+ deployment.keys = {
+ ldap-password = {
+ destDir = "/run/keys/ldap";
+ permissions = "0400";
+ user = "openldap";
+ group = "openldap";
+ text = "rootpw ${myconfig.env.ldap.root_pw}";
+ };
+ ldap-access = {
+ destDir = "/run/keys/ldap";
+ permissions = "0400";
+ user = "openldap";
+ group = "openldap";
+ text = builtins.readFile "${myconfig.privateFiles}/ldap.conf";
+ };
+ };
+ users.users.openldap.extraGroups = [ "keys" ];