nixos/applications/ldap.nix

85 lines
1.7 KiB
Nix
Raw Normal View History

2023-05-16 21:23:04 +00:00
/*
Gonna use a priper nixos module for this
*/
{ config, pkgs, ... }:
with lib;
let
cfg = config.services.skynet_ldap;
in {
# these are needed for teh program in question
imports = [
./acme.nix
./nginx.nix
];
options.services.skynet_ldap = {
# options that need to be passed in to make this work
enable = mkEnableOption "Skynet LDAP service";
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
subdomain = mkOption {
type = types.str;
default = "sso";
};
port = mkOption {
type = types.port;
default = 8080;
};
};
config = mkIf cfg.enable {
# this is athe actual configuration that we need to do
# some things first just for skynet
skynet_firewall.forward = [
"ip daddr ${cfg.host.ip} udp dport 80 counter packets 0 bytes 0 accept"
"ip daddr ${cfg.host.ip} udp dport 443 counter packets 0 bytes 0 accept"
];
skynet_dns.records.cname = [
"${cfg.subdomain} CNAME ${cfg.host.name}"
];
# firewall on teh computer itself
networking.firewall.allowedTCPPorts = [
80
443
];
# finally down to configurating teha ctual service
# gonna need a reverse proxy set up
services.nginx = {
virtualHosts."${cfg.subdomain}.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/".proxyPass = "http://localhost:${port}";
};
};
# finally the actual service we are doing
services.portunus = {
enable = true;
domain = hostname;
port = port;
# not sure if this will work
seedPath = "./ldap/seed.json";
};
};
}