feat: add glauth

configuration.nix

@@ -64,6 +64,7 @@
     git
 
     juanfont-headscale.headscale # install to allow debugging/control of headscale using the CLI
+    pkgs.glauth
   ];
 
   environment.variables = {
@@ -97,6 +98,96 @@
 
   services.jellyfin.enable = true;
 
+  services.glauth = {
+    enable = true;
+    settings = {
+      debug = false;
+      ldap = {
+        enabled = true;
+        listen = "127.0.0.1:3890";
+        tls = false;
+      };
+      ldaps.enabled = false;
+      # backend = {
+      #   datastore = "config";
+      #   baseDN = "dc=twins,dc=pearson";
+      #   nameFormat = "uid";
+      #   groupFormat = "ou";
+      # };
+      backends = [
+        {
+          datastore = "config";
+          baseDN = "dc=twins,dc=pearson";
+          nameFormat = "uid";
+          groupFormat = "ou";
+        }
+        {
+          datastore = "plugin";
+          plugin = "sqlite.so";
+          pluginhandler = "NewSqliteHandler";
+          database = "/run/glauth/glauth.db";
+        }
+      ];
+      api = {
+        enabled = true;
+        tls = false;
+        listen = "/run/glauth/api.sock:unix";
+      };
+      users = [
+        { name = "forgejo_search";
+          email = "forgejo_search@twins.pearson";
+          uidnumber = 993;
+          primarygroup = 5503;
+          passappsha256 = [ "8adb23d6e1bd7db026a5784ff84efcbd57e4d9aea0e0798b78740a3ee335282c" ];
+          capabilities = [
+            { action = "search";
+              object = "ou=forgejo_user,dn=twins,dn=pearson"; }
+          ];
+        }
+        { name = "jellyfin_search";
+          email = "jellyfin_search@twins.pearson";
+          uidnumber = 994;
+          primarygroup = 5503;
+          passappsha256 = [ "21fa12ba3e63cd4cb96f4009720d385f4d52461ae3ab70fac8dedaa6b7917ce9" ];
+          capabilities = [
+            { action = "search";
+              object = "ou=jellyfin_user,dn=twins,dn=pearson"; }
+          ];
+        }
+        { name = "nextcloud_system_user";
+          email = "nextcloud@samsehu.perli.casa";
+          uidnumber = 988;
+          primarygroup = 5503;
+          passappsha256 = [ "0f11783cdf378aa867a2b590e422f8d645fd3d7fab52fb73bac3c62a64d91651" ];
+          capabilities = [
+            { action = "search";
+              object = "ou=nextcloud_user,dn=twins,dn=pearson"; }
+          ];
+        }
+      ];
+      groups = [ 
+        { name = "people"; 
+          gidnumber = 5501;
+        }
+        { name = "groups";
+          gidnumber = 5502;
+        } 
+        { name = "apps";
+          gidnumber = 5503;
+        }
+        { name = "forgejo_user"; 
+          gidnumber = 5504; 
+        }
+        { name = "jellyfin_user"; 
+          gidnumber = 5505; 
+        }
+        { name = "nextcloud_user"; 
+          gidnumber = 5506;
+        }
+      ];
+    };
+  };
+
   services.blocky = {
     enable = true;
     settings = {

flake.nix

@@ -15,6 +15,7 @@
     let
       overlay-juanfont-headscale = final: prev: {
         juanfont-headscale = juanfont-headscale.packages.${prev.system};
+        glauth = prev.callPackage ./pkgs/glauth.nix {};
       };
     in {
       nixosConfigurations.samsehu = nixpkgs.lib.nixosSystem {
@@ -23,6 +24,7 @@
           ({config, pkgs, ...}: { nixpkgs.overlays = [ overlay-juanfont-headscale ]; })
           ./agenix-config-module.nix
           ./configuration.nix
+          ./services/glauth.nix
           agenix.nixosModules.default
         ];
       };

pkgs/glauth.nix

@@ -0,0 +1,54 @@
+{ lib
+, fetchFromGitHub
+, buildGoModule
+, oath-toolkit
+, openldap
+}:
+
+buildGoModule rec {
+  pname = "glauth";
+  version = "2.3.0";
+
+  src = fetchFromGitHub {
+    owner = "glauth";
+    repo = "glauth";
+    rev = "v${version}";
+    hash = "sha256-XYNNR3bVLNtAl+vbGRv0VhbLf+em8Ay983jqcW7KDFU=";
+  };
+
+  vendorHash = "sha256-SFmGgxDokIbVl3ANDPMCqrB0ck8Wyva2kSV2mgNRogo=";
+
+  nativeCheckInputs = [
+    oath-toolkit
+    openldap
+  ];
+
+  modRoot = "v2";
+
+  # Disable go workspaces to fix build.
+  env.GOWORK = "off";
+
+  # Fix this build error:
+  #   main module (github.com/glauth/glauth/v2) does not contain package github.com/glauth/glauth/v2/vendored/toml
+  excludedPackages = [ "vendored/toml" ];
+
+  # Based on ldflags in <glauth>/Makefile.
+  ldflags = [
+    "-s"
+    "-w"
+    "-X main.GitClean=1"
+    "-X main.LastGitTag=v${version}"
+    "-X main.GitTagIsCommit=1"
+  ];
+
+  # Tests fail in the sandbox.
+  doCheck = false;
+
+  meta = with lib; {
+    description = "A lightweight LDAP server for development, home use, or CI";
+    homepage = "https://github.com/glauth/glauth";
+    license = licenses.mit;
+    maintainers = with maintainers; [ bjornfor ];
+    mainProgram = "glauth";
+  };
+}

services/glauth.nix

@@ -0,0 +1,65 @@
+{config, pkgs, lib, ...}:
+let
+  cfg = config.services.glauth;
+  settingsFormat = pkgs.formats.toml {};
+in
+
+with lib;
+
+{
+  options = {
+    services.glauth = {
+      enable = mkOption {
+        default = false;
+        type = with types; bool;
+        description = ''
+          Enable the glauth system service
+        '';
+      };
+
+      package = mkPackageOption pkgs "glauth" { };
+
+      user = mkOption {
+        default = "glauth";
+        type = types.str;
+        description = ''
+          Name of the user.
+        '';
+      };
+
+      group = mkOption {
+        default = "glauth";
+        type = types.str;
+        description = ''
+          Name of the group.
+        '';
+      };
+
+      settings = mkOption {
+        type = settingsFormat.type;
+        default = {};
+        description = ''
+          Configuration for glauth.cfg, see
+          <link xlink:href="https://github.com/glauth/glauth/blob/master/v2/sample-simple.cfg"
+          for supported settings.
+        '';
+      };
+
+    };
+  };
+
+
+  config = mkIf cfg.enable {
+    systemd.services.glauth = {
+      wantedBy = [];
+      after = [ "network.target" ];
+      description = "Start a glauth server.";
+      serviceConfig = {
+        Type = "exec";
+        User = "${cfg.user}";
+        Group = "${cfg.group}";
+        ExecStart = ''${cfg.package}/bin/glauth -c ${settingsFormat.generate "glauth.cfg" cfg.settings}'';
+      };
+    };
+  };
+}