/* Gonna use a priper nixos module for this */ { config, pkgs, lib, ... }: with lib; let cfg = config.services.skynet_ldap; in { # these are needed for teh program in question imports = [ ./acme.nix ./nginx.nix ]; options.services.skynet_ldap = { # options that need to be passed in to make this work enable = mkEnableOption "Skynet LDAP service"; host = { ip = mkOption { type = types.str; }; name = mkOption { type = types.str; }; }; subdomain = mkOption { type = types.str; default = "sso"; }; port = mkOption { type = types.port; default = 8080; }; }; config = mkIf cfg.enable { # this is athe actual configuration that we need to do # some things first just for skynet skynet_firewall.forward = [ "ip daddr ${cfg.host.ip} udp dport 80 counter packets 0 bytes 0 accept" "ip daddr ${cfg.host.ip} udp dport 443 counter packets 0 bytes 0 accept" ]; skynet_dns.records.cname = [ "${cfg.subdomain} CNAME ${cfg.host.name}" ]; # firewall on teh computer itself networking.firewall.allowedTCPPorts = [ 80 443 # for ldap 389 636 ]; # finally down to configurating teha ctual service # gonna need a reverse proxy set up services.nginx = { virtualHosts."${cfg.subdomain}.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; locations."/".proxyPass = "http://localhost:${toString cfg.port}"; }; }; environment.variables = rec { PORTUNUS_DEBUG = "true"; SILVER_TEST = "true"; }; # finally the actual service we are doing services.portunus = { enable = true; domain = "${cfg.subdomain}.skynet.ie"; port = cfg.port; # not sure if this will work # https://nixos.org/manual/nix/stable/language/builtins.html#builtins-toPath seedPath = ./. +"/ldap/seed.json"; ldap = { #searchUserName = "portunus-service"; suffix = "dc=skynet,dc=ie"; }; }; }; }