From 497c3cd7864fdbcc546408d6d86ebfad37aa9b78 Mon Sep 17 00:00:00 2001
From: sefidel <contact@sefidel.net>
Date: Wed, 24 Jan 2024 19:18:11 +0900
Subject: wip: try to use infra-modules

---
 modules/services/ldap.nix | 76 -----------------------------------------------
 1 file changed, 76 deletions(-)
 delete mode 100644 modules/services/ldap.nix

(limited to 'modules/services/ldap.nix')
diff --git a/modules/services/ldap.nix b/modules/services/ldap.nix
deleted file mode 100644
index e75d739..0000000
--- a/modules/services/ldap.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
-  cfg = config.modules.services.ldap;
-in
-{
-  options.modules.services.ldap = {
-    enable = mkEnableOption "OpenLDAP server";
-    package = mkOption { type = types.package; default = pkgs.openldap; };
-    dc = mkOption { type = types.str; };
-    tld = mkOption { type = types.str; };
-    tls.acmeHost = mkOption { type = types.str; default = "${cfg.dc}.${cfg.tld}"; };
-    secrets.rootPass = mkOption { type = types.path; description = "path to the root password file"; };
-  };
-
-  config = mkIf cfg.enable {
-    services.openldap = {
-      enable = true;
-
-      urlList = [ "ldap:///" "ldaps:///" ];
-
-      settings = {
-        attrs = {
-          olcLogLevel = "conns config";
-
-          olcTLSCACertificateFile = "${config.security.acme.certs.${cfg.tls.acmeHost}.directory}/full.pem";
-          olcTLSCertificateFile = "${config.security.acme.certs.${cfg.tls.acmeHost}.directory}/cert.pem";
-          olcTLSCertificateKeyFile = "${config.security.acme.certs.${cfg.tls.acmeHost}.directory}/key.pem";
-          olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL";
-          olcTLSCRLCheck = "none";
-          olcTLSVerifyClient = "never";
-          olcTLSProtocolMin = "3.1";
-        };
-
-        children = {
-          "cn=schema".includes = [
-            "${cfg.package}/etc/schema/core.ldif"
-            "${cfg.package}/etc/schema/cosine.ldif"
-            "${cfg.package}/etc/schema/inetorgperson.ldif"
-          ];
-
-          "olcDatabase={1}mdb".attrs = {
-            objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
-
-            olcDatabase = "{1}mdb";
-            olcDbDirectory = "/var/lib/openldap/data";
-
-            olcSuffix = "dc=${cfg.dc},dc=${cfg.tld}";
-
-            olcRootDN = "cn=admin,dc=${cfg.dc},dc=${cfg.tld}";
-            olcRootPW.path = cfg.secrets.rootPass;
-
-            olcAccess = [
-              # ''{0}to <changeme>
-              # by <changeme>''
-
-              ''{0}to *
-                  by * none'' # Should be changed to {1}
-            ];
-          };
-        };
-      };
-    };
-
-    systemd.services.openldap = {
-      after = [ "acme-finished-${cfg.tls.acmeHost}.target" ];
-    };
-
-    users.groups.acme.members = [ "openldap" ];
-
-    modules.persistence.directories = [
-      "/var/lib/openldap"
-    ];
-  };
-}
-- 
cgit 1.4.1

