chmod go-rwx /var/lib/nixos/sponsored_users
echo "$mygroup $1 $2" >> /var/lib/nixos/sponsored_users
(${pkgs.openldap}/bin/ldapadd -c -D cn=root,dc=salle-s,dc=org \
- -y /var/secrets/ldap/sync_password 2>/dev/null >/dev/null || true) <<EOF
+ -y ${config.secrets.fullPaths."ldap/sync_password"} 2>/dev/null >/dev/null || true) <<EOF
dn: uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org
objectClass: inetOrgPerson
cn: $1
userdel -r "$1"
sed -i -e "/^$mygroup $1/d" /var/lib/nixos/sponsored_users
${pkgs.openldap}/bin/ldapdelete -D cn=root,dc=salle-s,dc=org \
- -y /var/secrets/ldap/sync_password \
+ -y ${config.secrets.fullPaths."ldap/sync_password"} \
"uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org"
echo "deleted"
exit 0
if [ "$1" = "$mygroup" ]; then
log "resets web password"
${pkgs.openldap}/bin/ldappasswd -D cn=root,dc=salle-s,dc=org \
- -y /var/secrets/ldap/sync_password \
+ -y ${config.secrets.fullPaths."ldap/sync_password"} \
-S "uid=$mygroup,ou=users,dc=salle-s,dc=org"
else
IFS=",";
if [ "$u" = "$1" ]; then
log "resets web password of $1"
${pkgs.openldap}/bin/ldappasswd -D cn=root,dc=salle-s,dc=org \
- -y /var/secrets/ldap/sync_password \
+ -y ${config.secrets.fullPaths."ldap/sync_password"} \
-S "uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org"
exit 0
fi
deps = [ "secrets" "users" ];
text =
let
- com = "-D cn=root,dc=salle-s,dc=org -y /var/secrets/ldap/sync_password";
+ com = "-D cn=root,dc=salle-s,dc=org -y ${config.secrets.fullPaths."ldap/sync_password"}";
in ''
# Add users
- ${pkgs.openldap}/bin/ldapadd -c ${com} -f /var/secrets/ldap/ldaptree.ldif 2>/dev/null >/dev/null || true
+ ${pkgs.openldap}/bin/ldapadd -c ${com} -f ${config.secrets.fullPaths."ldap/ldaptree.ldif"} 2>/dev/null >/dev/null || true
# Remove obsolete users
${pkgs.openldap}/bin/ldapsearch -LLL ${com} -s one -b "ou=users,dc=salle-s,dc=org" "uid" |\