tools/identity: init

2021-10-16 17:03:04 +02:00 · 2021-10-16 17:03:04 +02:00 · f7edb71fea
commit f7edb71fea
parent f95f2d389b
2 changed files with 40 additions and 0 deletions
--- a/tools/default.nix
+++ b/tools/default.nix
@ -1,5 +1,7 @@
 let toolsets = {
    meta = import ./meta.nix;
+
+    identity = import ./identity.nix { inherit toolsets; };
  };
 in toolsets // {
  all = args: (builtins.mapAttrs (_: x: x args) toolsets) // { inherit (toolsets) meta; };
--- a/tools/identity.nix
+++ b/tools/identity.nix
@ -0,0 +1,38 @@
+# internal interface
+{ toolsets }:
+# external interface
+{ lib ? null, domain ? toolsets.meta.domain, ... }:
+let
+  tools = (self: {
+
+    inherit domain;
+
+    ldap = {
+      server = with self.ldap.server; {
+        # TODO: unhardcode everything here
+        protocol = "ldaps";
+        hostname = "authsys.virtual-machines.${domain}";
+        port = 636;
+        url = "${protocol}://${connectionString}";
+        connectionString = "${hostname}:${builtins.toString port}";
+      };
+      accounts = with self.ldap.accounts; {
+        domainComponents = self.ldap.lib.convertDomain domain;
+        uidAttribute = "uid";
+        uidFilter = "(${uidAttribute}=%u)";
+        userSearchBase = "cn=users,cn=accounts,${domainComponents}";
+      };
+      lib = {
+        convertDomain = domain: with builtins; lib.pipe domain [
+          (split "\\.")
+          (filter isString)
+          (map (x: "dc=${x}"))
+          (concatStringsSep ",")
+        ];
+      };
+    };
+    dns.master.addr = "10.10.0.11";
+    kerberos.kdc = "authsys.virtual-machines.${domain}";
+
+  }) tools;
+in tools