public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/openldap: Add support for base64 values

Browse Source
This commit is contained in:
Kai Wohlfahrt 2020-09-13 22:42:14 +01:00
parent d05061c5cd
commit adda7e62d0
1 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
nixos/modules/services/databases/openldap.nix
View File

@ -28,17 +28,31 @@ let
configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d"; configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d";
ldapValueType = let ldapValueType = let
singleLdapValueType = types.either types.str (types.submodule { singleLdapValueType = types.oneOf [
options = { types.str
path = mkOption { (types.submodule {
type = types.path; options = {
description = '' path = mkOption {
A path containing the LDAP attribute. This is included at run-time, so type = types.path;
is recommended for storing secrets. description = ''
''; A path containing the LDAP attribute. This is included at run-time, so
is recommended for storing secrets.
'';
};
}; };
}; })
}); (types.submodule {
options = {
base64 = mkOption {
type = types.str;
description = ''
A base64-encoded LDAP attribute. Useful for storing values which
contain special characters (e.g. newlines) in LDIF files.
'';
};
};
})
];
in types.either singleLdapValueType (types.listOf singleLdapValueType); in types.either singleLdapValueType (types.listOf singleLdapValueType);
ldapAttrsType = ldapAttrsType =
@ -83,8 +97,14 @@ let
in types.submodule { inherit options; }; in types.submodule { inherit options; };
valueToLdif = attr: values: let valueToLdif = attr: values: let
singleValueToLdif = value: if lib.isAttrs value then "${attr}:< file://${value.path}" else "${attr}: ${value}"; listValues = if lib.isList values then values else lib.singleton values;
in if lib.isList values then map singleValueToLdif values else [ (singleValueToLdif values) ]; in map (value:
if lib.isAttrs value then
if lib.hasAttr "path" value
then "${attr}:< file://${value.path}"
else "${attr}:: ${value.base64}"
else "${attr}: ${lib.replaceStrings [ "\n" ] [ "\n " ] value}"
) listValues;
attrsToLdif = dn: { attrs, children, includes, ... }: ['' attrsToLdif = dn: { attrs, children, includes, ... }: [''
dn: ${dn} dn: ${dn}