lldap: lldap 0.6.1 -> 0.6.2

  config,

  lib,

  pkgs,

  utils,

  ...

}:

            example = "postgres://postgres-user:password@postgres-server/my-database";

          };

          ldap_user_pass = mkOption {

            type = types.nullOr types.str;

            default = null;

            description = ''

              Password for default admin password.

              Unsecure: Use `ldap_user_pass_file` settings instead.

            '';

          };

          ldap_user_pass_file = mkOption {

            type = types.nullOr types.str;

            default = null;

  };

  config = lib.mkIf cfg.enable {

    assertions = [

      {

        assertion =

          (cfg.settings.ldap_user_pass_file or null) != null || (cfg.settings.ldap_user_pass or null) != null;

        message = "lldap: Default admin user password must be set. Please set the `ldap_user_pass` or better the `ldap_user_pass_file` setting.";

      }

      {

        assertion =

          (cfg.settings.ldap_user_pass_file or null) == null || (cfg.settings.ldap_user_pass or null) == null;

        message = "lldap: Both `ldap_user_pass` and `ldap_user_pass_file` settings should not be set at the same time. Set one to `null`.";

      }

    ];

    warnings =

      lib.optionals (cfg.settings.ldap_user_pass or null != null) [

        ''

          lldap: Unsecure `ldap_user_pass` setting is used. Prefer `ldap_user_pass_file` instead.

        ''

      ]

      ++

        lib.optionals

        (

          (cfg.settings.ldap_user_pass_file or null) != null

          && cfg.settings.force_ldap_user_pass_reset == false

          && cfg.silenceForceUserPassResetWarning == false

        )

          (cfg.settings.force_ldap_user_pass_reset == false && cfg.silenceForceUserPassResetWarning == false)

          [

            ''

            lldap: The default admin password is declared with the setting `ldap_user_pass_file`, but `force_ldap_user_pass_reset` is set to `false`.

            This means the admin password can be changed through the UI and will drift from the one defined in your nix config.

            It also means changing the setting `ldap_user_pass_file` will have no effect on the admin password.

              lldap: The `force_ldap_user_pass_reset` setting is set to `false` which means

              the admin password can be changed through the UI and will drift from the one defined in your nix config.

              It also means changing the setting `ldap_user_pass` or `ldap_user_pass_file` will have no effect on the admin password.

              Either set `force_ldap_user_pass_reset` to `"always"` or silence this warning by setting the option `services.lldap.silenceForceUserPassResetWarning` to `true`.

            ''

          ];

  name = "lldap";

  nodes.machine =

    { pkgs, ... }:

    { pkgs, lib, ... }:

    {

      services.lldap = {

        enable = true;

        settings = {

          verbose = true;

          ldap_base_dn = "dc=example,dc=com";

          ldap_user_pass = "password";

        };

      };

      environment.systemPackages = [ pkgs.openldap ];

          { ... }:

          {

            services.lldap.settings = {

              ldap_user_pass_file = toString (pkgs.writeText "adminPasswordFile" adminPassword);

              ldap_user_pass = lib.mkForce null;

              ldap_user_pass_file = lib.mkForce (toString (pkgs.writeText "adminPasswordFile" adminPassword));

              force_ldap_user_pass_reset = "always";

            };

          };

          { ... }:

          {

            services.lldap.settings = {

              ldap_user_pass = lib.mkForce null;

              ldap_user_pass_file = toString (pkgs.writeText "adminPasswordFile" "password");

              force_ldap_user_pass_reset = false;

            };

From a09babb0cd9dd532ad2de920a2a35aa03d740dc6 Mon Sep 17 00:00:00 2001

From: Herwig Hochleitner <herwig@bendlas.net>

Date: Thu, 8 Aug 2024 00:29:14 +0200

Subject: [PATCH] parameterize frontend location

---

 server/src/infra/tcp_server.rs | 14 +++++++-------

 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/server/src/infra/tcp_server.rs b/server/src/infra/tcp_server.rs

index fa5f11f..16e64c5 100644

--- a/server/src/infra/tcp_server.rs

+++ b/server/src/infra/tcp_server.rs

@@ -25,7 +25,7 @@ use std::sync::RwLock;

 use tracing::info;

 async fn index<Backend>(data: web::Data<AppState<Backend>>) -> actix_web::Result<impl Responder> {

-    let mut file = std::fs::read_to_string(r"./app/index.html")?;

+    let mut file = std::fs::read_to_string(r"@frontend@/index.html")?;

     if data.server_url.path() != "/" {

         file = file.replace(

@@ -80,7 +80,7 @@ pub(crate) fn error_to_http_response(error: TcpError) -> HttpResponse {

 async fn main_js_handler<Backend>(

     data: web::Data<AppState<Backend>>,

 ) -> actix_web::Result<impl Responder> {

-    let mut file = std::fs::read_to_string(r"./app/static/main.js")?;

+    let mut file = std::fs::read_to_string(r"@frontend@/static/main.js")?;

     if data.server_url.path() != "/" {

         file = file.replace("/pkg/", format!("{}/pkg/", data.server_url.path()).as_str());

@@ -92,12 +92,12 @@ async fn main_js_handler<Backend>(

 }

 async fn wasm_handler() -> actix_web::Result<impl Responder> {

-    Ok(actix_files::NamedFile::open_async("./app/pkg/lldap_app_bg.wasm").await?)

+    Ok(actix_files::NamedFile::open_async("@frontend@/pkg/lldap_app_bg.wasm").await?)

 }

 async fn wasm_handler_compressed() -> actix_web::Result<impl Responder> {

     Ok(

-        actix_files::NamedFile::open_async("./app/pkg/lldap_app_bg.wasm.gz")

+        actix_files::NamedFile::open_async("@frontend@/pkg/lldap_app_bg.wasm.gz")

             .await?

             .customize()

             .insert_header(header::ContentEncoding::Gzip)

@@ -143,11 +143,11 @@ fn http_config<Backend>(

     .service(web::resource("/pkg/lldap_app_bg.wasm").route(web::route().to(wasm_handler)))

     .service(web::resource("/static/main.js").route(web::route().to(main_js_handler::<Backend>)))

     // Serve the /pkg path with the compiled WASM app.

-    .service(Files::new("/pkg", "./app/pkg"))

+    .service(Files::new("/pkg", "@frontend@/pkg"))

     // Serve static files

-    .service(Files::new("/static", "./app/static"))

+    .service(Files::new("/static", "@frontend@/static"))

     // Serve static fonts

-    .service(Files::new("/static/fonts", "./app/static/fonts"))

+    .service(Files::new("/static/fonts", "@frontend@/static/fonts"))

     // Default to serve index.html for unknown routes, to support routing.

     .default_service(web::route().guard(guard::Get()).to(index::<Backend>));

 }

-- 

2.45.2

  fetchFromGitHub,

  lib,

  lldap,

  makeWrapper,

  nixosTests,

  rustPlatform,

  rustc,

  wasm-bindgen-cli_0_2_95,

  wasm-bindgen-cli_0_2_100,

  wasm-pack,

  which,

}:

let

  version = "0.6.2";

  commonDerivationAttrs = rec {

  commonDerivationAttrs = {

    pname = "lldap";

    version = "0.6.1";

    inherit version;

    src = fetchFromGitHub {

      owner = "lldap";

      repo = "lldap";

      rev = "v${version}";

      hash = "sha256-iQ+Vv9kx/pWHoa/WZChBK+FD2r1avzWWz57bnnzRjUg=";

      hash = "sha256-UBQWOrHika8X24tYdFfY8ETPh9zvI7/HV5j4aK8Uq+Y=";

    };

    cargoHash = "sha256-qXYgr9uRswuo9hwVROUX9KUKpkzR0VEcXImbdyOgxsY=";

    cargoHash = "sha256-SO7+HiiXNB/KF3fjzSMeiTPjRQq/unEfsnplx4kZv9c=";

  };

  frontend = rustPlatform.buildRustPackage (

      nativeBuildInputs = [

        wasm-pack

        wasm-bindgen-cli_0_2_95

        wasm-bindgen-cli_0_2_100

        binaryen

        which

        rustc

      "lldap_set_password"

    ];

    patches = [

      ./0001-parameterize-frontend-location.patch

    ];

    postPatch = ''

      substituteInPlace server/src/infra/tcp_server.rs --subst-var-by frontend '${frontend}'

    nativeBuildInputs = [ makeWrapper ];

    postInstall = ''

      wrapProgram $out/bin/lldap \

        --set LLDAP_ASSETS_PATH ${frontend}

    '';

    passthru = {

      changelog = "https://github.com/lldap/lldap/blob/v${lldap.version}/CHANGELOG.md";

      license = licenses.gpl3Only;

      platforms = platforms.linux;

      maintainers = with maintainers; [ bendlas ];

      maintainers = with maintainers; [

        bendlas

        ibizaman

      ];

      mainProgram = "lldap";

    };

  }