services.postgresql.ensureUsers = [
{ name = "naemon"; }
];
- secrets.keys = [
- {
- dest = "ldap/password";
+ secrets.keys = {
+ "ldap/password" = {
permissions = "0400";
user = "openldap";
group = "openldap";
text = "rootpw ${serverSpecificConfig.ldap_root_pw}";
- }
- {
- dest = "webapps/tools-ldap";
+ };
+ "webapps/tools-ldap" = {
user = "wwwrun";
group = "wwwrun";
permissions = "0400";
$servers->setValue('login','attr','uid');
$servers->setValue('login','fallback_dn',true);
'';
- }
- ];
+ };
+ };
users.users.openldap.extraGroups = [ "keys" ];
services.openldap = {