sp-config/sp-modules/auth/common.nix

{ config, lib, pkgs, ... }:
rec {
  domain = config.selfprivacy.domain;
  cfg = config.selfprivacy.modules.auth;
  passthru = config.passthru.selfprivacy.auth;
  auth-fqdn = cfg.subdomain + "." + domain;

  kanidm_ldap_port = 3636;

  # e.g. "dc=mydomain,dc=com"
  ldap_base_dn =
    lib.strings.concatMapStringsSep
      ","
      (x: "dc=" + x)
      (lib.strings.splitString "." domain);

  appendLdapBindPwd =
    { name, file, prefix, suffix ? "", passwordFile, destination }:
    pkgs.writeScript "append-ldap-bind-pwd-in-${name}" ''
      #!${pkgs.stdenv.shell}
      set -euo pipefail

      baseDir=$(dirname ${destination})
      if (! test -d "$baseDir"); then
        mkdir -p $baseDir
        chmod 755 $baseDir
      fi

      cat ${file} > ${destination}
      echo -n '${prefix}' >> ${destination}
      cat ${passwordFile} >> ${destination}
      echo -n '${suffix}' >> ${destination}
      chmod 600 ${destination}
    '';
}
auth: ldap-dovecot.nix, clean code 2024-12-20 18:41:07 +04:00			`{ config, lib, pkgs, ... }:`
			`rec {`
			`domain = config.selfprivacy.domain;`
			`cfg = config.selfprivacy.modules.auth;`
			`passthru = config.passthru.selfprivacy.auth;`
			`auth-fqdn = cfg.subdomain + "." + domain;`

			`kanidm_ldap_port = 3636;`

			`# e.g. "dc=mydomain,dc=com"`
			`ldap_base_dn =`
			`lib.strings.concatMapStringsSep`
			`","`
			`(x: "dc=" + x)`
			`(lib.strings.splitString "." domain);`

			`appendLdapBindPwd =`
			`{ name, file, prefix, suffix ? "", passwordFile, destination }:`
			`pkgs.writeScript "append-ldap-bind-pwd-in-${name}" ''`
			`#!${pkgs.stdenv.shell}`
			`set -euo pipefail`

			`baseDir=$(dirname ${destination})`
			`if (! test -d "$baseDir"); then`
			`mkdir -p $baseDir`
			`chmod 755 $baseDir`
			`fi`

			`cat ${file} > ${destination}`
			`echo -n '${prefix}' >> ${destination}`
			`cat ${passwordFile} >> ${destination}`
			`echo -n '${suffix}' >> ${destination}`
			`chmod 600 ${destination}`
			`'';`
			`}`