

This is implemented in v1.1.0-beta.1.