nixos/applications/ldap.nix

99 lines
No EOL
2.1 KiB
Nix

/*
Gonna use a priper nixos module for this
*/
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.skynet_ldap;
in {
# these are needed for teh program in question
imports = [
./acme.nix
./nginx.nix
];
options.services.skynet_ldap = {
# options that need to be passed in to make this work
enable = mkEnableOption "Skynet LDAP service";
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
subdomain = mkOption {
type = types.str;
default = "sso";
};
port = mkOption {
type = types.port;
default = 8080;
};
};
config = mkIf cfg.enable {
# this is athe actual configuration that we need to do
# some things first just for skynet
skynet_firewall.forward = [
"ip daddr ${cfg.host.ip} udp dport 80 counter packets 0 bytes 0 accept"
"ip daddr ${cfg.host.ip} udp dport 443 counter packets 0 bytes 0 accept"
];
skynet_dns.records.cname = [
"${cfg.subdomain} CNAME ${cfg.host.name}"
];
# firewall on teh computer itself
networking.firewall.allowedTCPPorts = [
80
443
# for ldap
389
636
];
# finally down to configurating teha ctual service
# gonna need a reverse proxy set up
services.nginx = {
virtualHosts."${cfg.subdomain}.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/".proxyPass = "http://localhost:${toString cfg.port}";
};
};
environment.variables = rec {
PORTUNUS_DEBUG = "true";
SILVER_TEST = "true";
};
# finally the actual service we are doing
services.portunus = {
enable = true;
domain = "${cfg.subdomain}.skynet.ie";
port = cfg.port;
# not sure if this will work
# https://nixos.org/manual/nix/stable/language/builtins.html#builtins-toPath
seedPath = ./. +"/ldap/seed.json";
ldap = {
#searchUserName = "portunus-service";
suffix = "dc=skynet,dc=ie";
};
};
};
}