Make chown last PLEASE

This commit is contained in:
niten 2022-12-10 17:37:41 -08:00
parent b0e105371c
commit c7e98dcb27
1 changed files with 9 additions and 9 deletions

View File

@ -13,16 +13,16 @@ let
attrOr = attrs: attr: value: if attrs ? ${attr} then attrs.${attr} else value; attrOr = attrs: attr: value: if attrs ? ${attr} then attrs.${attr} else value;
ca-path = "${cfg.state-directory}/ca.pem"; ca-path = "/etc/openldap/ca.pem";
build-ca-script = target: ca-cert: site-chain: build-ca-script = ca-cert: site-chain:
let let
user = config.services.openldap.user; user = config.services.openldap.user;
group = config.services.openldap.group; group = config.services.openldap.group;
in pkgs.writeShellScript "build-openldap-ca-script.sh" '' in pkgs.writeShellScript "build-openldap-ca-script.sh" ''
cat ${site-chain} ${ca-cert} > ${target} cat ${site-chain} ${ca-cert} > ${ca-path}
chmod 440 ${target} chmod 440 ${ca-path}
chown ${user}:${group} ${target} chown ${user}:${group} ${ca-path}
''; '';
mkHomeDir = username: user-opts: mkHomeDir = username: user-opts:
@ -260,10 +260,10 @@ in {
environment = mkIf (cfg.kerberos-keytab != null) { environment = mkIf (cfg.kerberos-keytab != null) {
KRB5_KTNAME = cfg.kerberos-keytab; KRB5_KTNAME = cfg.kerberos-keytab;
}; };
preStart = mkAfter '' preStart = mkOrder 5000 ''
${build-ca-script ca-path cfg.ssl-chain cfg.ssl-ca-certificate} ${build-ca-script cfg.ssl-chain cfg.ssl-ca-certificate}
# The script is failing to do this # The script is failing to do this
chown "${user}:${group}" /etc/openldap chown "${user}:${group}" -R /etc/openldap
''; '';
serviceConfig = { serviceConfig = {
PrivateDevices = true; PrivateDevices = true;
@ -326,7 +326,7 @@ in {
attrs = { attrs = {
cn = "config"; cn = "config";
objectClass = "olcGlobal"; objectClass = "olcGlobal";
olcPidFile = "/run/slapd/slapd.pid"; # olcPidFile = "/run/slapd/slapd.pid";
olcTLSCertificateFile = cfg.ssl-certificate; olcTLSCertificateFile = cfg.ssl-certificate;
olcTLSCertificateKeyFile = cfg.ssl-private-key; olcTLSCertificateKeyFile = cfg.ssl-private-key;
olcTLSCACertificateFile = ca-path; olcTLSCACertificateFile = ca-path;