ldap_backend/flake.nix

236 lines
7.5 KiB
Nix
Raw Normal View History

2023-06-18 19:46:02 +00:00
{
description = "Skynet LDAP backend";
inputs = {
nixpkgs.url = "nixpkgs/nixos-23.05";
naersk.url = "github:nix-community/naersk";
utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, utils, naersk }: utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages."${system}";
naersk-lib = naersk.lib."${system}";
package_name = "skynet_ldap_backend";
package_update = "update_groups";
desc = "Skynet LDAP backend";
in rec {
# `nix build`
packages."${package_name}" = naersk-lib.buildPackage {
pname = "${package_name}";
root = ./.;
buildInputs = [
pkgs.openssl
pkgs.pkg-config
];
};
defaultPackage = packages."${package_name}";
# `nix run`
apps."${package_name}" = utils.lib.mkApp {
drv = packages."${package_name}";
};
defaultApp = apps."${package_name}";
# `nix develop`
devShell = pkgs.mkShell {
nativeBuildInputs = with pkgs; [ rustc cargo ];
};
nixosModule = { lib, pkgs, config, ... }:
with lib;
let
cfg = config.services."${package_name}";
# secret options are in the env file loaded separately
environment_config = {
2023-06-18 19:46:02 +00:00
# non secret ldap stuff
2023-07-30 04:54:45 +00:00
LDAP_HOST = cfg.ldap.host;
2023-07-30 05:16:03 +00:00
LDAP_ADMIN = cfg.ldap.admin;
2023-06-18 19:46:02 +00:00
# basic server stuff
2023-07-30 04:54:45 +00:00
HOME = cfg.home;
DATABASE = "database.db";
CSV = "wolves.csv";
HOST_PORT = cfg.host_port;
2023-06-18 19:46:02 +00:00
# Email stuff
2023-07-30 04:54:45 +00:00
EMAIL_SMTP = cfg.mail.host;
EMAIL_USER = cfg.mail.user;
2023-06-18 19:46:02 +00:00
# special categories of users
USERS_ADMIN = lib.strings.concatStringsSep "," cfg.users.admin;
USERS_COMMITTEE = lib.strings.concatStringsSep "," cfg.users.committee;
USERS_LIFETIME = lib.strings.concatStringsSep "," cfg.users.lifetime;
USERS_BANNED = lib.strings.concatStringsSep "," cfg.users.banned;
};
in {
options.services."${package_name}" = {
enable = mkEnableOption "enable ${package_name}";
# keep really secret stuff in this
envFile = mkOption rec {
type = types.str;
description = "The env file";
};
ldap = {
host = mkOption rec {
type = types.str;
description = "LDAP Host";
};
admin = mkOption rec {
type = types.str;
description = "LDAP admin account dn";
};
};
mail = {
host = mkOption rec {
type = types.str;
default = "mail.skynet.ie";
description = "Email Host";
};
user = mkOption rec {
type = types.str;
default = "compsoc@skynet.ie";
description = "User for sending emails";
};
};
2023-06-18 19:46:02 +00:00
users = {
admin = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of admins";
};
committee = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of committee members";
};
lifetime = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of lifetime users";
};
banned = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of banned users";
};
};
host_port = mkOption rec {
type = types.str;
default = "127.0.0.1:8087";
description = "host/port for teh server tro run on";
};
# specific for teh program running
user = mkOption rec {
type = types.str;
default = "${package_name}";
description = "The user to run the service";
};
home = mkOption rec {
type = types.str;
2023-06-18 21:23:18 +00:00
default = "/etc/skynet_${package_name}";
2023-06-18 19:46:02 +00:00
description = "The home for the user";
};
};
config = mkIf cfg.enable {
users.groups."${cfg.user}" = { };
users.users."${cfg.user}" = {
createHome = true;
isSystemUser = true;
home = "${cfg.home}";
group = "${cfg.user}";
};
systemd.services."${cfg.user}" = {
description = desc;
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ ];
environment = environment_config;
2023-06-18 19:46:02 +00:00
serviceConfig = {
# because we are storing data we need a home for it
User = "${cfg.user}";
Group = "${cfg.user}";
Restart = "always";
ExecStart = "${self.defaultPackage."${system}"}/bin/${package_name}";
EnvironmentFile = "${cfg.envFile}";
};
};
# for updating the data
systemd.services."${cfg.user}_update" = {
description = "${desc} Update groups";
wantedBy = [ ];
after = [ "network-online.target" ];
environment = environment_config;
2023-06-18 19:46:02 +00:00
serviceConfig = {
Type = "oneshot";
DynamicUser = true;
ExecStart = "${self.defaultPackage."${system}"}/bin/update_groups";
2023-06-18 19:46:02 +00:00
EnvironmentFile = "${cfg.envFile}";
};
};
systemd.timers."${cfg.user}_update" = {
description = "Run the update script for ${desc}";
wantedBy = [ "timers.target" ];
partOf = [ "${cfg.user}_update.service" ];
timerConfig = {
# every hour
OnCalendar = "*-*-* *:00:00";
Unit = "${cfg.user}_update.service";
};
};
# for new users
systemd.services."${cfg.user}_new_users" = {
description = "${desc} Get new users";
wantedBy = [ ];
after = [ "network-online.target" ];
environment = environment_config;
serviceConfig = {
Type = "oneshot";
DynamicUser = true;
ExecStart = "${self.defaultPackage."${system}"}/bin/new_users";
EnvironmentFile = "${cfg.envFile}";
};
};
systemd.timers."${cfg.user}_new_users" = {
description = "Run the new users script for ${desc}";
wantedBy = [ "timers.target" ];
partOf = [ "${cfg.user}_new_users.service" ];
timerConfig = {
# every hour
OnCalendar = "*-*-* *:15:00";
Unit = "${cfg.user}_update.service";
};
};
2023-06-18 19:46:02 +00:00
};
};
});
}