diff options
Diffstat (limited to 'modules/private/databases/openldap')
| -rw-r--r-- | modules/private/databases/openldap/default.nix | 36 |
1 files changed, 30 insertions, 6 deletions
diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix index 46f85d2..e048d56 100644 --- a/modules/private/databases/openldap/default.nix +++ b/modules/private/databases/openldap/default.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | cfg = config.myServices.databases.openldap; | 3 | cfg = config.myServices.databases.openldap; |
| 4 | ldapConfig = let | 4 | ldapConfig = let |
| @@ -27,8 +27,8 @@ let | |||
| 27 | 27 | ||
| 28 | moduleload memberof | 28 | moduleload memberof |
| 29 | database hdb | 29 | database hdb |
| 30 | suffix "${myconfig.env.ldap.base}" | 30 | suffix "${cfg.baseDn}" |
| 31 | rootdn "${myconfig.env.ldap.root_dn}" | 31 | rootdn "${cfg.rootDn}" |
| 32 | include ${config.secrets.location}/ldap/password | 32 | include ${config.secrets.location}/ldap/password |
| 33 | directory ${cfg.dataDir} | 33 | directory ${cfg.dataDir} |
| 34 | overlay memberof | 34 | overlay memberof |
| @@ -53,6 +53,30 @@ in | |||
| 53 | description = "Whether to enable ldap"; | 53 | description = "Whether to enable ldap"; |
| 54 | type = lib.types.bool; | 54 | type = lib.types.bool; |
| 55 | }; | 55 | }; |
| 56 | baseDn = lib.mkOption { | ||
| 57 | type = lib.types.str; | ||
| 58 | description = '' | ||
| 59 | Base DN for LDAP | ||
| 60 | ''; | ||
| 61 | }; | ||
| 62 | rootDn = lib.mkOption { | ||
| 63 | type = lib.types.str; | ||
| 64 | description = '' | ||
| 65 | Root DN | ||
| 66 | ''; | ||
| 67 | }; | ||
| 68 | rootPw = lib.mkOption { | ||
| 69 | type = lib.types.str; | ||
| 70 | description = '' | ||
| 71 | Root (Hashed) password | ||
| 72 | ''; | ||
| 73 | }; | ||
| 74 | accessFile = lib.mkOption { | ||
| 75 | type = lib.types.path; | ||
| 76 | description = '' | ||
| 77 | The file path that defines the access | ||
| 78 | ''; | ||
| 79 | }; | ||
| 56 | dataDir = lib.mkOption { | 80 | dataDir = lib.mkOption { |
| 57 | type = lib.types.path; | 81 | type = lib.types.path; |
| 58 | default = "/var/lib/openldap"; | 82 | default = "/var/lib/openldap"; |
| @@ -89,14 +113,14 @@ in | |||
| 89 | permissions = "0400"; | 113 | permissions = "0400"; |
| 90 | user = "openldap"; | 114 | user = "openldap"; |
| 91 | group = "openldap"; | 115 | group = "openldap"; |
| 92 | text = "rootpw ${myconfig.env.ldap.root_pw}"; | 116 | text = "rootpw ${cfg.rootPw}"; |
| 93 | } | 117 | } |
| 94 | { | 118 | { |
| 95 | dest = "ldap/access "; | 119 | dest = "ldap/access"; |
| 96 | permissions = "0400"; | 120 | permissions = "0400"; |
| 97 | user = "openldap"; | 121 | user = "openldap"; |
| 98 | group = "openldap"; | 122 | group = "openldap"; |
| 99 | text = builtins.readFile "${myconfig.privateFiles}/ldap.conf"; | 123 | text = builtins.readFile "${cfg.accessFile}"; |
| 100 | } | 124 | } |
| 101 | ]; | 125 | ]; |
| 102 | users.users.openldap.extraGroups = [ "keys" ]; | 126 | users.users.openldap.extraGroups = [ "keys" ]; |