ldap_backend/flake.nix

{
  description = "Skynet LDAP backend";

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-23.05";
    naersk.url  = "github:nix-community/naersk";
    utils.url   = "github:numtide/flake-utils";
  };

  outputs = { self, nixpkgs, utils, naersk }: utils.lib.eachDefaultSystem (system: 
  let
    pkgs            = nixpkgs.legacyPackages."${system}";
    naersk-lib      = naersk.lib."${system}";
    package_name    = "skynet_ldap_backend";
    package_update  = "update_groups";
    desc            = "Skynet LDAP backend";
  in rec {

    # `nix build`
    packages."${package_name}" = naersk-lib.buildPackage {
      pname = "${package_name}";
      root = ./.;
      
      buildInputs = [
        pkgs.openssl
        pkgs.pkg-config
      ];
    };

    defaultPackage = packages."${package_name}";

    # `nix run`
    apps."${package_name}" = utils.lib.mkApp {
      drv = packages."${package_name}";
    };

    defaultApp = apps."${package_name}";

    # `nix develop`
    devShell = pkgs.mkShell {
      nativeBuildInputs = with pkgs; [ rustc cargo ];
    };
    
    nixosModule = { lib, pkgs, config, ... }: 
      with lib; 
      let
        cfg = config.services."${package_name}";
        # secret options are in the env file loaded separately
        environment_config = {
          # non secret ldap stuff
          LDAP_HOST       = cfg.ldap.host;
          LDAP_ADMIN      = cfg.ldap.admin;
          
          # basic server stuff
          HOME            = cfg.home;
          DATABASE        = "database.db";
          CSV             = "wolves.csv";
          HOST_PORT       = cfg.host_port;
          
          # Email stuff
          EMAIL_SMTP      = cfg.mail.host;
          EMAIL_USER      = cfg.mail.user;
          
          # special categories of users
          USERS_ADMIN     = lib.strings.concatStringsSep "," cfg.users.admin;
          USERS_COMMITTEE = lib.strings.concatStringsSep "," cfg.users.committee;
          USERS_LIFETIME  = lib.strings.concatStringsSep "," cfg.users.lifetime;
          USERS_BANNED    = lib.strings.concatStringsSep "," cfg.users.banned;
        };
      in { 
        options.services."${package_name}" = {
          enable = mkEnableOption "enable ${package_name}";
          
          # keep really secret stuff in this
          envFile = mkOption rec {
            type        = types.str;
            description = "The env file";
          };
          
          ldap = {
            host = mkOption rec {
              type        = types.str;
              description = "LDAP Host";
            };
            
            admin = mkOption rec {
              type        = types.str;
              description = "LDAP admin account dn";
            };
          };
          
          mail = {
            host = mkOption rec {
              type        = types.str;
              default     = "mail.skynet.ie";
              description = "Email Host";
            };
            
            user = mkOption rec {
              type        = types.str;
              default     = "compsoc@skynet.ie";
              description = "User for sending emails";
            };
          };
          
          users = {
            admin = mkOption rec {
              type        = types.listOf types.str;
              default     = [];
              description = "array of admins";
            };
            committee = mkOption rec {
              type        = types.listOf types.str;
              default     = [];
              description = "array of committee members";
            };
            lifetime = mkOption rec {
              type        = types.listOf types.str;
              default     = [];
              description = "array of lifetime users";
            };
            banned = mkOption rec {
              type        = types.listOf types.str;
              default     = [];
              description = "array of banned users";
            };
          };
          
          host_port = mkOption rec {
            type        = types.str;
            default     = "127.0.0.1:8087";
            description = "host/port for teh server tro run on";
          };
          
          # specific for teh program running
          user = mkOption rec {
            type        = types.str;
            default     = "${package_name}";
            description = "The user to run the service";
          };
           
          home = mkOption rec {
            type        = types.str;
            default     = "/etc/skynet_${package_name}";
            description = "The home for the user";
          };
            
        };

        config = mkIf cfg.enable {
        
          users.groups."${cfg.user}" = { };
          
          users.users."${cfg.user}" = {
            createHome    = true;
            isSystemUser  = true;
            home          = "${cfg.home}";
            group         = "${cfg.user}";
          };
          
          systemd.services."${cfg.user}" = {
            description = desc;
            wantedBy    = [ "multi-user.target" ];
            after       = [ "network-online.target" ];
            wants       = [ ];
            environment = environment_config;
            
            serviceConfig = {
              # because we are storing data we need a home for it
              User            = "${cfg.user}";
              Group           = "${cfg.user}";
              Restart         = "always";
              ExecStart       = "${self.defaultPackage."${system}"}/bin/${package_name}";
              EnvironmentFile = "${cfg.envFile}";
            };
          };
          
          # for updating the data
          systemd.services."${cfg.user}_update" = {
            description = "${desc} Update groups";
            wantedBy    = [ ];
            after       = [ "network-online.target" ];
            environment = environment_config;
            
            serviceConfig = {
              Type            = "oneshot";
              DynamicUser     = true;
              ExecStart       = "${self.defaultPackage."${system}"}/bin/update_groups";
              EnvironmentFile = "${cfg.envFile}";
            };
          };
           
          systemd.timers."${cfg.user}_update" = {
            description = "Run the update script for ${desc}";
            
            wantedBy    = [ "timers.target" ];
            partOf      = [ "${cfg.user}_update.service" ];
            timerConfig = {
              # every hour
              OnCalendar  = "*-*-* *:00:00";
              Unit        = "${cfg.user}_update.service";
            };
          };
          
          # for new users
          systemd.services."${cfg.user}_new_users" = {
            description = "${desc} Get new users";
            wantedBy    = [ ];
            after       = [ "network-online.target" ];
            environment = environment_config;
            
            serviceConfig = {
              Type            = "oneshot";
              DynamicUser     = true;
              ExecStart       = "${self.defaultPackage."${system}"}/bin/new_users";
              EnvironmentFile = "${cfg.envFile}";
            };
          };
           
          systemd.timers."${cfg.user}_new_users" = {
            description = "Run the new users script for ${desc}";
            wantedBy    = [ "timers.target" ];
            partOf      = [ "${cfg.user}_new_users.service" ];
            timerConfig = {
              # every hour
              OnCalendar  = "*-*-* *:15:00";
              Unit        = "${cfg.user}_update.service";
            };
          };
          
        };
        
      };
    
  });
}
feat: packed up server as a flake 2023-06-18 19:46:02 +00:00			`{`
			`description = "Skynet LDAP backend";`

			`inputs = {`
			`nixpkgs.url = "nixpkgs/nixos-23.05";`
			`naersk.url = "github:nix-community/naersk";`
			`utils.url = "github:numtide/flake-utils";`
			`};`

			`outputs = { self, nixpkgs, utils, naersk }: utils.lib.eachDefaultSystem (system:`
			`let`
			`pkgs = nixpkgs.legacyPackages."${system}";`
			`naersk-lib = naersk.lib."${system}";`
			`package_name = "skynet_ldap_backend";`
			`package_update = "update_groups";`
			`desc = "Skynet LDAP backend";`
			`in rec {`

			# `nix build`
			`packages."${package_name}" = naersk-lib.buildPackage {`
			`pname = "${package_name}";`
			`root = ./.;`

			`buildInputs = [`
			`pkgs.openssl`
			`pkgs.pkg-config`
			`];`
			`};`

			`defaultPackage = packages."${package_name}";`

			# `nix run`
			`apps."${package_name}" = utils.lib.mkApp {`
			`drv = packages."${package_name}";`
			`};`

			`defaultApp = apps."${package_name}";`

			# `nix develop`
			`devShell = pkgs.mkShell {`
			`nativeBuildInputs = with pkgs; [ rustc cargo ];`
			`};`

			`nixosModule = { lib, pkgs, config, ... }:`
			`with lib;`
			`let`
			`cfg = config.services."${package_name}";`
feat: updated flake with the email config 2023-07-30 03:29:37 +00:00			`# secret options are in the env file loaded separately`
			`environment_config = {`
feat: packed up server as a flake 2023-06-18 19:46:02 +00:00			`# non secret ldap stuff`
env: only quote teh ldap user 2023-07-30 04:54:45 +00:00			`LDAP_HOST = cfg.ldap.host;`
env: seeing if I need the admin quoted 2023-07-30 05:16:03 +00:00			`LDAP_ADMIN = cfg.ldap.admin;`
feat: packed up server as a flake 2023-06-18 19:46:02 +00:00
feat: updated flake with the email config 2023-07-30 03:29:37 +00:00			`# basic server stuff`
env: only quote teh ldap user 2023-07-30 04:54:45 +00:00			`HOME = cfg.home;`
			`DATABASE = "database.db";`
			`CSV = "wolves.csv";`
			`HOST_PORT = cfg.host_port;`
feat: packed up server as a flake 2023-06-18 19:46:02 +00:00
feat: updated flake with the email config 2023-07-30 03:29:37 +00:00			`# Email stuff`
env: only quote teh ldap user 2023-07-30 04:54:45 +00:00			`EMAIL_SMTP = cfg.mail.host;`
			`EMAIL_USER = cfg.mail.user;`
feat: updated flake with the email config 2023-07-30 03:29:37 +00:00
feat: packed up server as a flake 2023-06-18 19:46:02 +00:00			`# special categories of users`
			`USERS_ADMIN = lib.strings.concatStringsSep "," cfg.users.admin;`
			`USERS_COMMITTEE = lib.strings.concatStringsSep "," cfg.users.committee;`
			`USERS_LIFETIME = lib.strings.concatStringsSep "," cfg.users.lifetime;`
			`USERS_BANNED = lib.strings.concatStringsSep "," cfg.users.banned;`
			`};`
			`in {`
			`options.services."${package_name}" = {`
			`enable = mkEnableOption "enable ${package_name}";`

			`# keep really secret stuff in this`
			`envFile = mkOption rec {`
			`type = types.str;`
			`description = "The env file";`
			`};`

			`ldap = {`
			`host = mkOption rec {`
			`type = types.str;`
			`description = "LDAP Host";`
			`};`

			`admin = mkOption rec {`
			`type = types.str;`
			`description = "LDAP admin account dn";`
			`};`
			`};`

feat: updated flake with the email config 2023-07-30 03:29:37 +00:00			`mail = {`
			`host = mkOption rec {`
			`type = types.str;`
			`default = "mail.skynet.ie";`
			`description = "Email Host";`
			`};`

			`user = mkOption rec {`
			`type = types.str;`
			`default = "compsoc@skynet.ie";`
			`description = "User for sending emails";`
			`};`
			`};`

feat: packed up server as a flake 2023-06-18 19:46:02 +00:00			`users = {`
			`admin = mkOption rec {`
			`type = types.listOf types.str;`
			`default = [];`
			`description = "array of admins";`
			`};`
			`committee = mkOption rec {`
			`type = types.listOf types.str;`
			`default = [];`
			`description = "array of committee members";`
			`};`
			`lifetime = mkOption rec {`
			`type = types.listOf types.str;`
			`default = [];`
			`description = "array of lifetime users";`
			`};`
			`banned = mkOption rec {`
			`type = types.listOf types.str;`
			`default = [];`
			`description = "array of banned users";`
			`};`
			`};`

			`host_port = mkOption rec {`
			`type = types.str;`
			`default = "127.0.0.1:8087";`
			`description = "host/port for teh server tro run on";`
			`};`

			`# specific for teh program running`
			`user = mkOption rec {`
			`type = types.str;`
			`default = "${package_name}";`
			`description = "The user to run the service";`
			`};`

			`home = mkOption rec {`
			`type = types.str;`
fix: get better path (not nestled) 2023-06-18 21:23:18 +00:00			`default = "/etc/skynet_${package_name}";`
feat: packed up server as a flake 2023-06-18 19:46:02 +00:00			`description = "The home for the user";`
			`};`

			`};`

			`config = mkIf cfg.enable {`

			`users.groups."${cfg.user}" = { };`

			`users.users."${cfg.user}" = {`
			`createHome = true;`
			`isSystemUser = true;`
			`home = "${cfg.home}";`
			`group = "${cfg.user}";`
			`};`

			`systemd.services."${cfg.user}" = {`
			`description = desc;`
			`wantedBy = [ "multi-user.target" ];`
			`after = [ "network-online.target" ];`
			`wants = [ ];`
feat: updated flake with the email config 2023-07-30 03:29:37 +00:00			`environment = environment_config;`
feat: packed up server as a flake 2023-06-18 19:46:02 +00:00
			`serviceConfig = {`
			`# because we are storing data we need a home for it`
			`User = "${cfg.user}";`
			`Group = "${cfg.user}";`
			`Restart = "always";`
			`ExecStart = "${self.defaultPackage."${system}"}/bin/${package_name}";`
			`EnvironmentFile = "${cfg.envFile}";`
			`};`
			`};`

			`# for updating the data`
			`systemd.services."${cfg.user}_update" = {`
			`description = "${desc} Update groups";`
			`wantedBy = [ ];`
			`after = [ "network-online.target" ];`
feat: updated flake with the email config 2023-07-30 03:29:37 +00:00			`environment = environment_config;`
feat: packed up server as a flake 2023-06-18 19:46:02 +00:00
			`serviceConfig = {`
			`Type = "oneshot";`
			`DynamicUser = true;`
feat: updated flake with the email config 2023-07-30 03:29:37 +00:00			`ExecStart = "${self.defaultPackage."${system}"}/bin/update_groups";`
feat: packed up server as a flake 2023-06-18 19:46:02 +00:00			`EnvironmentFile = "${cfg.envFile}";`
			`};`
			`};`

			`systemd.timers."${cfg.user}_update" = {`
			`description = "Run the update script for ${desc}";`

			`wantedBy = [ "timers.target" ];`
			`partOf = [ "${cfg.user}_update.service" ];`
			`timerConfig = {`
			`# every hour`
			`OnCalendar = "--* *:00:00";`
			`Unit = "${cfg.user}_update.service";`
			`};`
			`};`

feat: updated flake with the email config 2023-07-30 03:29:37 +00:00			`# for new users`
			`systemd.services."${cfg.user}_new_users" = {`
			`description = "${desc} Get new users";`
			`wantedBy = [ ];`
			`after = [ "network-online.target" ];`
			`environment = environment_config;`

			`serviceConfig = {`
			`Type = "oneshot";`
			`DynamicUser = true;`
			`ExecStart = "${self.defaultPackage."${system}"}/bin/new_users";`
			`EnvironmentFile = "${cfg.envFile}";`
			`};`
			`};`

			`systemd.timers."${cfg.user}_new_users" = {`
			`description = "Run the new users script for ${desc}";`
			`wantedBy = [ "timers.target" ];`
			`partOf = [ "${cfg.user}_new_users.service" ];`
			`timerConfig = {`
			`# every hour`
			`OnCalendar = "--* *:15:00";`
			`Unit = "${cfg.user}_update.service";`
			`};`
			`};`

feat: packed up server as a flake 2023-06-18 19:46:02 +00:00			`};`

			`};`

			`});`
			`}`