diff options
| author | sefidel <contact@sefidel.net> | 2024-01-24 19:18:11 +0900 |
|---|---|---|
| committer | sefidel <contact@sefidel.net> | 2024-01-24 19:18:11 +0900 |
| commit | 497c3cd7864fdbcc546408d6d86ebfad37aa9b78 (patch) | |
| tree | 6cd5bf30b9953156d71192fa96e34a863dda5926 /modules/services/ldap.nix | |
| parent | a1dc1ff8c07155f697a30145168820612b28b6cd (diff) | |
| download | infra-497c3cd7864fdbcc546408d6d86ebfad37aa9b78.tar.gz infra-497c3cd7864fdbcc546408d6d86ebfad37aa9b78.zip | |
wip: try to use infra-modules infra-modules
Diffstat (limited to 'modules/services/ldap.nix')
| -rw-r--r-- | modules/services/ldap.nix | 76 |
1 files changed, 0 insertions, 76 deletions
diff --git a/modules/services/ldap.nix b/modules/services/ldap.nix deleted file mode 100644 index e75d739..0000000 --- a/modules/services/ldap.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.modules.services.ldap; -in -{ - options.modules.services.ldap = { - enable = mkEnableOption "OpenLDAP server"; - package = mkOption { type = types.package; default = pkgs.openldap; }; - dc = mkOption { type = types.str; }; - tld = mkOption { type = types.str; }; - tls.acmeHost = mkOption { type = types.str; default = "${cfg.dc}.${cfg.tld}"; }; - secrets.rootPass = mkOption { type = types.path; description = "path to the root password file"; }; - }; - - config = mkIf cfg.enable { - services.openldap = { - enable = true; - - urlList = [ "ldap:///" "ldaps:///" ]; - - settings = { - attrs = { - olcLogLevel = "conns config"; - - olcTLSCACertificateFile = "${config.security.acme.certs.${cfg.tls.acmeHost}.directory}/full.pem"; - olcTLSCertificateFile = "${config.security.acme.certs.${cfg.tls.acmeHost}.directory}/cert.pem"; - olcTLSCertificateKeyFile = "${config.security.acme.certs.${cfg.tls.acmeHost}.directory}/key.pem"; - olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL"; - olcTLSCRLCheck = "none"; - olcTLSVerifyClient = "never"; - olcTLSProtocolMin = "3.1"; - }; - - children = { - "cn=schema".includes = [ - "${cfg.package}/etc/schema/core.ldif" - "${cfg.package}/etc/schema/cosine.ldif" - "${cfg.package}/etc/schema/inetorgperson.ldif" - ]; - - "olcDatabase={1}mdb".attrs = { - objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; - - olcDatabase = "{1}mdb"; - olcDbDirectory = "/var/lib/openldap/data"; - - olcSuffix = "dc=${cfg.dc},dc=${cfg.tld}"; - - olcRootDN = "cn=admin,dc=${cfg.dc},dc=${cfg.tld}"; - olcRootPW.path = cfg.secrets.rootPass; - - olcAccess = [ - # ''{0}to <changeme> - # by <changeme>'' - - ''{0}to * - by * none'' # Should be changed to {1} - ]; - }; - }; - }; - }; - - systemd.services.openldap = { - after = [ "acme-finished-${cfg.tls.acmeHost}.target" ]; - }; - - users.groups.acme.members = [ "openldap" ]; - - modules.persistence.directories = [ - "/var/lib/openldap" - ]; - }; -} |