diff options
Diffstat (limited to 'ops/nixos/tvl-slapd/default.nix')
| -rw-r--r-- | ops/nixos/tvl-slapd/default.nix | 113 |
1 files changed, 107 insertions, 6 deletions
diff --git a/ops/nixos/tvl-slapd/default.nix b/ops/nixos/tvl-slapd/default.nix index 294a6636d719..33e47179f3f1 100644 --- a/ops/nixos/tvl-slapd/default.nix +++ b/ops/nixos/tvl-slapd/default.nix @@ -1,9 +1,88 @@ # Configures an OpenLDAP instance for TVL # # TODO(tazjin): Configure ldaps:// -{ pkgs, config, ... }: +{ config, lib, pkgs, ... }: -{ +with config.depot.nix.yants; + +let + user = struct { + username = string; + email = string; + password = string; + displayName = option string; + }; + + toLdif = defun [ user string ] (u: '' + dn: cn=${u.username},ou=users,dc=tvl,dc=fyi + objectClass: organizationalPerson + objectClass: inetOrgPerson + sn: ${u.username} + cn: ${u.username} + displayName: ${u.displayName or u.username} + mail: ${u.email} + userPassword: ${u.password} + ''); + + users = [ + { + username = "cynthia"; + email = "cynthia@tvl.fyi"; + password = "{SSHA}aHx2keEnXv6u6oiV2xxqfXdxjom/K8CP"; + } + { + username = "edef"; + email = "edef@edef.eu"; + password = "{SSHA}7w2XC6xxuhlUX2KvBpK4fD/X7ZCpfN/E"; + } + { + username = "eta"; + email = "eta@theta.eu.org"; + password = "{SSHA}sOR5xzi7Lfv376XGQA8Hf6jyhTvo0XYc"; + } + { + username = "glittershark"; + email = "grfn@gws.fyi"; + password = "{SSHA}i7PSAsXwJT3jjmmvU77aar/tU/YPDCEO"; + } + { + username = "isomer"; + email = "isomer@tvl.fyi"; + password = "{SSHA}OhWQkPJgH1rRJqYIaMUbbKC4iLEzvCev"; + } + { + username = "lukegb"; + email = "lukegb@tvl.fyi"; + password = "{SSHA}7a85VNhpFElFw+N5xcjgGmt4HnBsaGp4"; + } + { + username = "nyanotech"; + email = "nyanotechnology@gmail.com"; + password = "{SSHA}NIJ2RCRb1+Q4Bs63cyE91VZyiN47DG6y"; + } + { + username = "q3k"; + email = "q3k@q3k.org"; + password = "{SSHA}BEccJdtnhVLDzOn+pxNfayNi3QFcEABE"; + } + { + username = "ericvolp12"; + email = "ericvolp12@gmail.com"; + password = "{SSHA}pSepaQ+/5KBLfJtRR5rfxGU8goAsXgvk"; + } + { + username = "riking"; + displayName = "Kane York"; + email = "rikingcoding@gmail.com"; + password = "{SSHA}6rPxMOofHMGNTEYdyBOYbza7NT/RmiGz"; + } + { + username = "tazjin"; + email = "mail@tazj.in"; + password = "{SSHA}67H341jRfAFBDz/R9+T3fHQiPfjwTbpQ"; + } + ]; +in { services.openldap = { enable = true; dataDir = "/var/lib/openldap"; @@ -11,10 +90,6 @@ rootdn = "cn=admin,dc=tvl,dc=fyi"; rootpw = "{SSHA}yEEO6Ol2W3ritdiJzPSsjOtyPGxWF2JW"; - # Contents are immutable at runtime, and adding user accounts etc. - # is done statically in the LDIF-formatted contents in this folder. - declarativeContents = builtins.readFile ./contents.ldif; - # ACL configuration extraDatabaseConfig = '' # Allow users to change their own password @@ -26,5 +101,31 @@ # Allow default read access to other directory elements access to * by * read ''; + + # Contents are immutable at runtime, and adding user accounts etc. + # is done statically in the LDIF-formatted contents in this folder. + declarativeContents = '' + dn: dc=tvl,dc=fyi + dc: tvl + o: TVL LDAP server + description: Root entry for tvl.fyi + objectClass: top + objectClass: dcObject + objectClass: organization + + dn: ou=users,dc=tvl,dc=fyi + ou: users + description: All users in TVL + objectClass: top + objectClass: organizationalUnit + + dn: ou=groups,dc=tvl,dc=fyi + ou: groups + description: All groups in TVL + objectClass: top + objectClass: organizationalUnit + + ${lib.concatStringsSep "\n" (map toLdif users)} + ''; }; } |