Make chown last PLEASE
This commit is contained in:
parent
b0e105371c
commit
c7e98dcb27
|
@ -13,16 +13,16 @@ let
|
||||||
|
|
||||||
attrOr = attrs: attr: value: if attrs ? ${attr} then attrs.${attr} else value;
|
attrOr = attrs: attr: value: if attrs ? ${attr} then attrs.${attr} else value;
|
||||||
|
|
||||||
ca-path = "${cfg.state-directory}/ca.pem";
|
ca-path = "/etc/openldap/ca.pem";
|
||||||
|
|
||||||
build-ca-script = target: ca-cert: site-chain:
|
build-ca-script = ca-cert: site-chain:
|
||||||
let
|
let
|
||||||
user = config.services.openldap.user;
|
user = config.services.openldap.user;
|
||||||
group = config.services.openldap.group;
|
group = config.services.openldap.group;
|
||||||
in pkgs.writeShellScript "build-openldap-ca-script.sh" ''
|
in pkgs.writeShellScript "build-openldap-ca-script.sh" ''
|
||||||
cat ${site-chain} ${ca-cert} > ${target}
|
cat ${site-chain} ${ca-cert} > ${ca-path}
|
||||||
chmod 440 ${target}
|
chmod 440 ${ca-path}
|
||||||
chown ${user}:${group} ${target}
|
chown ${user}:${group} ${ca-path}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
mkHomeDir = username: user-opts:
|
mkHomeDir = username: user-opts:
|
||||||
|
@ -260,10 +260,10 @@ in {
|
||||||
environment = mkIf (cfg.kerberos-keytab != null) {
|
environment = mkIf (cfg.kerberos-keytab != null) {
|
||||||
KRB5_KTNAME = cfg.kerberos-keytab;
|
KRB5_KTNAME = cfg.kerberos-keytab;
|
||||||
};
|
};
|
||||||
preStart = mkAfter ''
|
preStart = mkOrder 5000 ''
|
||||||
${build-ca-script ca-path cfg.ssl-chain cfg.ssl-ca-certificate}
|
${build-ca-script cfg.ssl-chain cfg.ssl-ca-certificate}
|
||||||
# The script is failing to do this
|
# The script is failing to do this
|
||||||
chown "${user}:${group}" /etc/openldap
|
chown "${user}:${group}" -R /etc/openldap
|
||||||
'';
|
'';
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
PrivateDevices = true;
|
PrivateDevices = true;
|
||||||
|
@ -326,7 +326,7 @@ in {
|
||||||
attrs = {
|
attrs = {
|
||||||
cn = "config";
|
cn = "config";
|
||||||
objectClass = "olcGlobal";
|
objectClass = "olcGlobal";
|
||||||
olcPidFile = "/run/slapd/slapd.pid";
|
# olcPidFile = "/run/slapd/slapd.pid";
|
||||||
olcTLSCertificateFile = cfg.ssl-certificate;
|
olcTLSCertificateFile = cfg.ssl-certificate;
|
||||||
olcTLSCertificateKeyFile = cfg.ssl-private-key;
|
olcTLSCertificateKeyFile = cfg.ssl-private-key;
|
||||||
olcTLSCACertificateFile = ca-path;
|
olcTLSCACertificateFile = ca-path;
|
||||||
|
|
Loading…
Reference in New Issue