cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #227916 from IndeedNotJames/lldap

Browse source 
lldap: init at 0.4.3; nixos/lldap: init; nixosTests.lldap: init
This commit is contained in:
Kira Bruneau 2023-04-29 15:24:12 -04:00 committed by GitHub
commit f81a619c91
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 5172 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2305.section.md
View file

@ -117,6 +117,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [woodpecker-server](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable).
- [lldap](https://github.com/lldap/lldap), a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. Available as [services.lldap](#opt-services.lldap.enable).
- [ReGreet](https://github.com/rharish101/ReGreet), a clean and customizable greeter for greetd. Available as [programs.regreet](#opt-programs.regreet.enable).
- [v4l2-relayd](https://git.launchpad.net/v4l2-relayd), a streaming relay for v4l2loopback using gstreamer. Available as [services.v4l2-relayd](#opt-services.v4l2-relayd.instances._name_.enable).

1
nixos/modules/module-list.nix
View file

@ -396,6 +396,7 @@
./services/databases/hbase-standalone.nix
./services/databases/influxdb.nix
./services/databases/influxdb2.nix
./services/databases/lldap.nix
./services/databases/memcached.nix
./services/databases/monetdb.nix
./services/databases/mongodb.nix

121
nixos/modules/services/databases/lldap.nix Normal file
View file

@ -0,0 +1,121 @@
{ config, lib, pkgs, utils, ... }:
let
cfg = config.services.lldap;
format = pkgs.formats.toml { };
in
{
options.services.lldap = with lib; {
enable = mkEnableOption (mdDoc "lldap");
package = mkPackageOptionMD pkgs "lldap" { };
environment = mkOption {
type = with types; attrsOf str;
default = { };
example = {
LLDAP_JWT_SECRET_FILE = "/run/lldap/jwt_secret";
LLDAP_LDAP_USER_PASS_FILE = "/run/lldap/user_password";
};
description = lib.mdDoc ''
Environment variables passed to the service.
Any config option name prefixed with `LLDAP_` takes priority over the one in the configuration file.
'';
};
environmentFile = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc ''
Environment file as defined in {manpage}`systemd.exec(5)` passed to the service.
'';
};
settings = mkOption {
description = mdDoc ''
Free-form settings written directly to the `lldap_config.toml` file.
Refer to <https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml> for supported values.
'';
default = { };
type = types.submodule {
freeformType = format.type;
options = {
ldap_host = mkOption {
type = types.str;
description = mdDoc "The host address that the LDAP server will be bound to.";
default = "::";
};
ldap_port = mkOption {
type = types.port;
description = mdDoc "The port on which to have the LDAP server.";
default = 3890;
};
http_host = mkOption {
type = types.str;
description = mdDoc "The host address that the HTTP server will be bound to.";
default = "::";
};
http_port = mkOption {
type = types.port;
description = mdDoc "The port on which to have the HTTP server, for user login and administration.";
default = 17170;
};
http_url = mkOption {
type = types.str;
description = mdDoc "The public URL of the server, for password reset links.";
default = "http://localhost";
};
ldap_base_dn = mkOption {
type = types.str;
description = mdDoc "Base DN for LDAP.";
example = "dc=example,dc=com";
};
ldap_user_dn = mkOption {
type = types.str;
description = mdDoc "Admin username";
default = "admin";
};
ldap_user_email = mkOption {
type = types.str;
description = mdDoc "Admin email.";
default = "admin@example.com";
};
database_url = mkOption {
type = types.str;
description = mdDoc "Database URL.";
default = "sqlite://./users.db?mode=rwc";
example = "postgres://postgres-user:password@postgres-server/my-database";
};
};
};
};
};
config = lib.mkIf cfg.enable {
systemd.services.lldap = {
description = "Lightweight LDAP server (lldap)";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe cfg.package} run --config-file ${format.generate "lldap_config.toml" cfg.settings}";
StateDirectory = "lldap";
WorkingDirectory = "%S/lldap";
User = "lldap";
Group = "lldap";
DynamicUser = true;
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
};
inherit (cfg) environment;
};
};
}

1
nixos/tests/all-tests.nix
View file

@ -379,6 +379,7 @@ in {
limesurvey = handleTest ./limesurvey.nix {};
listmonk = handleTest ./listmonk.nix {};
litestream = handleTest ./litestream.nix {};
lldap = handleTest ./lldap.nix {};
locate = handleTest ./locate.nix {};
login = handleTest ./login.nix {};
logrotate = handleTest ./logrotate.nix {};

26
nixos/tests/lldap.nix Normal file
View file

@ -0,0 +1,26 @@
import ./make-test-python.nix ({ ... }: {
name = "lldap";
nodes.machine = { pkgs, ... }: {
services.lldap = {
enable = true;
settings = {
verbose = true;
ldap_base_dn = "dc=example,dc=com";
};
};
environment.systemPackages = [ pkgs.openldap ];
};
testScript = ''
machine.wait_for_unit("lldap.service")
machine.wait_for_open_port(3890)
machine.wait_for_open_port(17170)
machine.succeed("curl --location --fail http://localhost:17170/")
print(
machine.succeed('ldapsearch -H ldap://localhost:3890 -D uid=admin,ou=people,dc=example,dc=com -b "ou=people,dc=example,dc=com" -w password')
)
'';
})

4908
pkgs/servers/ldap/lldap/Cargo.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

68
pkgs/servers/ldap/lldap/default.nix Normal file
View file

@ -0,0 +1,68 @@
{ fetchFromGitHub
, fetchzip
, lib
, lldap
, nixosTests
, rustPlatform
}:
let
# We cannot build the wasm frontend from source, as the
# wasm32-unknown-unknown rustc target isn't available in nixpkgs yet.
# Tracking issue: https://github.com/NixOS/nixpkgs/issues/89426
frontend = fetchzip {
url = "https://github.com/lldap/lldap/releases/download/v${lldap.version}/amd64-lldap.tar.gz";
hash = "sha256-/Ml4L5Gxpnmt1pLSiLNuxtzQYjTCatsVe/hE+Btl8BI=";
name = "lldap-frontend-${lldap.version}";
postFetch = ''
mv $out $TMPDIR/extracted
mv $TMPDIR/extracted/app $out
'';
};
in
rustPlatform.buildRustPackage rec {
pname = "lldap";
version = "0.4.3";
src = fetchFromGitHub {
owner = "lldap";
repo = "lldap";
rev = "v${version}";
hash = "sha256-FAUTykFh2eGVpx6LrCjV9xWbBPH8pCgAJv3vOXFMFZ4=";
};
# `Cargo.lock` has git dependencies, meaning can't use `cargoHash`
cargoLock = {
# 0.4.3 has been tagged before the actual Cargo.lock bump, resulting in an inconsitent lock file.
# To work around this, the Cargo.lock below is from the commit right after the tag:
# https://github.com/lldap/lldap/commit/7b4188a376baabda48d88fdca3a10756da48adda
lockFile = ./Cargo.lock;
outputHashes = {
"lber-0.4.1" = "sha256-2rGTpg8puIAXggX9rEbXPdirfetNOHWfFc80xqzPMT4=";
"opaque-ke-0.6.1" = "sha256-99gaDv7eIcYChmvOKQ4yXuaGVzo2Q6BcgSQOzsLF+fM=";
"yew_form-0.1.8" = "sha256-1n9C7NiFfTjbmc9B5bDEnz7ZpYJo9ZT8/dioRXJ65hc=";
};
};
patches = [
./static-frontend-path.patch
];
postPatch = ''
ln -s --force ${./Cargo.lock} Cargo.lock
substituteInPlace server/src/infra/tcp_server.rs --subst-var-by frontend '${frontend}'
'';
passthru.tests = {
inherit (nixosTests) lldap;
};
meta = with lib; {
description = "A lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication";
homepage = "https://github.com/lldap/lldap";
changelog = "https://github.com/lldap/lldap/blob/v${version}/CHANGELOG.md";
license = licenses.gpl3Only;
platforms = platforms.linux;
maintainers = with maintainers; [ indeednotjames ];
};
}

43
pkgs/servers/ldap/lldap/static-frontend-path.patch Normal file
View file

@ -0,0 +1,43 @@
diff --git a/server/src/infra/tcp_server.rs b/server/src/infra/tcp_server.rs
index 43f65ea..e289f2a 100644
--- a/server/src/infra/tcp_server.rs
+++ b/server/src/infra/tcp_server.rs
@@ -26,7 +26,7 @@ use std::sync::RwLock;
use tracing::info;
async fn index() -> actix_web::Result<NamedFile> {
- let path = PathBuf::from(r"app/index.html");
+ let path = PathBuf::from(r"@frontend@/index.html");
Ok(NamedFile::open(path)?)
}
@@ -68,12 +68,12 @@ pub(crate) fn error_to_http_response(error: TcpError) -> HttpResponse {
}
async fn wasm_handler() -> actix_web::Result<impl Responder> {
- Ok(actix_files::NamedFile::open_async("./app/pkg/lldap_app_bg.wasm").await?)
+ Ok(actix_files::NamedFile::open_async("@frontend@/pkg/lldap_app_bg.wasm").await?)
}
async fn wasm_handler_compressed() -> actix_web::Result<impl Responder> {
Ok(
- actix_files::NamedFile::open_async("./app/pkg/lldap_app_bg.wasm.gz")
+ actix_files::NamedFile::open_async("@frontend@/pkg/lldap_app_bg.wasm.gz")
.await?
.customize()
.insert_header(header::ContentEncoding::Gzip)
@@ -118,11 +118,11 @@ fn http_config<Backend>(
)
.service(web::resource("/pkg/lldap_app_bg.wasm").route(web::route().to(wasm_handler)))
// Serve the /pkg path with the compiled WASM app.
- .service(Files::new("/pkg", "./app/pkg"))
+ .service(Files::new("/pkg", "@frontend@/pkg"))
// Serve static files
- .service(Files::new("/static", "./app/static"))
+ .service(Files::new("/static", "@frontend@/static"))
// Serve static fonts
- .service(Files::new("/static/fonts", "./app/static/fonts"))
+ .service(Files::new("/static/fonts", "@frontend@/static/fonts"))
// Default to serve index.html for unknown routes, to support routing.
.default_service(web::route().guard(guard::Get()).to(index));
}

2
pkgs/top-level/all-packages.nix
View file

@ -25265,6 +25265,8 @@ with pkgs;
livepeer = callPackage ../servers/livepeer { };
lldap = callPackage ../servers/ldap/lldap { };
lwan = callPackage ../servers/http/lwan { };
labelImg = callPackage ../applications/science/machine-learning/labelimg { };