X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fdatabases%2Fopenldap%2Fdefault.nix;h=9f72b297df0383abff8ad15102133a8ac288fcd6;hb=8415083eb6acc343dfa404dbbc12fa0171a48a20;hp=850f3ff3fbdbc1cd0f4acab3d34e3ddad12ea70c;hpb=182ae57f53731be220075bc87aff4d47a35563b8;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix
index 850f3ff..9f72b29 100644
--- a/modules/private/databases/openldap/default.nix
+++ b/modules/private/databases/openldap/default.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, myconfig,  ... }:
+{ lib, pkgs, config, ... }:
 let
   cfg = config.myServices.databases.openldap;
   ldapConfig = let
@@ -27,15 +27,15 @@ let
 
     moduleload      memberof
     database        hdb
-    suffix          "${myconfig.env.ldap.base}"
-    rootdn          "${myconfig.env.ldap.root_dn}"
+    suffix          "${cfg.baseDn}"
+    rootdn          "${cfg.rootDn}"
     include         ${config.secrets.location}/ldap/password
     directory       ${cfg.dataDir}
     overlay         memberof
 
-    TLSCertificateFile    /var/lib/acme/ldap/cert.pem
-    TLSCertificateKeyFile /var/lib/acme/ldap/key.pem
-    TLSCACertificateFile  /var/lib/acme/ldap/fullchain.pem
+    TLSCertificateFile    ${config.security.acme.directory}/ldap/cert.pem
+    TLSCertificateKeyFile ${config.security.acme.directory}/ldap/key.pem
+    TLSCACertificateFile  ${config.security.acme.directory}/ldap/fullchain.pem
     TLSCACertificatePath  ${pkgs.cacert.unbundled}/etc/ssl/certs/
     #This makes openldap crash
     #TLSCipherSuite        DEFAULT
@@ -48,11 +48,35 @@ in
   options.myServices.databases = {
     openldap = {
       enable = lib.mkOption {
-        default = cfg.enable;
+        default = false;
         example = true;
         description = "Whether to enable ldap";
         type = lib.types.bool;
       };
+      baseDn = lib.mkOption {
+        type = lib.types.str;
+        description = ''
+          Base DN for LDAP
+        '';
+      };
+      rootDn = lib.mkOption {
+        type = lib.types.str;
+        description = ''
+          Root DN
+        '';
+      };
+      rootPw = lib.mkOption {
+        type = lib.types.str;
+        description = ''
+          Root (Hashed) password
+        '';
+      };
+      accessFile = lib.mkOption {
+        type = lib.types.path;
+        description = ''
+          The file path that defines the access
+        '';
+      };
       dataDir = lib.mkOption {
         type = lib.types.path;
         default = "/var/lib/openldap";
@@ -89,14 +113,14 @@ in
         permissions = "0400";
         user = "openldap";
         group = "openldap";
-        text = "rootpw          ${myconfig.env.ldap.root_pw}";
+        text = "rootpw          ${cfg.rootPw}";
       }
       {
-        dest = "ldap/access ";
+        dest = "ldap/access";
         permissions = "0400";
         user = "openldap";
         group = "openldap";
-        text = builtins.readFile "${myconfig.privateFiles}/ldap.conf";
+        text = builtins.readFile "${cfg.accessFile}";
       }
     ];
     users.users.openldap.extraGroups = [ "keys" ];
@@ -120,6 +144,11 @@ in
       '';
     };
 
+    services.filesWatcher.openldap = {
+      restart = true;
+      paths = [ "${config.secrets.location}/ldap/" ];
+    };
+
     services.openldap = {
       enable = true;
       dataDir = cfg.dataDir;