From 0a1451afe366873890c1df7a2fc6532ccc39f6bf Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Wed, 27 Mar 2019 01:46:19 +0100 Subject: [PATCH] nixos/ldap: rename password file options properly users.ldap.daemon.rootpwmodpw -> users.ldap.daemon.rootpwmodpwFile users.ldap.bind.password -> users.ldap.bind.passwordFile as users.ldap.daemon.rootpwmodpw never was part of a release, no mkRenamedOptionModule is introduced. --- nixos/modules/config/ldap.nix | 24 ++++++++++++++---------- nixos/tests/ldap.nix | 5 ++--- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/nixos/modules/config/ldap.nix b/nixos/modules/config/ldap.nix index f65a3fc50d5..b5f6702f1c6 100644 --- a/nixos/modules/config/ldap.nix +++ b/nixos/modules/config/ldap.nix @@ -139,13 +139,13 @@ in ''; }; - rootpwmodpw = mkOption { + rootpwmodpwFile = mkOption { default = ""; example = "/run/keys/nslcd.rootpwmodpw"; type = types.str; description = '' - The path to a file containing the credentials with which - to bind to the LDAP server if the root user tries to change a user's password + The path to a file containing the credentials with which to bind to + the LDAP server if the root user tries to change a user's password. ''; }; }; @@ -161,7 +161,7 @@ in ''; }; - password = mkOption { + passwordFile = mkOption { default = "/etc/ldap/bind.password"; type = types.str; description = '' @@ -224,10 +224,10 @@ in system.activationScripts = mkIf insertLdapPassword { ldap = stringAfter [ "etc" "groups" "users" ] '' - if test -f "${cfg.bind.password}" ; then + if test -f "${cfg.bind.passwordFile}" ; then umask 0077 conf="$(mktemp)" - printf 'bindpw %s\n' "$(cat ${cfg.bind.password})" | + printf 'bindpw %s\n' "$(cat ${cfg.bind.passwordFile})" | cat ${ldapConfig.source} - >"$conf" mv -fT "$conf" /etc/ldap.conf fi @@ -260,10 +260,10 @@ in conf="$(mktemp)" { cat ${nslcdConfig.source} - test -z '${cfg.bind.distinguishedName}' -o ! -f '${cfg.bind.password}' || - printf 'bindpw %s\n' "$(cat '${cfg.bind.password}')" - test -z '${cfg.daemon.rootpwmoddn}' -o ! -f '${cfg.daemon.rootpwmodpw}' || - printf 'rootpwmodpw %s\n' "$(cat '${cfg.daemon.rootpwmodpw}')" + test -z '${cfg.bind.distinguishedName}' -o ! -f '${cfg.bind.passwordFile}' || + printf 'bindpw %s\n' "$(cat '${cfg.bind.passwordFile}')" + test -z '${cfg.daemon.rootpwmoddn}' -o ! -f '${cfg.daemon.rootpwmodpwFile}' || + printf 'rootpwmodpw %s\n' "$(cat '${cfg.daemon.rootpwmodpwFile}')" } >"$conf" mv -fT "$conf" /etc/nslcd.conf ''; @@ -287,4 +287,8 @@ in }; }; + + imports = + [ (mkRenamedOptionModule [ "users" "ldap" "bind" "password"] [ "users" "ldap" "bind" "passwordFile"]) + ]; } diff --git a/nixos/tests/ldap.nix b/nixos/tests/ldap.nix index b3fd42e7588..18a6a2e89fe 100644 --- a/nixos/tests/ldap.nix +++ b/nixos/tests/ldap.nix @@ -28,9 +28,8 @@ let users.ldap.daemon = { enable = useDaemon; rootpwmoddn = "cn=admin,${dbSuffix}"; - rootpwmodpw = "/etc/nslcd.rootpwmodpw"; + rootpwmodpwFile = "/etc/nslcd.rootpwmodpw"; }; - # NOTE: password stored in clear in Nix's store, but this is a test. environment.etc."nslcd.rootpwmodpw".source = pkgs.writeText "rootpwmodpw" dbAdminPwd; users.ldap.loginPam = true; users.ldap.nsswitch = true; @@ -38,7 +37,7 @@ let users.ldap.base = "ou=posix,${dbSuffix}"; users.ldap.bind = { distinguishedName = "cn=admin,${dbSuffix}"; - password = "/etc/ldap/bind.password"; + passwordFile = "/etc/ldap/bind.password"; }; # NOTE: password stored in clear in Nix's store, but this is a test. environment.etc."ldap/bind.password".source = pkgs.writeText "password" dbAdminPwd;