diff --git a/.envrc b/.envrc index e60d2efe..65579473 100644 --- a/.envrc +++ b/.envrc @@ -6,7 +6,7 @@ source_env_if_exists ".envrc.${USER-$(id -un)}" source_env_if_exists .envrc.conf -use flake "${FLAKE_ARGS[@]}" +use flake ".#${FLAKE_DEVSHELL-}" "${FLAKE_ARGS[@]}" export FLAKE_OPTS=${FLAKE_OPTS:-"${FLAKE_ARGS[*]}"} watch_file outputs.nix diff --git a/devShells.nix b/devShells.nix index d1a5ccfd..1c188326 100644 --- a/devShells.nix +++ b/devShells.nix @@ -3,7 +3,13 @@ system, }: let inherit (inputs.self.legacyPackages.${system}) pkgs; - inherit (inputs.self.lib.nixlib) optionalString; + inherit (inputs.self.lib.lib) mkBaseDn; + inherit (inputs.self.lib.nixlib) optionalString concatStringsSep; + ldapHostArg = concatStringsSep "," [ + "ldaps://ldap.local.${inputs.self.lib.lib.domain}" + "ldaps://idp.${inputs.self.lib.lib.domain}" + ]; + ldapBaseDn = mkBaseDn inputs.self.lib.lib.domain; mkWrapper = { name, attr ? name, @@ -20,8 +26,8 @@ else "-c ${exe}"; in pkgs.writeShellScriptBin name '' - ${optionalString (subdir != null) ''cd "$NF_CONFIG_ROOT${subdir}"''} - exec nix ${subcommand} ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#${attr}" ${exeArg} "$@" + ${optionalString (subdir != null) ''cd "''${NF_CONFIG_ROOT-${toString ./.}}${subdir}"''} + exec nix ${subcommand} ''${FLAKE_OPTS-} "''${NF_CONFIG_ROOT-${toString ./.}}#${attr}" ${exeArg} "$@" ''; nf-tf = pkgs.writeShellScriptBin "nf-tf" '' cd "$NF_CONFIG_ROOT/tf" @@ -89,6 +95,51 @@ attr = "pkgs.freeradius"; exe = name; }) + (mkWrapper rec { + name = "smbclient"; + attr = "pkgs.samba"; + exe = name; + }) + (mkWrapper rec { + name = "smbpasswd"; + attr = "pkgs.samba"; + exe = name; + }) + (mkWrapper rec { + name = "net"; + attr = "pkgs.samba"; + exe = name; + }) + (mkWrapper rec { + name = "ldapwhoami"; + attr = "pkgs.openldap"; + exe = "${name} -H ${ldapHostArg}"; + }) + (mkWrapper rec { + name = "ldappasswd"; + attr = "pkgs.openldap"; + exe = "${name} -H ${ldapHostArg}"; + }) + (mkWrapper rec { + name = "ldapsearch"; + attr = "pkgs.openldap"; + exe = "${name} -H ${ldapHostArg} -b ${ldapBaseDn} -o ldif_wrap=no"; + }) + (mkWrapper rec { + name = "ldapadd"; + attr = "pkgs.openldap"; + exe = "${name} -H ${ldapHostArg}"; + }) + (mkWrapper rec { + name = "ldapmodify"; + attr = "pkgs.openldap"; + exe = "${name} -H ${ldapHostArg}"; + }) + (mkWrapper rec { + name = "ldapdelete"; + attr = "pkgs.openldap"; + exe = "${name} -H ${ldapHostArg}"; + }) ]; shellHook = '' export NIX_BIN_DIR=$(dirname $(readlink -f $(type -P nix))) @@ -98,6 +149,20 @@ export NF_CONFIG_ROOT=''${NF_CONFIG_ROOT-${toString ./.}} ''; }; + arc = let + ldapdm = cmd: pkgs.writeShellScriptBin "dm-${cmd}" '' + ${cmd} -D 'cn=Directory Manager' -y <(bitw get -f password ldap-directory-manager) "$@" + ''; + in default.overrideAttrs (default: { + nativeBuildInputs = default.nativeBuildInputs ++ [ + (ldapdm "ldapwhoami") + (ldapdm "ldappasswd") + (ldapdm "ldapsearch") + (ldapdm "ldapadd") + (ldapdm "ldapmodify") + (ldapdm "ldapdelete") + ]; + }); in { - inherit default; + inherit default arc; } diff --git a/lib.nix b/lib.nix index c9f60547..9e046a25 100644 --- a/lib.nix +++ b/lib.nix @@ -7,7 +7,7 @@ inherit (nixlib.strings) splitString toLower; inherit (nixlib.lists) imap0 elemAt; inherit (nixlib.attrsets) listToAttrs nameValuePair; - inherit (nixlib.strings) substring fixedWidthString replaceStrings; + inherit (nixlib.strings) substring fixedWidthString replaceStrings concatMapStringsSep; inherit (nixlib.trivial) flip toHexString bitOr; toHexStringLower = v: toLower (toHexString v); @@ -33,6 +33,8 @@ userIs = group: user: builtins.elem group (user.extraGroups ++ [user.group]); mkWinPath = replaceStrings ["/"] ["\\"]; + mkBaseDn = domain: concatMapStringsSep "," (part: "dc=${part}") (splitString "." domain); + in { inherit tree nixlib inputs systems; meta = tree.impure; @@ -40,7 +42,7 @@ in { Std = inputs.std-fl.lib; lib = { domain = "gensokyo.zone"; - inherit mkWinPath userIs eui64 toHexStringLower hexCharToInt; + inherit mkWinPath mkBaseDn userIs eui64 toHexStringLower hexCharToInt; inherit (inputs.arcexprs.lib) unmerged json; }; generate = import ./generate.nix {inherit inputs tree;};