1 { pkgs, config, lib, ... }:
3 cfg = config.myServices.databasesReplication.openldap;
4 eldiron_schemas = pkgs.callPackage ./openldap/eldiron_schemas.nix {};
5 ldapConfig = hcfg: name: pkgs.writeText "slapd.conf" ''
6 include ${pkgs.openldap}/etc/schema/core.schema
7 include ${pkgs.openldap}/etc/schema/cosine.schema
8 include ${pkgs.openldap}/etc/schema/inetorgperson.schema
9 include ${pkgs.openldap}/etc/schema/nis.schema
11 pidfile /run/slapd_${name}/slapd.pid
12 argsfile /run/slapd_${name}/slapd.args
19 rootdn "cn=root,${hcfg.base}"
20 directory ${cfg.base}/${name}/openldap
26 include ${config.secrets.location}/openldap_replication/${name}/replication_config
30 options.myServices.databasesReplication.openldap = {
31 enable = lib.mkEnableOption "Enable openldap replication";
33 type = lib.types.path;
35 Base path to put the replications
38 hosts = lib.mkOption {
43 type = lib.types.attrsOf (lib.types.submodule {
45 package = lib.mkOption {
46 type = lib.types.package;
47 default = pkgs.openldap;
49 Openldap package for this host
70 password = lib.mkOption {
81 config = lib.mkIf cfg.enable {
82 users.users.openldap = {
83 description = "Openldap database user";
85 uid = config.ids.uids.openldap;
86 extraGroups = [ "keys" ];
88 users.groups.openldap.gid = config.ids.gids.openldap;
90 secrets.keys = lib.flatten (lib.mapAttrsToList (name: hcfg: [
92 dest = "openldap_replication/${name}/replication_config";
99 type=refreshAndPersist
100 searchbase="${hcfg.base}"
106 credentials="${hcfg.password}"
110 dest = "openldap_replication/${name}/replication_password";
113 permissions = "0400";
114 text = hcfg.password;
120 systemCronJobs = lib.flatten (lib.mapAttrsToList (name: hcfg:
122 dataDir = "${cfg.base}/${name}/openldap";
123 backupDir = "${cfg.base}/${name}/openldap_backup";
124 backup_script = pkgs.writeScript "backup_openldap_${name}" ''
125 #!${pkgs.stdenv.shell}
127 ${hcfg.package}/bin/slapcat -b "${hcfg.base}" -f ${ldapConfig hcfg name} -l ${backupDir}/$(${pkgs.coreutils}/bin/date -Iminutes).ldif
129 u = pkgs.callPackage ./utils.nix {};
130 cleanup_script = pkgs.writeScript "cleanup_openldap_${name}" (u.exponentialDumps "ldif" backupDir);
132 "0 22,4,10,16 * * * root ${backup_script}"
133 "0 3 * * * root ${cleanup_script}"
137 system.activationScripts = lib.attrsets.mapAttrs' (name: hcfg:
138 lib.attrsets.nameValuePair "openldap_replication_${name}" {
139 deps = [ "users" "groups" ];
141 install -m 0700 -o openldap -g openldap -d ${cfg.base}/${name}/openldap
142 install -m 0700 -o openldap -g openldap -d ${cfg.base}/${name}/openldap_backup
146 systemd.services = lib.attrsets.mapAttrs' (name: hcfg:
148 dataDir = "${cfg.base}/${name}/openldap";
150 lib.attrsets.nameValuePair "openldap_backup_${name}" {
151 description = "Openldap replication for ${name}";
152 wantedBy = [ "multi-user.target" ];
153 after = [ "network.target" ];
154 unitConfig.RequiresMountsFor = dataDir;
157 mkdir -p /run/slapd_${name}
158 chown -R "openldap:openldap" /run/slapd_${name}
162 ExecStart = "${hcfg.package}/libexec/slapd -d 0 -u openldap -g openldap -f ${ldapConfig hcfg name}";