cfg = config.myServices.databasesReplication.openldap;
eldiron_schemas = pkgs.callPackage ./openldap/eldiron_schemas.nix {};
ldapConfig = hcfg: name: pkgs.writeText "slapd.conf" ''
+ include ${pkgs.openldap}/etc/schema/core.schema
+ include ${pkgs.openldap}/etc/schema/cosine.schema
+ include ${pkgs.openldap}/etc/schema/inetorgperson.schema
+ include ${pkgs.openldap}/etc/schema/nis.schema
${eldiron_schemas}
pidfile /run/slapd_${name}/slapd.pid
argsfile /run/slapd_${name}/slapd.args
index uid pres,eq
index entryUUID eq
- include ${config.secrets.location}/openldap_replication/${name}/replication_config
+ include ${config.secrets.fullPaths."openldap_replication/${name}/replication_config"}
'';
in
{
};
users.groups.openldap.gid = config.ids.gids.openldap;
- secrets.keys = lib.flatten (lib.mapAttrsToList (name: hcfg: [
- {
- dest = "openldap_replication/${name}/replication_config";
+ secrets.keys = lib.listToAttrs (lib.flatten (lib.mapAttrsToList (name: hcfg: [
+ (lib.nameValuePair "openldap_replication/${name}/replication_config" {
user = "openldap";
group = "openldap";
permissions = "0400";
binddn="${hcfg.dn}"
credentials="${hcfg.password}"
'';
- }
- {
- dest = "openldap_replication/${name}/replication_password";
+ })
+ (lib.nameValuePair "openldap_replication/${name}/replication_password" {
user = "openldap";
group = "openldap";
permissions = "0400";
text = hcfg.password;
- }
- ]) cfg.hosts);
+ })
+ ]) cfg.hosts));
services.cron = {
enable = true;
backup_script = pkgs.writeScript "backup_openldap_${name}" ''
#!${pkgs.stdenv.shell}
- ${hcfg.package}/bin/slapcat -b "${hcfg.base}" -f ${ldapConfig hcfg name} -l ${backupDir}/$(${pkgs.coreutils}/bin/date -Iseconds).ldif
+ ${hcfg.package}/bin/slapcat -b "${hcfg.base}" -f ${ldapConfig hcfg name} -l ${backupDir}/$(${pkgs.coreutils}/bin/date -Iminutes).ldif
'';
u = pkgs.callPackage ./utils.nix {};
cleanup_script = pkgs.writeScript "cleanup_openldap_${name}" (u.exponentialDumps "ldif" backupDir);