diff options
| author | Vincent Ambo <mail@tazj.in> | 2023-06-14T15·38+0300 |
|---|---|---|
| committer | tazjin <tazjin@tvl.su> | 2023-06-15T16·58+0000 |
| commit | 8b637521c60219c0773604c452ecb7c98918d202 (patch) | |
| tree | 27e232b13fd0f52d2060d358504a7e0f93e3775b /web/pwcrypt/default.nix | |
| parent | 0f71d8f813adad2d8bf4cc3048adb7fb60f5a1f8 (diff) | |
feat(web/pwcrypt): little web application for creating LDAP accounts r/6310
This generates the format expected in `//ops/users`. Note that as of this commit I have not actually tested whether the generated hashes work, as OpenLDAP doesn't ship with a tool to do that and I have to actually use it, spin up an LDAP server and bind to it. The plan is to host this at something like `tvl.fyi/signup`. There is no plan to automatically submit the generated stuff to the repo, people still have to email us (and display their street cred). Note that currently the generated hashes have slightly different parameters than what //tools/hash-password creates. This might not matter, but it's probably still a good idea to try and explicitly set Argon2 parameters. Change-Id: Ic162afbf7fb0e05ca6efc131b3bb0a4187e28029 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8776 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
Diffstat (limited to 'web/pwcrypt/default.nix')
| -rw-r--r-- | web/pwcrypt/default.nix | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/web/pwcrypt/default.nix b/web/pwcrypt/default.nix new file mode 100644 index 000000000000..c0b2974f9aec --- /dev/null +++ b/web/pwcrypt/default.nix @@ -0,0 +1,51 @@ +{ depot, lib, pkgs, ... }: + +let + wasmRust = pkgs.rust-bin.stable.latest.default.override { + targets = [ "wasm32-unknown-unknown" ]; + }; + + cargoToml = with builtins; fromTOML (readFile ./Cargo.toml); + + wasmBindgenMatch = + cargoToml.dependencies.wasm-bindgen == "= ${pkgs.wasm-bindgen-cli.version}"; + + assertWasmBindgen = assert (lib.assertMsg wasmBindgenMatch '' + Due to instability in the Rust WASM ecosystem, the trunk build + tool enforces that the Cargo-dependency version of `wasm-bindgen` + MUST match the version of the CLI supplied in the environment. + + This can get out of sync when nixpkgs is updated. To resolve it, + wasm-bindgen must be bumped in the Cargo.toml file and cargo needs + to be run to resolve the dependencies. + + Versions of `wasm-bindgen` in Cargo.toml: + + Expected: '= ${pkgs.wasm-bindgen-cli.version}' + Actual: '${cargoToml.dependencies.wasm-bindgen}' + ''); pkgs.wasm-bindgen-cli; + + deps = [ + pkgs.binaryen + pkgs.sass + pkgs.trunk + + wasmRust + assertWasmBindgen + ]; +in +pkgs.rustPlatform.buildRustPackage rec { + pname = "pwcrypt"; + version = "canon"; + src = lib.cleanSource ./.; + cargoLock.lockFile = ./Cargo.lock; + + buildPhase = '' + export PATH=${lib.makeBinPath deps}:$PATH + mkdir home + export HOME=$PWD/home + trunk build --release -d $out + ''; + + dontInstall = true; +} |