aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/databases/openldap.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixops/modules/databases/openldap.nix')
-rw-r--r--nixops/modules/databases/openldap.nix21
1 files changed, 19 insertions, 2 deletions
diff --git a/nixops/modules/databases/openldap.nix b/nixops/modules/databases/openldap.nix
index 165a029..7ed4bc0 100644
--- a/nixops/modules/databases/openldap.nix
+++ b/nixops/modules/databases/openldap.nix
@@ -29,7 +29,7 @@ let
29 database hdb 29 database hdb
30 suffix "${myconfig.env.ldap.base}" 30 suffix "${myconfig.env.ldap.base}"
31 rootdn "${myconfig.env.ldap.root_dn}" 31 rootdn "${myconfig.env.ldap.root_dn}"
32 rootpw ${myconfig.env.ldap.root_pw} 32 include /run/keys/ldap/ldap-password
33 directory /var/lib/openldap 33 directory /var/lib/openldap
34 overlay memberof 34 overlay memberof
35 35
@@ -41,7 +41,7 @@ let
41 #TLSCipherSuite DEFAULT 41 #TLSCipherSuite DEFAULT
42 42
43 sasl-host kerberos.immae.eu 43 sasl-host kerberos.immae.eu
44 ${builtins.readFile "${myconfig.privateFiles}/ldap.conf"} 44 include /run/keys/ldap/ldap-access
45 ''; 45 '';
46in { 46in {
47 options.services.myDatabases = { 47 options.services.myDatabases = {
@@ -56,6 +56,23 @@ in {
56 }; 56 };
57 57
58 config = lib.mkIf cfg.enable { 58 config = lib.mkIf cfg.enable {
59 deployment.keys = {
60 ldap-password = {
61 destDir = "/run/keys/ldap";
62 permissions = "0400";
63 user = "openldap";
64 group = "openldap";
65 text = "rootpw ${myconfig.env.ldap.root_pw}";
66 };
67 ldap-access = {
68 destDir = "/run/keys/ldap";
69 permissions = "0400";
70 user = "openldap";
71 group = "openldap";
72 text = builtins.readFile "${myconfig.privateFiles}/ldap.conf";
73 };
74 };
75 users.users.openldap.extraGroups = [ "keys" ];
59 networking.firewall.allowedTCPPorts = [ 636 389 ]; 76 networking.firewall.allowedTCPPorts = [ 636 389 ];
60 77
61 services.cron = { 78 services.cron = {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-13 07:06:53 +0000