diff options
Diffstat (limited to 'ops/nixos/tvl-slapd/default.nix')
-rw-r--r-- | ops/nixos/tvl-slapd/default.nix | 208 |
1 files changed, 0 insertions, 208 deletions
diff --git a/ops/nixos/tvl-slapd/default.nix b/ops/nixos/tvl-slapd/default.nix deleted file mode 100644 index 57559e0962..0000000000 --- a/ops/nixos/tvl-slapd/default.nix +++ /dev/null @@ -1,208 +0,0 @@ -# Configures an OpenLDAP instance for TVL -# -# TODO(tazjin): Configure ldaps:// -{ config, lib, pkgs, ... }: - -with config.depot.nix.yants; - -let - user = struct { - username = string; - email = string; - password = string; - displayName = option string; - }; - - toLdif = defun [ user string ] (u: '' - dn: cn=${u.username},ou=users,dc=tvl,dc=fyi - objectClass: organizationalPerson - objectClass: inetOrgPerson - sn: ${u.username} - cn: ${u.username} - displayName: ${u.displayName or u.username} - mail: ${u.email} - userPassword: ${u.password} - ''); - - users = [ - { - username = "andi"; - email = "andi@notmuch.email"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$8lefg7+8UPAEh9Ott8zH0A$7YuLRraTC1IgxTNTxFJF03AWmqBS3GX2+vfD4XVTrb0"; - } - { - username = "artemist"; - email = "me@artem.ist"; - password = "{SSHA}N6Tl/txGQwlmVa7xVJCXpGcD1U4bJaI+"; - } - { - username = "camsbury"; - email = "camsbury7@gmail.com"; - password = "{SSHA}r6/I/zefrAb1jWTdhuqWik0CXT8E+/E5"; - } - { - username = "cynthia"; - email = "cynthia@tvl.fyi"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=4,p=1$TxjbMGenhEmkyYLrg5uGhbr60THB86YeRZg5bPdiTJo$k9gbRlAPjmxwdUwzbavvsAVkckgQZ0jS2oTtvZBPysk"; - } - { - username = "edef"; - email = "edef@edef.eu"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OORx4ERbkgvTmuYCJA8cIw$i5qaBzHkRVw7Tl+wZsTFTDqJwF0vuZqhW3VpknMYMc0"; - } - { - username = "ericvolp12"; - email = "ericvolp12@gmail.com"; - password = "{SSHA}pSepaQ+/5KBLfJtRR5rfxGU8goAsXgvk"; - } - { - username = "eta"; - email = "eta@theta.eu.org"; - password = "{SSHA}sOR5xzi7Lfv376XGQA8Hf6jyhTvo0XYc"; - } - { - username = "etu"; - email = "etu@failar.nu"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RUrW8C9mWAkBSlkwSTH5dw$n3FXTeu41nDQfvJPI7TT3tcgwPmPJl8hPtaZ58qLq9A"; - } - { - username = "firefly"; - email = "firefly@firefly.nu"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RYVVkFoi3A1yYkI8J2zUwg$GUERvgHvU8SGjQmilDJGZu50hYRAHw+ejtuL+Skygs8"; - } - { - username = "glittershark"; - email = "grfn@gws.fyi"; - password = "{SSHA}i7PSAsXwJT3jjmmvU77aar/tU/YPDCEO"; - } - { - username = "htbf"; - email = "h-tvl@htbf.dev"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$2iVXQQfd26icaIguHJg/CQ$hA9ziqn7kQ06AV6uQxJCGXoG8f+LWmH+nVlk00a1n/c"; - } - { - username = "isomer"; - email = "isomer@tvl.fyi"; - password = "{SSHA}OhWQkPJgH1rRJqYIaMUbbKC4iLEzvCev"; - } - { - username = "lukegb"; - email = "lukegb@tvl.fyi"; - password = "{SSHA}7a85VNhpFElFw+N5xcjgGmt4HnBsaGp4"; - } - { - username = "multi"; - email = "depot@in-addr.xyz"; - password = "{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$qCfXhZUVft1YVPx7H4x7rw$dhtwtCrEMSpZfWQJbw2wpo5XHqiJqoZkiKeEbE6AdX0"; - } - { - username = "nyanotech"; - email = "nyanotechnology@gmail.com"; - password = "{SSHA}NIJ2RCRb1+Q4Bs63cyE91VZyiN47DG6y"; - } - { - username = "Profpatsch"; - email = "mail@profpatsch.de"; - password = "{SSHA}jcFXxRplMFxH4gpa0X5VdUzW64T95TwQ"; - } - { - username = "q3k"; - email = "q3k@q3k.org"; - password = "{SSHA}BEccJdtnhVLDzOn+pxNfayNi3QFcEABE"; - } - { - username = "qyliss"; - displayName = "Alyssa Ross"; - email = "hi@alyssa.is"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+uTpAKrN452D8wa7OFqPnw$GYi9/zns5iJCXDp1VuTPPsa35M5vkD6+rC8riT8cEHI"; - } - { - username = "riking"; - displayName = "kanepyork"; - email = "rikingcoding@gmail.com"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$o2OcfhfKOry+UrcmODyQCw$qloaQgoIRDESwaA3yqPxxy8sgLk3mrjYFBbF41elVrM"; - } - { - username = "tazjin"; - email = "mail@tazj.in"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$wOPEl9D3kSke//oLtbvqrg$j0npwwXgaXQ/emefKUwL59tH8hdmtzbgH2rQzWSmE2Y"; - } - { - username = "implr"; - email = "implr@hackerspace.pl"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$SHRFps5sVgyUXYdmqGPw9g$tEx9DwKK1RjWlw52GLwOZ/iHep+QJboaZE83f1pXSwQ"; - } - { - username = "v"; - displayName = "V"; - email = "v@anomalous.eu"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$Wa11vk3gQKhJr1uzvtRTRQ$RHfvcC2j6rDUgWfezm05N03LeGIEezeKtmFmt+rfvM4"; - } - { - username = "ben"; - email = "tvl@benjojo.co.uk"; - password = "{SSHA}Zi48mSPsRMEPhff44w4RHi0SjjyhjWk1"; - } - ]; -in { - # Use our patched OpenLDAP derivation which enables stronger password hashing. - # - # Unfortunately the module for OpenLDAP has no package option, so we - # need to override it system-wide. Be aware that this triggers a - # *large* number of rebuilds of packages such as GPG and Python. - nixpkgs.overlays = [ - (_: _: { - inherit (config.depot.third_party) openldap; - }) - ]; - - services.openldap = { - enable = true; - dataDir = "/var/lib/openldap"; - suffix = "dc=tvl,dc=fyi"; - rootdn = "cn=admin,dc=tvl,dc=fyi"; - rootpw = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OfcgkOQ96VQ3aJj7NfA9vQ$oS6HQOkYl/bUYg4SejpltQYy7kvqx/RUxvoR4zo1vXU"; - - # ACL configuration - extraDatabaseConfig = '' - # Allow users to change their own password - access to attrs=userPassword - by self write - by anonymous auth - by users none - - # Allow default read access to other directory elements - access to * by * read - ''; - - extraConfig = '' - moduleload pw-argon2 - ''; - - # Contents are immutable at runtime, and adding user accounts etc. - # is done statically in the LDIF-formatted contents in this folder. - declarativeContents = '' - dn: dc=tvl,dc=fyi - dc: tvl - o: TVL LDAP server - description: Root entry for tvl.fyi - objectClass: top - objectClass: dcObject - objectClass: organization - - dn: ou=users,dc=tvl,dc=fyi - ou: users - description: All users in TVL - objectClass: top - objectClass: organizationalUnit - - dn: ou=groups,dc=tvl,dc=fyi - ou: groups - description: All groups in TVL - objectClass: top - objectClass: organizationalUnit - - ${lib.concatStringsSep "\n" (map toLdif users)} - ''; - }; -} |