diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-13 02:26:54 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-16 01:39:24 +0200 |
commit | da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (patch) | |
tree | bd45012713b065829c1991e55d52081a8baef58a /modules/private/databases/openldap/default.nix | |
parent | bd5c5d4e23ebd3863a960976767ed4a83dfd07fe (diff) | |
download | Nix-da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2.tar.gz Nix-da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2.tar.zst Nix-da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2.zip |
Move secrets to flakes
Diffstat (limited to 'modules/private/databases/openldap/default.nix')
-rw-r--r-- | modules/private/databases/openldap/default.nix | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix index e00f4c2..f4851b5 100644 --- a/modules/private/databases/openldap/default.nix +++ b/modules/private/databases/openldap/default.nix | |||
@@ -98,7 +98,14 @@ in | |||
98 | permissions = "0400"; | 98 | permissions = "0400"; |
99 | user = "openldap"; | 99 | user = "openldap"; |
100 | group = "openldap"; | 100 | group = "openldap"; |
101 | text = builtins.readFile "${cfg.accessFile}"; | 101 | text = builtins.readFile cfg.accessFile; |
102 | } | ||
103 | { | ||
104 | dest = "ldap"; | ||
105 | permissions = "0500"; | ||
106 | user = "openldap"; | ||
107 | group = "openldap"; | ||
108 | isDir = true; | ||
102 | } | 109 | } |
103 | ]; | 110 | ]; |
104 | users.users.openldap.extraGroups = [ "keys" ]; | 111 | users.users.openldap.extraGroups = [ "keys" ]; |
@@ -115,7 +122,7 @@ in | |||
115 | 122 | ||
116 | services.filesWatcher.openldap = { | 123 | services.filesWatcher.openldap = { |
117 | restart = true; | 124 | restart = true; |
118 | paths = [ "${config.secrets.location}/ldap/" ]; | 125 | paths = [ config.secrets.fullPaths."ldap" ]; |
119 | }; | 126 | }; |
120 | 127 | ||
121 | services.openldap = { | 128 | services.openldap = { |
@@ -132,9 +139,9 @@ in | |||
132 | overlay syncprov | 139 | overlay syncprov |
133 | syncprov-checkpoint 100 10 | 140 | syncprov-checkpoint 100 10 |
134 | 141 | ||
135 | include ${config.secrets.location}/ldap/access | 142 | include ${config.secrets.fullPaths."ldap/access"} |
136 | ''; | 143 | ''; |
137 | rootpwFile = "${config.secrets.location}/ldap/password"; | 144 | rootpwFile = config.secrets.fullPaths."ldap/password"; |
138 | suffix = cfg.baseDn; | 145 | suffix = cfg.baseDn; |
139 | rootdn = cfg.rootDn; | 146 | rootdn = cfg.rootDn; |
140 | database = "hdb"; | 147 | database = "hdb"; |