diff options
| author | Maximilian Bosch <maximilian@mbosch.me> | 2022-10-06 11:26:13 +0200 |
|---|---|---|
| committer | Maximilian Bosch <maximilian@mbosch.me> | 2022-10-06 11:43:20 +0200 |
| commit | ecaf6aed02da7cc72721567fe85387e4bdd9948d (patch) | |
| tree | ab48031dbad7fd4fb5229c7b81b0e6142ec4cdfb /pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch | |
| parent | a2d443c7e84c9ea74958bb884f0a17eaebfec920 (diff) | |
nixos/privacyidea: add proper support for `privacyidea-token-janitor`
`privacyidea-token-janitor`[1] is a tool which helps to automate
maintenance of tokens. This is helpful to identify e.g. orphaned tokens,
i.e. tokens of users that were removed or tokens that were unused for a
longer period of time and apply actions to them (e.g. `disable` or
`delete`).
This patch adds two new things:
* A wrapper for `privacyidea-token-janitor` to make sure it's executable
from CLI. To achieve this, it does a `sudo(8)` into the
`privacyidea`-user and sets up the environment to make sure the
configuration file can be found. With that, administrators can
directly invoke it from the CLI without additional steps.
* An optional service is added which performs automatic cleanups of
orphaned and/or unassigned tokens. Yes, the tool can do way more
stuff, but I figured it's reasonable to have an automatic way to clean
up tokens of users who were removed from the PI instance. Additional
automation steps should probably be implemented in additional
services (and are perhaps too custom to add them to this module).
[1] https://privacyidea.readthedocs.io/en/v3.7/workflows_and_tools/tools/index.html
Diffstat (limited to 'pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch')
0 files changed, 0 insertions, 0 deletions