permissions = "0400";
user = "openldap";
group = "openldap";
- text = builtins.readFile "${cfg.accessFile}";
+ text = builtins.readFile cfg.accessFile;
+ }
+ {
+ dest = "ldap";
+ permissions = "0500";
+ user = "openldap";
+ group = "openldap";
+ isDir = true;
}
];
users.users.openldap.extraGroups = [ "keys" ];
services.filesWatcher.openldap = {
restart = true;
- paths = [ "${config.secrets.location}/ldap/" ];
+ paths = [ config.secrets.fullPaths."ldap" ];
};
services.openldap = {
overlay syncprov
syncprov-checkpoint 100 10
- include ${config.secrets.location}/ldap/access
+ include ${config.secrets.fullPaths."ldap/access"}
'';
- rootpwFile = "${config.secrets.location}/ldap/password";
+ rootpwFile = config.secrets.fullPaths."ldap/password";
suffix = cfg.baseDn;
rootdn = cfg.rootDn;
database = "hdb";