Use attrs for secrets instead of lists

[perso/Immae/Config/Nix.git] / modules / private / databases / openldap_replication.nix

diff --git a/modules/private/databases/openldap_replication.nix b/modules/private/databases/openldap_replication.nix
index c0c16e6921c78de15aaaeadf48c746a5f8891989..b456323460c2234bb0e6f30ea13f9b719c01eac8 100644 (file)
--- a/modules/private/databases/openldap_replication.nix
+++ b/modules/private/databases/openldap_replication.nix
@@ -1,8 +1,12 @@
-{ pkgs, config, myconfig, lib, ... }:
+{ pkgs, config, lib, ... }:
 let
   cfg = config.myServices.databasesReplication.openldap;
   eldiron_schemas = pkgs.callPackage ./openldap/eldiron_schemas.nix {};
   ldapConfig = hcfg: name: pkgs.writeText "slapd.conf" ''
+    include ${pkgs.openldap}/etc/schema/core.schema
+    include ${pkgs.openldap}/etc/schema/cosine.schema
+    include ${pkgs.openldap}/etc/schema/inetorgperson.schema
+    include ${pkgs.openldap}/etc/schema/nis.schema
     ${eldiron_schemas}
     pidfile   /run/slapd_${name}/slapd.pid
     argsfile  /run/slapd_${name}/slapd.args
@@ -19,7 +23,7 @@ let
     index   uid               pres,eq
     index   entryUUID         eq
 
-    include ${config.secrets.location}/openldap_replication/${name}/replication_config
+    include ${config.secrets.fullPaths."openldap_replication/${name}/replication_config"}
     '';
 in
 {
@@ -83,9 +87,8 @@ in
     };
     users.groups.openldap.gid = config.ids.gids.openldap;
 
-    secrets.keys = lib.flatten (lib.mapAttrsToList (name: hcfg: [
-      {
-        dest = "openldap_replication/${name}/replication_config";
+    secrets.keys = lib.listToAttrs (lib.flatten (lib.mapAttrsToList (name: hcfg: [
+      (lib.nameValuePair "openldap_replication/${name}/replication_config" {
         user = "openldap";
         group = "openldap";
         permissions = "0400";
@@ -101,15 +104,14 @@ in
                   binddn="${hcfg.dn}"
                   credentials="${hcfg.password}"
           '';
-      }
-      {
-        dest = "openldap_replication/${name}/replication_password";
+      })
+      (lib.nameValuePair "openldap_replication/${name}/replication_password" {
         user = "openldap";
         group = "openldap";
         permissions = "0400";
         text = hcfg.password;
-      }
-    ]) cfg.hosts);
+      })
+    ]) cfg.hosts));
 
     services.cron = {
       enable = true;
@@ -120,7 +122,7 @@ in
           backup_script = pkgs.writeScript "backup_openldap_${name}" ''
               #!${pkgs.stdenv.shell}
 
-              ${hcfg.package}/bin/slapcat -b "${hcfg.base}" -f ${ldapConfig hcfg name} -l ${backupDir}/$(${pkgs.coreutils}/bin/date -Iseconds).ldif
+              ${hcfg.package}/bin/slapcat -b "${hcfg.base}" -f ${ldapConfig hcfg name} -l ${backupDir}/$(${pkgs.coreutils}/bin/date -Iminutes).ldif
             '';
           u = pkgs.callPackage ./utils.nix {};
           cleanup_script = pkgs.writeScript "cleanup_openldap_${name}" (u.exponentialDumps "ldif" backupDir);