-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
cfg = config.myServices.databases.openldap;
ldapConfig = let
moduleload memberof
database hdb
- suffix "${myconfig.env.ldap.base}"
- rootdn "${myconfig.env.ldap.root_dn}"
+ suffix "${cfg.baseDn}"
+ rootdn "${cfg.rootDn}"
include ${config.secrets.location}/ldap/password
directory ${cfg.dataDir}
overlay memberof
description = "Whether to enable ldap";
type = lib.types.bool;
};
+ baseDn = lib.mkOption {
+ type = lib.types.str;
+ description = ''
+ Base DN for LDAP
+ '';
+ };
+ rootDn = lib.mkOption {
+ type = lib.types.str;
+ description = ''
+ Root DN
+ '';
+ };
+ rootPw = lib.mkOption {
+ type = lib.types.str;
+ description = ''
+ Root (Hashed) password
+ '';
+ };
+ accessFile = lib.mkOption {
+ type = lib.types.path;
+ description = ''
+ The file path that defines the access
+ '';
+ };
dataDir = lib.mkOption {
type = lib.types.path;
default = "/var/lib/openldap";
permissions = "0400";
user = "openldap";
group = "openldap";
- text = "rootpw ${myconfig.env.ldap.root_pw}";
+ text = "rootpw ${cfg.rootPw}";
}
{
- dest = "ldap/access ";
+ dest = "ldap/access";
permissions = "0400";
user = "openldap";
group = "openldap";
- text = builtins.readFile "${myconfig.privateFiles}/ldap.conf";
+ text = builtins.readFile "${cfg.accessFile}";
}
];
users.users.openldap.extraGroups = [ "keys" ];
projects / perso / Immae / Config / Nix.git / blobdiff