nixos/modules/services/databases/openldap.nix at 15.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / databases / openldap.nix
at 15.09-beta 2.5 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.openldap;
  8  openldap = pkgs.openldap;
  9
 10  configFile = pkgs.writeText "slapd.conf" cfg.extraConfig;
 11
 12in
 13
 14{
 15
 16  ###### interface
 17
 18  options = {
 19
 20    services.openldap = {
 21
 22      enable = mkOption {
 23        type = types.bool;
 24        default = false;
 25        description = "
 26          Whether to enable the ldap server.
 27        ";
 28        example = literalExample ''
 29          openldap.enable = true;
 30          openldap.extraConfig = '''
 31            include ''${pkgs.openldap}/etc/openldap/schema/core.schema
 32            include ''${pkgs.openldap}/etc/openldap/schema/cosine.schema
 33            include ''${pkgs.openldap}/etc/openldap/schema/inetorgperson.schema
 34            include ''${pkgs.openldap}/etc/openldap/schema/nis.schema
 35
 36            database bdb 
 37            suffix dc=example,dc=org 
 38            rootdn cn=admin,dc=example,dc=org 
 39            # NOTE: change after first start
 40            rootpw secret
 41            directory /var/db/openldap
 42          ''';
 43        '';
 44      };
 45
 46      user = mkOption {
 47        type = types.string;
 48        default = "openldap";
 49        description = "User account under which slapd runs.";
 50      };
 51
 52      group = mkOption {
 53        type = types.string;
 54        default = "openldap";
 55        description = "Group account under which slapd runs.";
 56      };
 57
 58      dataDir = mkOption {
 59        type = types.string;
 60        default = "/var/db/openldap";
 61        description = "The database directory.";
 62      };
 63
 64      extraConfig = mkOption {
 65        type = types.lines;
 66        default = "";
 67        description = "
 68          sldapd.conf configuration
 69        ";
 70      };
 71    };
 72
 73  };
 74
 75
 76  ###### implementation
 77
 78  config = mkIf config.services.openldap.enable {
 79
 80    environment.systemPackages = [ openldap ];
 81
 82    systemd.services.openldap = {
 83      description = "LDAP server";
 84      wantedBy = [ "multi-user.target" ];
 85      after = [ "network.target" ];
 86      preStart = ''
 87        mkdir -p /var/run/slapd
 88        chown -R ${cfg.user}:${cfg.group} /var/run/slapd
 89        mkdir -p ${cfg.dataDir}
 90        chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
 91      '';
 92      serviceConfig.ExecStart = "${openldap}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -f ${configFile}";
 93    };
 94
 95    users.extraUsers.openldap =
 96      { name = cfg.user;
 97        group = cfg.group;
 98        uid = config.ids.uids.openldap;
 99      };
100
101    users.extraGroups.openldap =
102      { name = cfg.group;
103        gid = config.ids.gids.openldap;
104      };
105
106  };
107}