{
config = let
serverSpecificConfig = config.myEnv.serverSpecific.quatresaisons;
- phpLdapAdmin = pkgs.webapps.phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; };
+ phpLdapAdmin = pkgs.webapps.phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; };
in {
services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_12;
- secrets.keys = [
- {
- dest = "ldap/password";
+ services.postgresql.ensureUsers = [
+ { name = "naemon"; }
+ ];
+ secrets.keys = {
+ "ldap/password" = {
permissions = "0400";
user = "openldap";
group = "openldap";
text = "rootpw ${serverSpecificConfig.ldap_root_pw}";
- }
- {
- dest = "webapps/tools-ldap";
+ };
+ "webapps/tools-ldap" = {
user = "wwwrun";
group = "wwwrun";
permissions = "0400";
$servers->setValue('login','attr','uid');
$servers->setValue('login','fallback_dn',true);
'';
- }
- ];
+ };
+ };
users.users.openldap.extraGroups = [ "keys" ];
services.openldap = {
by anonymous auth
by * break
'';
- rootpwFile = "${config.secrets.location}/ldap/password";
+ rootpwFile = config.secrets.fullPaths."ldap/password";
suffix = "dc=salle-s,dc=org";
rootdn = "cn=root,dc=salle-s,dc=org";
database = "hdb";
group = "wwwrun";
settings =
let
- basedir = builtins.concatStringsSep ":" [ phpLdapAdmin "/var/secrets/webapps/tools-ldap" ];
+ basedir = builtins.concatStringsSep ":" [ phpLdapAdmin config.secrets.fullPaths."webapps/tools-ldap" ];
in {
"listen.owner" = "wwwrun";
"listen.group" = "wwwrun";
projects / perso / Immae / Config / Nix.git / blobdiff