aboutsummaryrefslogtreecommitdiff
path: root/modules/private/databases/openldap/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/databases/openldap/default.nix')
-rw-r--r--modules/private/databases/openldap/default.nix19
1 files changed, 8 insertions, 11 deletions
diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix
index f4851b5..d35aca0 100644
--- a/modules/private/databases/openldap/default.nix
+++ b/modules/private/databases/openldap/default.nix
@@ -85,29 +85,26 @@ in
85 }; 85 };
86 86
87 config = lib.mkIf cfg.enable { 87 config = lib.mkIf cfg.enable {
88 secrets.keys = [ 88 secrets.keys = {
89 { 89 "ldap/password" = {
90 dest = "ldap/password";
91 permissions = "0400"; 90 permissions = "0400";
92 user = "openldap"; 91 user = "openldap";
93 group = "openldap"; 92 group = "openldap";
94 text = "rootpw ${cfg.rootPw}"; 93 text = "rootpw ${cfg.rootPw}";
95 } 94 };
96 { 95 "ldap/access" = {
97 dest = "ldap/access";
98 permissions = "0400"; 96 permissions = "0400";
99 user = "openldap"; 97 user = "openldap";
100 group = "openldap"; 98 group = "openldap";
101 text = builtins.readFile cfg.accessFile; 99 text = builtins.readFile cfg.accessFile;
102 } 100 };
103 { 101 "ldap" = {
104 dest = "ldap";
105 permissions = "0500"; 102 permissions = "0500";
106 user = "openldap"; 103 user = "openldap";
107 group = "openldap"; 104 group = "openldap";
108 isDir = true; 105 isDir = true;
109 } 106 };
110 ]; 107 };
111 users.users.openldap.extraGroups = [ "keys" ]; 108 users.users.openldap.extraGroups = [ "keys" ];
112 networking.firewall.allowedTCPPorts = [ 636 389 ]; 109 networking.firewall.allowedTCPPorts = [ 636 389 ];
113 110
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 23:26:04 +0000