nixos/openldap: Add support for base64 values

nixos/modules/services/databases/openldap.nix

@@ -28,7 +28,9 @@ let
   configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d";
 
   ldapValueType = let
-    singleLdapValueType = types.either types.str (types.submodule {
+    singleLdapValueType = types.oneOf [
+      types.str
+      (types.submodule {
         options = {
           path = mkOption {
             type = types.path;
@@ -38,7 +40,19 @@ let
             '';
           };
         };
-    });
+      })
+      (types.submodule {
+        options = {
+          base64 = mkOption {
+            type = types.str;
+            description = ''
+              A base64-encoded LDAP attribute. Useful for storing values which
+              contain special characters (e.g. newlines) in LDIF files.
+            '';
+          };
+        };
+      })
+    ];
   in types.either singleLdapValueType (types.listOf singleLdapValueType);
 
   ldapAttrsType =
@@ -83,8 +97,14 @@ let
     in types.submodule { inherit options; };
 
   valueToLdif = attr: values: let
-    singleValueToLdif = value: if lib.isAttrs value then "${attr}:< file://${value.path}" else "${attr}: ${value}";
+    listValues = if lib.isList values then values else lib.singleton values;
-  in if lib.isList values then map singleValueToLdif values else [ (singleValueToLdif values) ];
+  in map (value:
+    if lib.isAttrs value then
+      if lib.hasAttr "path" value
+      then "${attr}:< file://${value.path}"
+      else "${attr}:: ${value.base64}"
+    else "${attr}: ${lib.replaceStrings [ "\n" ] [ "\n " ] value}"
+  ) listValues;
 
   attrsToLdif = dn: { attrs, children, includes, ... }: [''
     dn: ${dn}