{ config, pkgs, lib, inputs, ... }: with lib; let cfg = config.services.ldap_backend; port_backend = "8087"; in { imports = [ ../acme.nix ../dns.nix ../nginx.nix inputs.skynet_ldap_backend.nixosModule."x86_64-linux" ]; options.services.ldap_backend = { enable = mkEnableOption "Skynet LDAP backend server"; host = { ip = mkOption { type = types.str; }; name = mkOption { type = types.str; }; }; domain = { tld = mkOption { type = types.str; default = "ie"; }; base = mkOption { type = types.str; default = "skynet"; }; sub = mkOption { type = types.str; default = "api.account"; }; }; }; config = mkIf cfg.enable { #backups = [ "/etc/silver_ul_ical/database.db" ]; age.secrets.ldap_details.file = ../../secrets/ldap/details.age; age.secrets.ldap_discord.file = ../../secrets/discord/ldap.age; age.secrets.ldap_mail.file = ../../secrets/email/details.age; skynet_acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" ]; skynet_dns.records = [ { record = cfg.domain.sub; r_type = "CNAME"; value = cfg.host.name; } ]; services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { forceSSL = true; useACMEHost = "skynet"; locations."/".proxyPass = "http://localhost:${port_backend}"; # extraConfig = '' # add_header Access-Control-Allow-Origin "https://account.${cfg.domain.base}.${cfg.domain.tld}"; # ''; extraConfig = '' add_header Access-Control-Allow-Origin "*"; ''; }; services.skynet_ldap_backend = { enable = true; # contains teh password in env form env = { ldap = config.age.secrets.ldap_details.path; discord = config.age.secrets.ldap_discord.path; mail = config.age.secrets.ldap_mail.path; }; host_port = "127.0.0.1:${port_backend}"; users = { admin = [ "silver" "evanc" "eoghanconlon73" ]; committee = [ "leo" "silver" "eoghanconlon73" "sidhiel" "maksimsger1" "kaiden" "pine" "nanda" ]; lifetime = []; banned = []; restricted = [ # usernames folks arent allowed to use "contact" "dnsadm" "president" "treasurer" "secretary" "pro" "sysadmin" "root" ] ++ [ # basis comes from https://discord.com/channels/689189992417067052/1126084496710713414/1149072061466169444 # start off with compsoc stuff first "competition_www" "demo1" "demouser" "ftp" "lost+found" "postfix" "skynews.old" "system_backup" "test" "test12" "test20202" "test20203" "tmp" "webadm" ] ++ [ # clubs and socs (as far as I can tell "aerosoc" "aikido" "anfocal" "bics" "boarding" "cns" "dev" "filmsoc" "gaa" "german" "golfsoc" "handball" "hispanic" "history" "hockey" "home" "legosoc" "lifesave" "mens_gfc" "musicsoc" "pagansoc" "peacesoc" "physics" "poker" "prolife" "radio" "ragweek" "sinnfein" "soccer" "ulbs" "ulcamogie" "ulcc" "ulgaa" "ulils" "ulladiesfootball" "ullaughinsoc" "ulrfc" "ulriders" "ulssc" "ultennis" "viking" ] ++ [ # remaining, most likely usernames "_9thwonder" "abc" "activate" "aiesec" "air" "aladdin" "alaric" "aldozzie" "allenli" "amg" "amgl" "annette" "annlad" "ards_backup" "arisquez" "arthur" "austin" "beta" "bh" "bigdave" "bios" "bizarroal" "bmacaree" "boardy" "boddah" "bogus.anime.fakh" "bogus.bhudt.dacf" "bogus.citoge.baym" "bogus.electro.ba0a" "bogus.fencing.baw5" "bogus.harry.ba8f" "bogus.hui.hong.baci" "bogus.ironman.baqib" "bogus.joe.bach" "bogus.kenny.bas6" "bogus.kerswin.baybb" "bogus.kravmaga.ba0w" "bogus.methi.baq5" "bogus.nelsonmw.bauc" "bogus.poshea.ba0m" "bogus.redwolf.bawn" "bogus.romanov.baat" "bogus.ryan.bae-" "bogus.rynnea.bask" "bogus.sea.af" "bogus.shane.c.ba8z" "bogus.t1000.baggb" "bogus.ullrugby.ba8p" "brendan" "bubba" "c_material_removed" "ca_worm" "cactus" "carticus" "cathalc" "cathald-broken" "cdschedule" "celtic" "christine" "cian" "ciara" "ciaran" "colin" "cosmo" "counsel" "creosote" "crew" "cues" "cur" "cwhelan" "dac" "daktulu" "datacore" "davec" "daverus" "deano" "deccy" "declanmu" "deiji" "dermotmc" "derrick" "deshocks" "diarmuid" "dippy" "djraptor" "dmackey" "dmir" "dom" "dom_mckay" "donie" "donnacha" "dos30" "drazhar" "duffman" "eas" "electal" "emc" "emilia" "emma" "emmag" "ents" "envcom" "eoinh95" "epgriffin" "equest" "fiacc" "fint" "flanno" "fmannix" "foodcoop" "gamenet" "ganainm" "gar" "ger88" "ghama" "ging" "goborobo" "gooner" "greekweek" "hawking" "hb" "homer" "hoshi" "ian" "ianrice" "ilug" "infinity" "ingenuus" "internat" "jamessy" "jamiebarry" "jbravo" "jdonegan" "joedredd" "johann" "jokill" "jsoccer" "jules" "kate" "katie" "kellyj" "kiely" "koo" "l_d_ablo" "lakes" "laura" "lebowski" "liabraid" "lynn" "mal" "manuel" "maraz" "marieke" "marky" "mature" "mbyrne" "meanturtle" "mickaful" "mickasul" "mikado" "mikeh" "mikkel" "mixiezme" "mmc" "molly" "moochie" "moonser" "mopic" "mp" "nastros" "neutrino" "new" "nezzy" "nkdc" "nmcenroy" "noelle" "nugget" "ob" "omega" "oneillbeano" "pamela" "peterj" "photyl" "plake" "pmcg1986" "pyro" "qubeat" "rachel" "rachelg" "ralmeida" "raymond" "razzlero" "red" "rmacm" "rmorrissey" "robson" "selena" "shark" "shayscannell" "shazlove" "shelley" "shelly" "silver.old" "sirhc" "sithlord" "sk" "sligoer" "slowey" "smallp" "smurfy" "sordfish" "soul98" "soular" "st" "stefanovich" "svp" "szczerba" "tangsoodo" "tc" "tenfor" "teslacut" "theematt" "thomasl" "tockman" "ugm" "vanzan" "volleyb" "warren" "weather" "wiles" "yvonne" "zrahman" ]; }; }; }; }