From f7edb71feaf32890f07782356ffdca212a4d3475 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Sat, 16 Oct 2021 17:03:04 +0200
Subject: [PATCH] tools/identity: init

---
 tools/default.nix  |  2 ++
 tools/identity.nix | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 tools/identity.nix

diff --git a/tools/default.nix b/tools/default.nix
index 1369101..2f21bc9 100644
--- a/tools/default.nix
+++ b/tools/default.nix
@@ -1,5 +1,7 @@
 let toolsets = {
     meta = import ./meta.nix;
+
+    identity = import ./identity.nix { inherit toolsets; };
   };
 in toolsets // {
   all = args: (builtins.mapAttrs (_: x: x args) toolsets) // { inherit (toolsets) meta; };
diff --git a/tools/identity.nix b/tools/identity.nix
new file mode 100644
index 0000000..1557b50
--- /dev/null
+++ b/tools/identity.nix
@@ -0,0 +1,38 @@
+# internal interface
+{ toolsets }:
+# external interface
+{ lib ? null, domain ? toolsets.meta.domain, ... }:
+let
+  tools = (self: {
+
+    inherit domain;
+
+    ldap = {
+      server = with self.ldap.server; {
+        # TODO: unhardcode everything here
+        protocol = "ldaps";
+        hostname = "authsys.virtual-machines.${domain}";
+        port = 636;
+        url = "${protocol}://${connectionString}";
+        connectionString = "${hostname}:${builtins.toString port}";
+      };
+      accounts = with self.ldap.accounts; {
+        domainComponents = self.ldap.lib.convertDomain domain;
+        uidAttribute = "uid";
+        uidFilter = "(${uidAttribute}=%u)";
+        userSearchBase = "cn=users,cn=accounts,${domainComponents}";
+      };
+      lib = {
+        convertDomain = domain: with builtins; lib.pipe domain [
+          (split "\\.")
+          (filter isString)
+          (map (x: "dc=${x}"))
+          (concatStringsSep ",")
+        ];
+      };
+    };
+    dns.master.addr = "10.10.0.11";
+    kerberos.kdc = "authsys.virtual-machines.${domain}";
+
+  }) tools;
+in tools