From f5b1cb33ef785a94eae0ddf2e585a505f33e96b7 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git@brendan.ie>
Date: Wed, 14 Jun 2023 21:04:29 +0100
Subject: [PATCH] feat: add the ldap client to all servers

---
 applications/ldap_client.nix | 2 ++
 machines/_base.nix           | 9 +++++++++
 2 files changed, 11 insertions(+)

diff --git a/applications/ldap_client.nix b/applications/ldap_client.nix
index 1bf92f2..c82b6ba 100644
--- a/applications/ldap_client.nix
+++ b/applications/ldap_client.nix
@@ -20,6 +20,8 @@
   # these are needed for teh program in question
   imports = [];
 
+  # give users access to this server
+  #services.skynet_ldap_client.groups = ["skynet-users"];
 
   options.services.skynet_ldap_client = {
     # options that need to be passed in to make this work
diff --git a/machines/_base.nix b/machines/_base.nix
index 6b99925..4cdd541 100644
--- a/machines/_base.nix
+++ b/machines/_base.nix
@@ -3,6 +3,9 @@
 {
   imports = [
     (modulesPath + "/virtualisation/proxmox-lxc.nix")
+
+    # every server needs teh ldap client for admins
+    ../applications/ldap_client.nix
   ];
 
   # flakes are essensial
@@ -36,6 +39,12 @@
     { groups = [ "skynet-admins" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
   ];
 
+  services.skynet_ldap_client = {
+    enable = true;
+    # skynet-admin will always be added, individual servers can override
+    groups = [];
+  };
+
   networking = {
     # every sever needs to be accessable over ssh for admin use at least
     firewall.allowedTCPPorts = [22];