Add ca for openldap

Pythoner6 · Jan 5, 2024 · 3b5e361 · 3b5e361
1 parent 2ebb1ac
commit 3b5e361
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 0 deletions.
diff --git a/flake.nix b/flake.nix
@@ -87,6 +87,11 @@
           url = "https://charts.jetstack.io/charts/cert-manager-v1.13.3.tgz";
           digest = "f30f3e6f7327f171ecb1ad60079df55639ad6469a80f32e5b60667af950455d5";
         };
+        cert-manager-csi-driver.src = utils.fetchurlHexDigest {
+          # renovate: helm=https://charts.jetstack.io package=cert-manager-csi-driver version=v0.6.0
+          url = "https://charts.jetstack.io/charts/cert-manager-csi-driver-v0.6.0.tgz";
+          digest = "10e938d3cc27919970d19871c1f2da2e591a6a85630979e2166600c88d3f4946";
+        };
         rook.crdValues."crds.enable" = true;
         rook.src  = utils.fetchurlHexDigest {
           # renovate: helm=https://charts.rook.io/release package=rook-ceph version=v1.13.1
@@ -139,6 +144,25 @@
           inherit charts;
           src = default;
         };
+        openldap = pkgs.dockerTools.buildLayeredImage {
+          name = "openldap";
+          #config.Cmd = let openldap = pkgs.openldap.overrideAttrs (final: prev: {configureFlags = prev.configureFlags ++ ["--enable-syncprov"];}); in ["${openldap}/libexec/slapd" "-d" "-1" "-F" "/config" "-h" "ldap://0.0.0.0/"];
+          #config.Cmd = ["${pkgs.openldap}/libexec/slapd" "-d" "-1" "-F" "/config" "-h" "ldap://0.0.0.0/"];
+          #config.Entrypoint = ["${pkgs.bash}/bin/bash" "-c" "\"${pkgs.openldap}/libexec/slapd -d -1 -F /config -h ldap://$1/\""];
+          config.Entrypoint = [(pkgs.stdenv.mkDerivation {
+            name = "entrypoint.sh";
+            dontUnpack = true;
+            installPhase = ''
+              cat <<'EOF' > "$out"
+              #!${pkgs.bash}/bin/bash
+              echo "$@"
+              set -x
+              exec ${pkgs.openldap}/libexec/slapd -d -1 -F /config -h "$1"
+              EOF
+              chmod +x $out
+            '';
+          })];
+        };
       };
       devShells.${system} = {
         default = pkgs.mkShell {

diff --git a/k8s/cert-manager/cert-manager.cue b/k8s/cert-manager/cert-manager.cue
@@ -17,6 +17,12 @@ kustomizations: {
         values: installCRDs: true
       }
     }
+    "\(appName)-csi-driver": helmrelease.#HelmRelease & {
+      spec: {
+        chart: spec: #Charts["\(appName)-csi-driver"]
+        interval: "10m0s"
+      }
+    }
   }
   $default: #dependsOn: [helm]
   $default: "issuers": {

diff --git a/k8s/openldap/openldap.cue b/k8s/openldap/openldap.cue
@@ -0,0 +1,34 @@
+package netserv
+
+import (
+  "strings"
+  certmanager "pythoner6.dev/netserv/k8s/cert-manager:netserv"
+  issuers "cert-manager.io/issuer/v1"
+  certs "cert-manager.io/certificate/v1"
+)
+
+appName: "openldap"
+
+kustomizations: {
+  $default: #dependsOn: [certmanager.kustomizations["$default"]]
+  $default: "manifest": {
+    ldapCaCert="ldap-ca-cert": certs.#Certificate & {
+      metadata: {}
+      spec: {
+        isCA: true
+        literalSubject: "CN=ca,DC=ldap,DC=home,DC=josephmartin,DC=org"
+        secretName: metadata.name
+        privateKey: algorithm: "Ed25519"
+        issuerRef: {
+          name: certmanager.kustomizations["$default"].issuers["self-signed"].metadata.name
+          kind: certmanager.kustomizations["$default"].issuers["self-signed"].kind
+          group: strings.Split(certmanager.kustomizations["$default"].issuers["self-signed"].apiVersion, "/")[0]
+        }
+      }
+    }
+    "ldap-ca": issuers.#Issuer & {
+      spec: ca: secretName: ldapCaCert.metadata.name
+    }
+  }
+}
+