Skynet/ldap_backend
6
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat: packed up server as a flake

Browse source
This commit is contained in:
silver 2023-06-18 20:46:02 +01:00
parent 9c33cd843a
commit e0f15d0ea2
3 changed files with 288 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.gitignore vendored
View file

@ -4,4 +4,9 @@
.env .env
*.db *.db
# flakes
result
/result

93
flake.lock Normal file
View file

@ -0,0 +1,93 @@
{
"nodes": {
"naersk": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1686572087,
"narHash": "sha256-jXTut7ZSYqLEgm/nTk7TuVL2ExahTip605bLINklAnQ=",
"owner": "nix-community",
"repo": "naersk",
"rev": "8507af04eb40c5520bd35d9ce6f9d2342cea5ad1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "naersk",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1687011986,
"narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2c09e8eb8717e240ef9c5727c1cc9186db9fb309",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1686921029,
"narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"root": {
"inputs": {
"naersk": "naersk",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

189
flake.nix Normal file
View file

@ -0,0 +1,189 @@
{
description = "Skynet LDAP backend";
inputs = {
nixpkgs.url = "nixpkgs/nixos-23.05";
naersk.url = "github:nix-community/naersk";
utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, utils, naersk }: utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages."${system}";
naersk-lib = naersk.lib."${system}";
package_name = "skynet_ldap_backend";
package_update = "update_groups";
desc = "Skynet LDAP backend";
in rec {
# `nix build`
packages."${package_name}" = naersk-lib.buildPackage {
pname = "${package_name}";
root = ./.;
buildInputs = [
pkgs.openssl
pkgs.pkg-config
];
};
defaultPackage = packages."${package_name}";
# `nix run`
apps."${package_name}" = utils.lib.mkApp {
drv = packages."${package_name}";
};
defaultApp = apps."${package_name}";
# `nix develop`
devShell = pkgs.mkShell {
nativeBuildInputs = with pkgs; [ rustc cargo ];
};
nixosModule = { lib, pkgs, config, ... }:
with lib;
let
cfg = config.services."${package_name}";
enviroment_config = {
# non secret ldap stuff
LDAP_HOST = cfg.ldap.host;
LDAP_ADMIN = cfg.ldap.admin;
# basic dserver stuff
DATABASE = "${cfg.home}/database.db";
HOST_PORT = cfg.host_port;
# special categories of users
USERS_ADMIN = lib.strings.concatStringsSep "," cfg.users.admin;
USERS_COMMITTEE = lib.strings.concatStringsSep "," cfg.users.committee;
USERS_LIFETIME = lib.strings.concatStringsSep "," cfg.users.lifetime;
USERS_BANNED = lib.strings.concatStringsSep "," cfg.users.banned;
};
in {
options.services."${package_name}" = {
enable = mkEnableOption "enable ${package_name}";
# keep really secret stuff in this
envFile = mkOption rec {
type = types.str;
description = "The env file";
};
ldap = {
host = mkOption rec {
type = types.str;
description = "LDAP Host";
};
admin = mkOption rec {
type = types.str;
description = "LDAP admin account dn";
};
};
users = {
admin = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of admins";
};
committee = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of committee members";
};
lifetime = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of lifetime users";
};
banned = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of banned users";
};
};
host_port = mkOption rec {
type = types.str;
default = "127.0.0.1:8087";
description = "host/port for teh server tro run on";
};
# specific for teh program running
user = mkOption rec {
type = types.str;
default = "${package_name}";
description = "The user to run the service";
};
home = mkOption rec {
type = types.str;
default = "/etc/skynet/${package_name}";
description = "The home for the user";
};
};
config = mkIf cfg.enable {
users.groups."${cfg.user}" = { };
users.users."${cfg.user}" = {
createHome = true;
isSystemUser = true;
home = "${cfg.home}";
group = "${cfg.user}";
};
systemd.services."${cfg.user}" = {
description = desc;
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ ];
environment = enviroment_config;
serviceConfig = {
# because we are storing data we need a home for it
User = "${cfg.user}";
Group = "${cfg.user}";
Restart = "always";
ExecStart = "${self.defaultPackage."${system}"}/bin/${package_name}";
EnvironmentFile = "${cfg.envFile}";
};
};
# for updating the data
systemd.services."${cfg.user}_update" = {
description = "${desc} Update groups";
wantedBy = [ ];
after = [ "network-online.target" ];
environment = enviroment_config;
serviceConfig = {
Type = "oneshot";
DynamicUser = true;
ExecStart = "${self.defaultPackage."${system}"}/bin/${package_update}";
EnvironmentFile = "${cfg.envFile}";
};
};
systemd.timers."${cfg.user}_update" = {
description = "Run the update script for ${desc}";
wantedBy = [ "timers.target" ];
partOf = [ "${cfg.user}_update.service" ];
timerConfig = {
# every hour
OnCalendar = "*-*-* *:00:00";
Unit = "${cfg.user}_update.service";
};
};
};
};
});
}