pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / databases / openldap.nix
at 16.09-beta 2.8 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 7 cfg = config.services.openldap; 8 openldap = pkgs.openldap; 9 10 configFile = pkgs.writeText "slapd.conf" cfg.extraConfig; 11 12in 13 14{ 15 16 ###### interface 17 18 options = { 19 20 services.openldap = { 21 22 enable = mkOption { 23 type = types.bool; 24 default = false; 25 description = " 26 Whether to enable the ldap server. 27 "; 28 example = true; 29 }; 30 31 user = mkOption { 32 type = types.string; 33 default = "openldap"; 34 description = "User account under which slapd runs."; 35 }; 36 37 group = mkOption { 38 type = types.string; 39 default = "openldap"; 40 description = "Group account under which slapd runs."; 41 }; 42 43 urlList = mkOption { 44 type = types.listOf types.string; 45 default = [ "ldap:///" ]; 46 description = "URL list slapd should listen on."; 47 example = [ "ldaps:///" ]; 48 }; 49 50 dataDir = mkOption { 51 type = types.string; 52 default = "/var/db/openldap"; 53 description = "The database directory."; 54 }; 55 56 extraConfig = mkOption { 57 type = types.lines; 58 default = ""; 59 description = " 60 slapd.conf configuration 61 "; 62 example = literalExample '' 63 ''' 64 include ${pkgs.openldap.out}/etc/openldap/schema/core.schema 65 include ${pkgs.openldap.out}/etc/openldap/schema/cosine.schema 66 include ${pkgs.openldap.out}/etc/openldap/schema/inetorgperson.schema 67 include ${pkgs.openldap.out}/etc/openldap/schema/nis.schema 68 69 database bdb 70 suffix dc=example,dc=org 71 rootdn cn=admin,dc=example,dc=org 72 # NOTE: change after first start 73 rootpw secret 74 directory /var/db/openldap 75 ''' 76 ''; 77 }; 78 }; 79 80 }; 81 82 83 ###### implementation 84 85 config = mkIf config.services.openldap.enable { 86 87 environment.systemPackages = [ openldap ]; 88 89 systemd.services.openldap = { 90 description = "LDAP server"; 91 wantedBy = [ "multi-user.target" ]; 92 after = [ "network.target" ]; 93 preStart = '' 94 mkdir -p /var/run/slapd 95 chown -R ${cfg.user}:${cfg.group} /var/run/slapd 96 mkdir -p ${cfg.dataDir} 97 chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} 98 ''; 99 serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -h \"${concatStringsSep " " cfg.urlList}\" -f ${configFile}"; 100 }; 101 102 users.extraUsers.openldap = 103 { name = cfg.user; 104 group = cfg.group; 105 uid = config.ids.uids.openldap; 106 }; 107 108 users.extraGroups.openldap = 109 { name = cfg.group; 110 gid = config.ids.gids.openldap; 111 }; 112 113 }; 114}