nixos/openldap: fix path + base64 value types
This commit is contained in:
Kai Wohlfahrt
parent
b2ebffe186
commit
ce1acd97a7
@ -7,31 +7,14 @@ let
|
|||||||
configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d";
|
configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d";
|
||||||
|
|
||||||
ldapValueType = let
|
ldapValueType = let
|
||||||
singleLdapValueType = types.oneOf [
|
# Can't do types.either with multiple non-overlapping submodules, so define our own
|
||||||
types.str
|
singleLdapValueType = lib.mkOptionType rec {
|
||||||
(types.submodule {
|
name = "LDAP";
|
||||||
options = {
|
description = "LDAP value";
|
||||||
path = mkOption {
|
check = x: lib.isString x || (lib.isAttrs x && (x ? "path" || x ? "base64"));
|
||||||
type = types.path;
|
merge = lib.mergeEqualOption;
|
||||||
description = ''
|
};
|
||||||
A path containing the LDAP attribute. This is included at run-time, so
|
# We don't coerce to lists of single values, as some values must be unique
|
||||||
is recommended for storing secrets.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
})
|
|
||||||
(types.submodule {
|
|
||||||
options = {
|
|
||||||
base64 = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
description = ''
|
|
||||||
A base64-encoded LDAP attribute. Useful for storing values which
|
|
||||||
contain special characters (e.g. newlines) in LDIF files.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
in types.either singleLdapValueType (types.listOf singleLdapValueType);
|
in types.either singleLdapValueType (types.listOf singleLdapValueType);
|
||||||
|
|
||||||
ldapAttrsType =
|
ldapAttrsType =
|
||||||
|
|||||||
@ -21,6 +21,7 @@ in {
|
|||||||
name = "openldap";
|
name = "openldap";
|
||||||
|
|
||||||
machine = { pkgs, ... }: {
|
machine = { pkgs, ... }: {
|
||||||
|
environment.etc."openldap/root_password".text = "notapassword";
|
||||||
services.openldap = {
|
services.openldap = {
|
||||||
enable = true;
|
enable = true;
|
||||||
defaultSchemas = null;
|
defaultSchemas = null;
|
||||||
@ -37,13 +38,19 @@ in {
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
"olcDatabase={1}mdb" = {
|
"olcDatabase={1}mdb" = {
|
||||||
|
# This tests string, base64 and path values, as well as lists of string values
|
||||||
attrs = {
|
attrs = {
|
||||||
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
||||||
olcDatabase = "{1}mdb";
|
olcDatabase = "{1}mdb";
|
||||||
olcDbDirectory = "/var/db/openldap";
|
olcDbDirectory = "/var/db/openldap";
|
||||||
olcSuffix = "dc=example";
|
olcSuffix = "dc=example";
|
||||||
olcRootDN = "cn=root,dc=example";
|
olcRootDN = {
|
||||||
olcRootPW = "notapassword";
|
# cn=root,dc=example
|
||||||
|
base64 = "Y249cm9vdCxkYz1leGFtcGxl";
|
||||||
|
};
|
||||||
|
olcRootPW = {
|
||||||
|
path = "/etc/openldap/root_password";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user