From 320e3e867388954159ff0a4d87025f92f3872a36 Mon Sep 17 00:00:00 2001 From: Louis Pearson Date: Sun, 7 Jan 2024 13:43:00 -0700 Subject: [PATCH] feat: add glauth --- configuration.nix | 91 +++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 2 + pkgs/glauth.nix | 54 +++++++++++++++++++++++++++ services/glauth.nix | 65 ++++++++++++++++++++++++++++++++ 4 files changed, 212 insertions(+) create mode 100644 pkgs/glauth.nix create mode 100644 services/glauth.nix diff --git a/configuration.nix b/configuration.nix index 86d8a0d..7594262 100644 --- a/configuration.nix +++ b/configuration.nix @@ -64,6 +64,7 @@ git juanfont-headscale.headscale # install to allow debugging/control of headscale using the CLI + pkgs.glauth ]; environment.variables = { @@ -97,6 +98,96 @@ services.jellyfin.enable = true; + services.glauth = { + enable = true; + settings = { + debug = false; + ldap = { + enabled = true; + listen = "127.0.0.1:3890"; + tls = false; + }; + ldaps.enabled = false; + # backend = { + # datastore = "config"; + # baseDN = "dc=twins,dc=pearson"; + # nameFormat = "uid"; + # groupFormat = "ou"; + # }; + backends = [ + { + datastore = "config"; + baseDN = "dc=twins,dc=pearson"; + nameFormat = "uid"; + groupFormat = "ou"; + } + { + datastore = "plugin"; + plugin = "sqlite.so"; + pluginhandler = "NewSqliteHandler"; + database = "/run/glauth/glauth.db"; + } + ]; + api = { + enabled = true; + tls = false; + listen = "/run/glauth/api.sock:unix"; + }; + users = [ + { name = "forgejo_search"; + email = "forgejo_search@twins.pearson"; + uidnumber = 993; + primarygroup = 5503; + passappsha256 = [ "8adb23d6e1bd7db026a5784ff84efcbd57e4d9aea0e0798b78740a3ee335282c" ]; + capabilities = [ + { action = "search"; + object = "ou=forgejo_user,dn=twins,dn=pearson"; } + ]; + } + { name = "jellyfin_search"; + email = "jellyfin_search@twins.pearson"; + uidnumber = 994; + primarygroup = 5503; + passappsha256 = [ "21fa12ba3e63cd4cb96f4009720d385f4d52461ae3ab70fac8dedaa6b7917ce9" ]; + capabilities = [ + { action = "search"; + object = "ou=jellyfin_user,dn=twins,dn=pearson"; } + ]; + } + { name = "nextcloud_system_user"; + email = "nextcloud@samsehu.perli.casa"; + uidnumber = 988; + primarygroup = 5503; + passappsha256 = [ "0f11783cdf378aa867a2b590e422f8d645fd3d7fab52fb73bac3c62a64d91651" ]; + capabilities = [ + { action = "search"; + object = "ou=nextcloud_user,dn=twins,dn=pearson"; } + ]; + } + ]; + groups = [ + { name = "people"; + gidnumber = 5501; + } + { name = "groups"; + gidnumber = 5502; + } + { name = "apps"; + gidnumber = 5503; + } + { name = "forgejo_user"; + gidnumber = 5504; + } + { name = "jellyfin_user"; + gidnumber = 5505; + } + { name = "nextcloud_user"; + gidnumber = 5506; + } + ]; + }; + }; + services.blocky = { enable = true; settings = { diff --git a/flake.nix b/flake.nix index f8e3d3b..7edc193 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,7 @@ let overlay-juanfont-headscale = final: prev: { juanfont-headscale = juanfont-headscale.packages.${prev.system}; + glauth = prev.callPackage ./pkgs/glauth.nix {}; }; in { nixosConfigurations.samsehu = nixpkgs.lib.nixosSystem { @@ -23,6 +24,7 @@ ({config, pkgs, ...}: { nixpkgs.overlays = [ overlay-juanfont-headscale ]; }) ./agenix-config-module.nix ./configuration.nix + ./services/glauth.nix agenix.nixosModules.default ]; }; diff --git a/pkgs/glauth.nix b/pkgs/glauth.nix new file mode 100644 index 0000000..7f279e8 --- /dev/null +++ b/pkgs/glauth.nix @@ -0,0 +1,54 @@ +{ lib +, fetchFromGitHub +, buildGoModule +, oath-toolkit +, openldap +}: + +buildGoModule rec { + pname = "glauth"; + version = "2.3.0"; + + src = fetchFromGitHub { + owner = "glauth"; + repo = "glauth"; + rev = "v${version}"; + hash = "sha256-XYNNR3bVLNtAl+vbGRv0VhbLf+em8Ay983jqcW7KDFU="; + }; + + vendorHash = "sha256-SFmGgxDokIbVl3ANDPMCqrB0ck8Wyva2kSV2mgNRogo="; + + nativeCheckInputs = [ + oath-toolkit + openldap + ]; + + modRoot = "v2"; + + # Disable go workspaces to fix build. + env.GOWORK = "off"; + + # Fix this build error: + # main module (github.com/glauth/glauth/v2) does not contain package github.com/glauth/glauth/v2/vendored/toml + excludedPackages = [ "vendored/toml" ]; + + # Based on ldflags in /Makefile. + ldflags = [ + "-s" + "-w" + "-X main.GitClean=1" + "-X main.LastGitTag=v${version}" + "-X main.GitTagIsCommit=1" + ]; + + # Tests fail in the sandbox. + doCheck = false; + + meta = with lib; { + description = "A lightweight LDAP server for development, home use, or CI"; + homepage = "https://github.com/glauth/glauth"; + license = licenses.mit; + maintainers = with maintainers; [ bjornfor ]; + mainProgram = "glauth"; + }; +} diff --git a/services/glauth.nix b/services/glauth.nix new file mode 100644 index 0000000..851559c --- /dev/null +++ b/services/glauth.nix @@ -0,0 +1,65 @@ +{config, pkgs, lib, ...}: +let + cfg = config.services.glauth; + settingsFormat = pkgs.formats.toml {}; +in + +with lib; + +{ + options = { + services.glauth = { + enable = mkOption { + default = false; + type = with types; bool; + description = '' + Enable the glauth system service + ''; + }; + + package = mkPackageOption pkgs "glauth" { }; + + user = mkOption { + default = "glauth"; + type = types.str; + description = '' + Name of the user. + ''; + }; + + group = mkOption { + default = "glauth"; + type = types.str; + description = '' + Name of the group. + ''; + }; + + settings = mkOption { + type = settingsFormat.type; + default = {}; + description = '' + Configuration for glauth.cfg, see +