diff options
Diffstat (limited to 'modules/private/system/quatresaisons.nix')
-rw-r--r-- | modules/private/system/quatresaisons.nix | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/modules/private/system/quatresaisons.nix b/modules/private/system/quatresaisons.nix index 0148650..491e215 100644 --- a/modules/private/system/quatresaisons.nix +++ b/modules/private/system/quatresaisons.nix | |||
@@ -53,7 +53,7 @@ let | |||
53 | chmod go-rwx /var/lib/nixos/sponsored_users | 53 | chmod go-rwx /var/lib/nixos/sponsored_users |
54 | echo "$mygroup $1 $2" >> /var/lib/nixos/sponsored_users | 54 | echo "$mygroup $1 $2" >> /var/lib/nixos/sponsored_users |
55 | (${pkgs.openldap}/bin/ldapadd -c -D cn=root,dc=salle-s,dc=org \ | 55 | (${pkgs.openldap}/bin/ldapadd -c -D cn=root,dc=salle-s,dc=org \ |
56 | -y /var/secrets/ldap/sync_password 2>/dev/null >/dev/null || true) <<EOF | 56 | -y ${config.secrets.fullPaths."ldap/sync_password"} 2>/dev/null >/dev/null || true) <<EOF |
57 | dn: uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org | 57 | dn: uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org |
58 | objectClass: inetOrgPerson | 58 | objectClass: inetOrgPerson |
59 | cn: $1 | 59 | cn: $1 |
@@ -74,7 +74,7 @@ let | |||
74 | userdel -r "$1" | 74 | userdel -r "$1" |
75 | sed -i -e "/^$mygroup $1/d" /var/lib/nixos/sponsored_users | 75 | sed -i -e "/^$mygroup $1/d" /var/lib/nixos/sponsored_users |
76 | ${pkgs.openldap}/bin/ldapdelete -D cn=root,dc=salle-s,dc=org \ | 76 | ${pkgs.openldap}/bin/ldapdelete -D cn=root,dc=salle-s,dc=org \ |
77 | -y /var/secrets/ldap/sync_password \ | 77 | -y ${config.secrets.fullPaths."ldap/sync_password"} \ |
78 | "uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org" | 78 | "uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org" |
79 | echo "deleted" | 79 | echo "deleted" |
80 | exit 0 | 80 | exit 0 |
@@ -103,7 +103,7 @@ let | |||
103 | if [ "$1" = "$mygroup" ]; then | 103 | if [ "$1" = "$mygroup" ]; then |
104 | log "resets web password" | 104 | log "resets web password" |
105 | ${pkgs.openldap}/bin/ldappasswd -D cn=root,dc=salle-s,dc=org \ | 105 | ${pkgs.openldap}/bin/ldappasswd -D cn=root,dc=salle-s,dc=org \ |
106 | -y /var/secrets/ldap/sync_password \ | 106 | -y ${config.secrets.fullPaths."ldap/sync_password"} \ |
107 | -S "uid=$mygroup,ou=users,dc=salle-s,dc=org" | 107 | -S "uid=$mygroup,ou=users,dc=salle-s,dc=org" |
108 | else | 108 | else |
109 | IFS=","; | 109 | IFS=","; |
@@ -111,7 +111,7 @@ let | |||
111 | if [ "$u" = "$1" ]; then | 111 | if [ "$u" = "$1" ]; then |
112 | log "resets web password of $1" | 112 | log "resets web password of $1" |
113 | ${pkgs.openldap}/bin/ldappasswd -D cn=root,dc=salle-s,dc=org \ | 113 | ${pkgs.openldap}/bin/ldappasswd -D cn=root,dc=salle-s,dc=org \ |
114 | -y /var/secrets/ldap/sync_password \ | 114 | -y ${config.secrets.fullPaths."ldap/sync_password"} \ |
115 | -S "uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org" | 115 | -S "uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org" |
116 | exit 0 | 116 | exit 0 |
117 | fi | 117 | fi |
@@ -221,10 +221,10 @@ in | |||
221 | deps = [ "secrets" "users" ]; | 221 | deps = [ "secrets" "users" ]; |
222 | text = | 222 | text = |
223 | let | 223 | let |
224 | com = "-D cn=root,dc=salle-s,dc=org -y /var/secrets/ldap/sync_password"; | 224 | com = "-D cn=root,dc=salle-s,dc=org -y ${config.secrets.fullPaths."ldap/sync_password"}"; |
225 | in '' | 225 | in '' |
226 | # Add users | 226 | # Add users |
227 | ${pkgs.openldap}/bin/ldapadd -c ${com} -f /var/secrets/ldap/ldaptree.ldif 2>/dev/null >/dev/null || true | 227 | ${pkgs.openldap}/bin/ldapadd -c ${com} -f ${config.secrets.fullPaths."ldap/ldaptree.ldif"} 2>/dev/null >/dev/null || true |
228 | 228 | ||
229 | # Remove obsolete users | 229 | # Remove obsolete users |
230 | ${pkgs.openldap}/bin/ldapsearch -LLL ${com} -s one -b "ou=users,dc=salle-s,dc=org" "uid" |\ | 230 | ${pkgs.openldap}/bin/ldapsearch -LLL ${com} -s one -b "ou=users,dc=salle-s,dc=org" "uid" |\ |