99 lines
No EOL
2.1 KiB
Nix
99 lines
No EOL
2.1 KiB
Nix
/*
|
|
Gonna use a priper nixos module for this
|
|
*/
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
with lib;
|
|
let
|
|
cfg = config.services.skynet_ldap;
|
|
in {
|
|
|
|
# these are needed for teh program in question
|
|
imports = [
|
|
./acme.nix
|
|
./nginx.nix
|
|
];
|
|
|
|
|
|
options.services.skynet_ldap = {
|
|
# options that need to be passed in to make this work
|
|
|
|
enable = mkEnableOption "Skynet LDAP service";
|
|
|
|
host = {
|
|
ip = mkOption {
|
|
type = types.str;
|
|
};
|
|
|
|
name = mkOption {
|
|
type = types.str;
|
|
};
|
|
};
|
|
|
|
subdomain = mkOption {
|
|
type = types.str;
|
|
default = "sso";
|
|
};
|
|
|
|
port = mkOption {
|
|
type = types.port;
|
|
default = 8080;
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
# this is athe actual configuration that we need to do
|
|
|
|
# some things first just for skynet
|
|
skynet_firewall.forward = [
|
|
"ip daddr ${cfg.host.ip} udp dport 80 counter packets 0 bytes 0 accept"
|
|
"ip daddr ${cfg.host.ip} udp dport 443 counter packets 0 bytes 0 accept"
|
|
];
|
|
|
|
skynet_dns.records.cname = [
|
|
"${cfg.subdomain} CNAME ${cfg.host.name}"
|
|
];
|
|
|
|
# firewall on teh computer itself
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
|
|
# for ldap
|
|
389
|
|
636
|
|
];
|
|
|
|
|
|
# finally down to configurating teha ctual service
|
|
|
|
# gonna need a reverse proxy set up
|
|
services.nginx = {
|
|
virtualHosts."${cfg.subdomain}.skynet.ie" = {
|
|
forceSSL = true;
|
|
useACMEHost = "skynet";
|
|
locations."/".proxyPass = "http://localhost:${toString cfg.port}";
|
|
};
|
|
};
|
|
|
|
environment.variables = rec {
|
|
PORTUNUS_DEBUG = "true";
|
|
SILVER_TEST = "true";
|
|
};
|
|
|
|
# finally the actual service we are doing
|
|
services.portunus = {
|
|
enable = true;
|
|
domain = "${cfg.subdomain}.skynet.ie";
|
|
port = cfg.port;
|
|
# not sure if this will work
|
|
# https://nixos.org/manual/nix/stable/language/builtins.html#builtins-toPath
|
|
seedPath = ./. +"/ldap/seed.json";
|
|
|
|
ldap = {
|
|
#searchUserName = "portunus-service";
|
|
suffix = "dc=skynet,dc=ie";
|
|
};
|
|
};
|
|
};
|
|
} |