nixos/modules/services/databases/openldap.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / databases / openldap.nix
at 17.09-beta 3.0 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.openldap;
  8  openldap = pkgs.openldap;
  9
 10  configFile = pkgs.writeText "slapd.conf" cfg.extraConfig;
 11
 12in
 13
 14{
 15
 16  ###### interface
 17
 18  options = {
 19
 20    services.openldap = {
 21
 22      enable = mkOption {
 23        type = types.bool;
 24        default = false;
 25        description = "
 26          Whether to enable the ldap server.
 27        ";
 28      };
 29
 30      user = mkOption {
 31        type = types.string;
 32        default = "openldap";
 33        description = "User account under which slapd runs.";
 34      };
 35
 36      group = mkOption {
 37        type = types.string;
 38        default = "openldap";
 39        description = "Group account under which slapd runs.";
 40      };
 41
 42      urlList = mkOption {
 43        type = types.listOf types.string;
 44        default = [ "ldap:///" ];
 45        description = "URL list slapd should listen on.";
 46        example = [ "ldaps:///" ];
 47      };
 48
 49      dataDir = mkOption {
 50        type = types.string;
 51        default = "/var/db/openldap";
 52        description = "The database directory.";
 53      };
 54
 55      configDir = mkOption {
 56        type = types.nullOr types.path;
 57        default = null;
 58        description = "Use this optional config directory instead of using slapd.conf";
 59        example = "/var/db/slapd.d";
 60      };
 61
 62      extraConfig = mkOption {
 63        type = types.lines;
 64        default = "";
 65        description = "
 66          slapd.conf configuration
 67        ";
 68        example = literalExample ''
 69            '''
 70            include ${pkgs.openldap.out}/etc/schema/core.schema
 71            include ${pkgs.openldap.out}/etc/schema/cosine.schema
 72            include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema
 73            include ${pkgs.openldap.out}/etc/schema/nis.schema
 74
 75            database bdb 
 76            suffix dc=example,dc=org 
 77            rootdn cn=admin,dc=example,dc=org 
 78            # NOTE: change after first start
 79            rootpw secret
 80            directory /var/db/openldap
 81            '''
 82          '';
 83      };
 84    };
 85
 86  };
 87
 88
 89  ###### implementation
 90
 91  config = mkIf config.services.openldap.enable {
 92
 93    environment.systemPackages = [ openldap ];
 94
 95    systemd.services.openldap = {
 96      description = "LDAP server";
 97      wantedBy = [ "multi-user.target" ];
 98      after = [ "network.target" ];
 99      preStart = ''
100        mkdir -p /var/run/slapd
101        chown -R ${cfg.user}:${cfg.group} /var/run/slapd
102        mkdir -p ${cfg.dataDir}
103        chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
104      '';
105      serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -h \"${concatStringsSep " " cfg.urlList}\" ${if cfg.configDir == null then "-f "+configFile else "-F "+cfg.configDir}";
106    };
107
108    users.extraUsers.openldap =
109      { name = cfg.user;
110        group = cfg.group;
111        uid = config.ids.uids.openldap;
112      };
113
114    users.extraGroups.openldap =
115      { name = cfg.group;
116        gid = config.ids.gids.openldap;
117      };
118
119  };
120}