permissions = "0400";
user = "openldap";
group = "openldap";
- text = builtins.readFile "${cfg.accessFile}";
+ text = builtins.readFile cfg.accessFile;
+ }
+ {
+ dest = "ldap";
+ permissions = "0500";
+ user = "openldap";
+ group = "openldap";
+ isDir = true;
}
];
users.users.openldap.extraGroups = [ "keys" ];
security.acme.certs."ldap" = config.myServices.databasesCerts // {
user = "openldap";
group = "openldap";
- plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
domain = "ldap.immae.eu";
postRun = ''
systemctl restart openldap.service
services.filesWatcher.openldap = {
restart = true;
- paths = [ "${config.secrets.location}/ldap/" ];
+ paths = [ config.secrets.fullPaths."ldap" ];
};
services.openldap = {
enable = true;
dataDir = cfg.dataDir;
urlList = [ "ldap://" "ldaps://" ];
+ logLevel = "none";
extraConfig = ldapConfig;
extraDatabaseConfig = ''
moduleload memberof
overlay syncprov
syncprov-checkpoint 100 10
- include ${config.secrets.location}/ldap/access
+ include ${config.secrets.fullPaths."ldap/access"}
'';
- rootpwFile = "${config.secrets.location}/ldap/password";
+ rootpwFile = config.secrets.fullPaths."ldap/password";
suffix = cfg.baseDn;
rootdn = cfg.rootDn;
database = "hdb";