diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-17 10:26:33 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-17 10:26:49 +0200 |
commit | 4aac110f17f0528d90510eec00c9a8df60bcf04f (patch) | |
tree | f3fd7dfd999f56f397c1cdc972dd37978e15f0cd /modules/private/databases/openldap | |
parent | ffb14c1c25280777f5db3d2129c48dd319381f65 (diff) | |
download | Nix-4aac110f17f0528d90510eec00c9a8df60bcf04f.tar.gz Nix-4aac110f17f0528d90510eec00c9a8df60bcf04f.tar.zst Nix-4aac110f17f0528d90510eec00c9a8df60bcf04f.zip |
Remove direct dependency to myconfig in database modules
Diffstat (limited to 'modules/private/databases/openldap')
-rw-r--r-- | modules/private/databases/openldap/default.nix | 36 |
1 files changed, 30 insertions, 6 deletions
diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix index 46f85d2..e048d56 100644 --- a/modules/private/databases/openldap/default.nix +++ b/modules/private/databases/openldap/default.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | let | 2 | let |
3 | cfg = config.myServices.databases.openldap; | 3 | cfg = config.myServices.databases.openldap; |
4 | ldapConfig = let | 4 | ldapConfig = let |
@@ -27,8 +27,8 @@ let | |||
27 | 27 | ||
28 | moduleload memberof | 28 | moduleload memberof |
29 | database hdb | 29 | database hdb |
30 | suffix "${myconfig.env.ldap.base}" | 30 | suffix "${cfg.baseDn}" |
31 | rootdn "${myconfig.env.ldap.root_dn}" | 31 | rootdn "${cfg.rootDn}" |
32 | include ${config.secrets.location}/ldap/password | 32 | include ${config.secrets.location}/ldap/password |
33 | directory ${cfg.dataDir} | 33 | directory ${cfg.dataDir} |
34 | overlay memberof | 34 | overlay memberof |
@@ -53,6 +53,30 @@ in | |||
53 | description = "Whether to enable ldap"; | 53 | description = "Whether to enable ldap"; |
54 | type = lib.types.bool; | 54 | type = lib.types.bool; |
55 | }; | 55 | }; |
56 | baseDn = lib.mkOption { | ||
57 | type = lib.types.str; | ||
58 | description = '' | ||
59 | Base DN for LDAP | ||
60 | ''; | ||
61 | }; | ||
62 | rootDn = lib.mkOption { | ||
63 | type = lib.types.str; | ||
64 | description = '' | ||
65 | Root DN | ||
66 | ''; | ||
67 | }; | ||
68 | rootPw = lib.mkOption { | ||
69 | type = lib.types.str; | ||
70 | description = '' | ||
71 | Root (Hashed) password | ||
72 | ''; | ||
73 | }; | ||
74 | accessFile = lib.mkOption { | ||
75 | type = lib.types.path; | ||
76 | description = '' | ||
77 | The file path that defines the access | ||
78 | ''; | ||
79 | }; | ||
56 | dataDir = lib.mkOption { | 80 | dataDir = lib.mkOption { |
57 | type = lib.types.path; | 81 | type = lib.types.path; |
58 | default = "/var/lib/openldap"; | 82 | default = "/var/lib/openldap"; |
@@ -89,14 +113,14 @@ in | |||
89 | permissions = "0400"; | 113 | permissions = "0400"; |
90 | user = "openldap"; | 114 | user = "openldap"; |
91 | group = "openldap"; | 115 | group = "openldap"; |
92 | text = "rootpw ${myconfig.env.ldap.root_pw}"; | 116 | text = "rootpw ${cfg.rootPw}"; |
93 | } | 117 | } |
94 | { | 118 | { |
95 | dest = "ldap/access "; | 119 | dest = "ldap/access"; |
96 | permissions = "0400"; | 120 | permissions = "0400"; |
97 | user = "openldap"; | 121 | user = "openldap"; |
98 | group = "openldap"; | 122 | group = "openldap"; |
99 | text = builtins.readFile "${myconfig.privateFiles}/ldap.conf"; | 123 | text = builtins.readFile "${cfg.accessFile}"; |
100 | } | 124 | } |
101 | ]; | 125 | ]; |
102 | users.users.openldap.extraGroups = [ "keys" ]; | 126 | users.users.openldap.extraGroups = [ "keys" ]; |