diff --git a/.gitignore b/.gitignore index a28f46f..1af2b0f 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,9 @@ .env -*.db \ No newline at end of file +*.db + + +# flakes +result +/result \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..64fe76f --- /dev/null +++ b/flake.lock @@ -0,0 +1,93 @@ +{ + "nodes": { + "naersk": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1686572087, + "narHash": "sha256-jXTut7ZSYqLEgm/nTk7TuVL2ExahTip605bLINklAnQ=", + "owner": "nix-community", + "repo": "naersk", + "rev": "8507af04eb40c5520bd35d9ce6f9d2342cea5ad1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1687011986, + "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2c09e8eb8717e240ef9c5727c1cc9186db9fb309", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1686921029, + "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "root": { + "inputs": { + "naersk": "naersk", + "nixpkgs": "nixpkgs_2", + "utils": "utils" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1685518550, + "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..3b3306b --- /dev/null +++ b/flake.nix @@ -0,0 +1,189 @@ +{ + description = "Skynet LDAP backend"; + + inputs = { + nixpkgs.url = "nixpkgs/nixos-23.05"; + naersk.url = "github:nix-community/naersk"; + utils.url = "github:numtide/flake-utils"; + }; + + outputs = { self, nixpkgs, utils, naersk }: utils.lib.eachDefaultSystem (system: + let + pkgs = nixpkgs.legacyPackages."${system}"; + naersk-lib = naersk.lib."${system}"; + package_name = "skynet_ldap_backend"; + package_update = "update_groups"; + desc = "Skynet LDAP backend"; + in rec { + + # `nix build` + packages."${package_name}" = naersk-lib.buildPackage { + pname = "${package_name}"; + root = ./.; + + buildInputs = [ + pkgs.openssl + pkgs.pkg-config + ]; + }; + + defaultPackage = packages."${package_name}"; + + # `nix run` + apps."${package_name}" = utils.lib.mkApp { + drv = packages."${package_name}"; + }; + + defaultApp = apps."${package_name}"; + + # `nix develop` + devShell = pkgs.mkShell { + nativeBuildInputs = with pkgs; [ rustc cargo ]; + }; + + nixosModule = { lib, pkgs, config, ... }: + with lib; + let + cfg = config.services."${package_name}"; + enviroment_config = { + # non secret ldap stuff + LDAP_HOST = cfg.ldap.host; + LDAP_ADMIN = cfg.ldap.admin; + + # basic dserver stuff + DATABASE = "${cfg.home}/database.db"; + HOST_PORT = cfg.host_port; + + # special categories of users + USERS_ADMIN = lib.strings.concatStringsSep "," cfg.users.admin; + USERS_COMMITTEE = lib.strings.concatStringsSep "," cfg.users.committee; + USERS_LIFETIME = lib.strings.concatStringsSep "," cfg.users.lifetime; + USERS_BANNED = lib.strings.concatStringsSep "," cfg.users.banned; + }; + in { + options.services."${package_name}" = { + enable = mkEnableOption "enable ${package_name}"; + + # keep really secret stuff in this + envFile = mkOption rec { + type = types.str; + description = "The env file"; + }; + + ldap = { + host = mkOption rec { + type = types.str; + description = "LDAP Host"; + }; + + admin = mkOption rec { + type = types.str; + description = "LDAP admin account dn"; + }; + }; + + users = { + admin = mkOption rec { + type = types.listOf types.str; + default = []; + description = "array of admins"; + }; + committee = mkOption rec { + type = types.listOf types.str; + default = []; + description = "array of committee members"; + }; + lifetime = mkOption rec { + type = types.listOf types.str; + default = []; + description = "array of lifetime users"; + }; + banned = mkOption rec { + type = types.listOf types.str; + default = []; + description = "array of banned users"; + }; + }; + + host_port = mkOption rec { + type = types.str; + default = "127.0.0.1:8087"; + description = "host/port for teh server tro run on"; + }; + + # specific for teh program running + user = mkOption rec { + type = types.str; + default = "${package_name}"; + description = "The user to run the service"; + }; + + home = mkOption rec { + type = types.str; + default = "/etc/skynet/${package_name}"; + description = "The home for the user"; + }; + + }; + + config = mkIf cfg.enable { + + users.groups."${cfg.user}" = { }; + + users.users."${cfg.user}" = { + createHome = true; + isSystemUser = true; + home = "${cfg.home}"; + group = "${cfg.user}"; + }; + + systemd.services."${cfg.user}" = { + description = desc; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ ]; + environment = enviroment_config; + + serviceConfig = { + # because we are storing data we need a home for it + User = "${cfg.user}"; + Group = "${cfg.user}"; + Restart = "always"; + ExecStart = "${self.defaultPackage."${system}"}/bin/${package_name}"; + EnvironmentFile = "${cfg.envFile}"; + }; + }; + + # for updating the data + systemd.services."${cfg.user}_update" = { + description = "${desc} Update groups"; + wantedBy = [ ]; + after = [ "network-online.target" ]; + environment = enviroment_config; + + serviceConfig = { + Type = "oneshot"; + DynamicUser = true; + ExecStart = "${self.defaultPackage."${system}"}/bin/${package_update}"; + EnvironmentFile = "${cfg.envFile}"; + }; + }; + + systemd.timers."${cfg.user}_update" = { + description = "Run the update script for ${desc}"; + + wantedBy = [ "timers.target" ]; + partOf = [ "${cfg.user}_update.service" ]; + timerConfig = { + # every hour + OnCalendar = "*-*-* *:00:00"; + Unit = "${cfg.user}_update.service"; + }; + }; + + }; + + }; + + }); +} \ No newline at end of file