X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fdatabases%2Fopenldap_replication.nix;fp=modules%2Fprivate%2Fdatabases%2Fopenldap_replication.nix;h=0000000000000000000000000000000000000000;hp=b456323460c2234bb0e6f30ea13f9b719c01eac8;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0 diff --git a/modules/private/databases/openldap_replication.nix b/modules/private/databases/openldap_replication.nix deleted file mode 100644 index b456323..0000000 --- a/modules/private/databases/openldap_replication.nix +++ /dev/null @@ -1,166 +0,0 @@ -{ pkgs, config, lib, ... }: -let - cfg = config.myServices.databasesReplication.openldap; - eldiron_schemas = pkgs.callPackage ./openldap/eldiron_schemas.nix {}; - ldapConfig = hcfg: name: pkgs.writeText "slapd.conf" '' - include ${pkgs.openldap}/etc/schema/core.schema - include ${pkgs.openldap}/etc/schema/cosine.schema - include ${pkgs.openldap}/etc/schema/inetorgperson.schema - include ${pkgs.openldap}/etc/schema/nis.schema - ${eldiron_schemas} - pidfile /run/slapd_${name}/slapd.pid - argsfile /run/slapd_${name}/slapd.args - - moduleload back_hdb - backend hdb - database hdb - - suffix "${hcfg.base}" - rootdn "cn=root,${hcfg.base}" - directory ${cfg.base}/${name}/openldap - - index objectClass eq - index uid pres,eq - index entryUUID eq - - include ${config.secrets.fullPaths."openldap_replication/${name}/replication_config"} - ''; -in -{ - options.myServices.databasesReplication.openldap = { - enable = lib.mkEnableOption "Enable openldap replication"; - base = lib.mkOption { - type = lib.types.path; - description = '' - Base path to put the replications - ''; - }; - hosts = lib.mkOption { - default = {}; - description = '' - Hosts to backup - ''; - type = lib.types.attrsOf (lib.types.submodule { - options = { - package = lib.mkOption { - type = lib.types.package; - default = pkgs.openldap; - description = '' - Openldap package for this host - ''; - }; - url = lib.mkOption { - type = lib.types.str; - description = '' - Host to connect to - ''; - }; - base = lib.mkOption { - type = lib.types.str; - description = '' - Base DN to replicate - ''; - }; - dn = lib.mkOption { - type = lib.types.str; - description = '' - DN to use - ''; - }; - password = lib.mkOption { - type = lib.types.str; - description = '' - Password to use - ''; - }; - }; - }); - }; - }; - - config = lib.mkIf cfg.enable { - users.users.openldap = { - description = "Openldap database user"; - group = "openldap"; - uid = config.ids.uids.openldap; - extraGroups = [ "keys" ]; - }; - users.groups.openldap.gid = config.ids.gids.openldap; - - secrets.keys = lib.listToAttrs (lib.flatten (lib.mapAttrsToList (name: hcfg: [ - (lib.nameValuePair "openldap_replication/${name}/replication_config" { - user = "openldap"; - group = "openldap"; - permissions = "0400"; - text = '' - syncrepl rid=000 - provider=${hcfg.url} - type=refreshAndPersist - searchbase="${hcfg.base}" - retry="5 10 300 +" - attrs="*,+" - schemachecking=off - bindmethod=simple - binddn="${hcfg.dn}" - credentials="${hcfg.password}" - ''; - }) - (lib.nameValuePair "openldap_replication/${name}/replication_password" { - user = "openldap"; - group = "openldap"; - permissions = "0400"; - text = hcfg.password; - }) - ]) cfg.hosts)); - - services.cron = { - enable = true; - systemCronJobs = lib.flatten (lib.mapAttrsToList (name: hcfg: - let - dataDir = "${cfg.base}/${name}/openldap"; - backupDir = "${cfg.base}/${name}/openldap_backup"; - backup_script = pkgs.writeScript "backup_openldap_${name}" '' - #!${pkgs.stdenv.shell} - - ${hcfg.package}/bin/slapcat -b "${hcfg.base}" -f ${ldapConfig hcfg name} -l ${backupDir}/$(${pkgs.coreutils}/bin/date -Iminutes).ldif - ''; - u = pkgs.callPackage ./utils.nix {}; - cleanup_script = pkgs.writeScript "cleanup_openldap_${name}" (u.exponentialDumps "ldif" backupDir); - in [ - "0 22,4,10,16 * * * root ${backup_script}" - "0 3 * * * root ${cleanup_script}" - ]) cfg.hosts); - }; - - system.activationScripts = lib.attrsets.mapAttrs' (name: hcfg: - lib.attrsets.nameValuePair "openldap_replication_${name}" { - deps = [ "users" "groups" ]; - text = '' - install -m 0700 -o openldap -g openldap -d ${cfg.base}/${name}/openldap - install -m 0700 -o openldap -g openldap -d ${cfg.base}/${name}/openldap_backup - ''; - }) cfg.hosts; - - systemd.services = lib.attrsets.mapAttrs' (name: hcfg: - let - dataDir = "${cfg.base}/${name}/openldap"; - in - lib.attrsets.nameValuePair "openldap_backup_${name}" { - description = "Openldap replication for ${name}"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - unitConfig.RequiresMountsFor = dataDir; - - preStart = '' - mkdir -p /run/slapd_${name} - chown -R "openldap:openldap" /run/slapd_${name} - ''; - - serviceConfig = { - ExecStart = "${hcfg.package}/libexec/slapd -d 0 -u openldap -g openldap -f ${ldapConfig hcfg name}"; - }; - }) cfg.hosts; - }; -} - -