+ secrets.keys = [
+ {
+ dest = "ldap/password";
+ permissions = "0400";
+ user = "openldap";
+ group = "openldap";
+ text = "rootpw ${myconfig.env.ldap.root_pw}";
+ }
+ {
+ dest = "ldap/access ";
+ permissions = "0400";
+ user = "openldap";
+ group = "openldap";
+ text = builtins.readFile "${myconfig.privateFiles}/ldap.conf";
+ }
+ ];
+ users.users.openldap.extraGroups = [ "keys" ];