depot/cluster/services/idm/default.nix

{ config, depot, ... }:

{
  links = {
    idm = {
      ipv4 = "idm.${depot.lib.meta.domain}";
      port = 443;
      protocol = "https";
    };
    ldap = {
      hostname = "idm-ldap.internal.${depot.lib.meta.domain}";
      ipv4 = config.vars.mesh.VEGAS.meshIp;
      port = 636;
      protocol = "ldaps";
    };
  };

  services.idm = {
    nodes = {
      server = [ "VEGAS" ];
      client = [ "checkmate" "VEGAS" "prophet" "soda" "thunderskin" ];
      client-soda = [ "soda" ];
    };
    nixos = {
      server = ./server.nix;
      client = [
        ./client.nix
        ./modules/idm-nss-ready.nix
        ./modules/idm-tmpfiles.nix
        ./policies/infra-admins.nix
      ];
      client-soda = [
        ./policies/soda.nix
      ];
    };
  };
}
treewide: massive refactor 2023-08-31 01:55:45 +03:00			`{ config, depot, ... }:`
cluster/services/idm: init 2023-06-10 18:54:03 +03:00
			`{`
cluster/services/idm: enable LDAP 2023-06-11 22:33:53 +03:00			`links = {`
			`idm = {`
treewide: massive refactor 2023-08-31 01:55:45 +03:00			`ipv4 = "idm.${depot.lib.meta.domain}";`
cluster/services/idm: enable LDAP 2023-06-11 22:33:53 +03:00			`port = 443;`
			`protocol = "https";`
			`};`
			`ldap = {`
treewide: massive refactor 2023-08-31 01:55:45 +03:00			`hostname = "idm-ldap.internal.${depot.lib.meta.domain}";`
cluster/services/idm: enable LDAP 2023-06-11 22:33:53 +03:00			`ipv4 = config.vars.mesh.VEGAS.meshIp;`
			`port = 636;`
			`protocol = "ldaps";`
			`};`
cluster/services/idm: init 2023-06-10 18:54:03 +03:00			`};`

			`services.idm = {`
			`nodes = {`
			`server = [ "VEGAS" ];`
cluster/services/idm: include soda 2023-06-11 18:05:35 +03:00			`client = [ "checkmate" "VEGAS" "prophet" "soda" "thunderskin" ];`
cluster/services/idm: add policy for soda 2023-06-11 18:07:45 +03:00			`client-soda = [ "soda" ];`
cluster/services/idm: init 2023-06-10 18:54:03 +03:00			`};`
			`nixos = {`
			`server = ./server.nix;`
cluster/services/idm: enable unixd 2023-06-11 03:00:46 +03:00			`client = [`
			`./client.nix`
cluster/services/idm: allow infra admins to read systemd journal 2023-06-13 00:44:46 +03:00			`./modules/idm-nss-ready.nix`
			`./modules/idm-tmpfiles.nix`
cluster/services/idm: enable unixd 2023-06-11 03:00:46 +03:00			`./policies/infra-admins.nix`
			`];`
cluster/services/idm: add policy for soda 2023-06-11 18:07:45 +03:00			`client-soda = [`
			`./policies/soda.nix`
			`];`
cluster/services/idm: init 2023-06-10 18:54:03 +03:00			`};`
			`};`
			`}`