nixos/modules/services/security/hologram-server.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / security / hologram-server.nix
at 17.09-beta 2.8 kB view raw
  1{pkgs, config, lib, ...}:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.hologram-server;
  7
  8  cfgFile = pkgs.writeText "hologram-server.json" (builtins.toJSON {
  9    ldap = {
 10      host = cfg.ldapHost;
 11      bind = {
 12        dn       = cfg.ldapBindDN;
 13        password = cfg.ldapBindPassword;
 14      };
 15      insecureldap = cfg.ldapInsecure;
 16      userattr     = cfg.ldapUserAttr;
 17      baseDN       = cfg.ldapBaseDN;
 18    };
 19    aws = {
 20      account     = cfg.awsAccount;
 21      defaultrole = cfg.awsDefaultRole;
 22    };
 23    stats  = cfg.statsAddress;
 24    listen = cfg.listenAddress;
 25  });
 26
 27  script = "${pkgs.hologram.bin}/bin/hologram-server --debug --conf ${cfgFile}";
 28in {
 29  options = {
 30    services.hologram-server = {
 31      enable = mkOption {
 32        type = types.bool;
 33        default = false;
 34        description = "Whether to enable the Hologram server for AWS instance credentials";
 35      };
 36
 37      listenAddress = mkOption {
 38        type        = types.str;
 39        default     = "0.0.0.0:3100";
 40        description = "Address and port to listen on";
 41      };
 42
 43      ldapHost = mkOption {
 44        type        = types.str;
 45        description = "Address of the LDAP server to use";
 46      };
 47
 48      ldapInsecure = mkOption {
 49        type        = types.bool;
 50        default     = false;
 51        description = "Whether to connect to LDAP over SSL or not";
 52      };
 53
 54      ldapUserAttr = mkOption {
 55        type        = types.str;
 56        default     = "cn";
 57        description = "The LDAP attribute for usernames";
 58      };
 59
 60      ldapBaseDN = mkOption {
 61        type        = types.str;
 62        description = "The base DN for your Hologram users";
 63      };
 64
 65      ldapBindDN = mkOption {
 66        type        = types.str;
 67        description = "DN of account to use to query the LDAP server";
 68      };
 69
 70      ldapBindPassword = mkOption {
 71        type        = types.str;
 72        description = "Password of account to use to query the LDAP server";
 73      };
 74
 75      awsAccount = mkOption {
 76        type        = types.str;
 77        description = "AWS account number";
 78      };
 79
 80      awsDefaultRole = mkOption {
 81        type        = types.str;
 82        description = "AWS default role";
 83      };
 84
 85      statsAddress = mkOption {
 86        type        = types.str;
 87        default     = "";
 88        description = "Address of statsd server";
 89      };
 90    };
 91  };
 92
 93  config = mkIf cfg.enable {
 94    systemd.services.hologram-server = {
 95      description = "Provide EC2 instance credentials to machines outside of EC2";
 96      after       = [ "network.target" ];
 97      wantedBy    = [ "multi-user.target" ];
 98
 99      inherit script;
100    };
101
102    docker-containers.hologram-server = {
103      inherit script;
104    };
105
106    trivial-services.hologram-server = {
107      inherit script;
108    };
109  };
110}