nixos/modules/services/databases/openldap.nix at release-16.03-start · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / databases / openldap.nix
at release-16.03-start 2.5 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.openldap;
  8  openldap = pkgs.openldap;
  9
 10  configFile = pkgs.writeText "slapd.conf" cfg.extraConfig;
 11
 12in
 13
 14{
 15
 16  ###### interface
 17
 18  options = {
 19
 20    services.openldap = {
 21
 22      enable = mkOption {
 23        type = types.bool;
 24        default = false;
 25        description = "
 26          Whether to enable the ldap server.
 27        ";
 28        example = true;
 29      };
 30
 31      user = mkOption {
 32        type = types.string;
 33        default = "openldap";
 34        description = "User account under which slapd runs.";
 35      };
 36
 37      group = mkOption {
 38        type = types.string;
 39        default = "openldap";
 40        description = "Group account under which slapd runs.";
 41      };
 42
 43      dataDir = mkOption {
 44        type = types.string;
 45        default = "/var/db/openldap";
 46        description = "The database directory.";
 47      };
 48
 49      extraConfig = mkOption {
 50        type = types.lines;
 51        default = "";
 52        description = "
 53          sldapd.conf configuration
 54        ";
 55        example = ''
 56            include ''${pkgs.openldap}/etc/openldap/schema/core.schema
 57            include ''${pkgs.openldap}/etc/openldap/schema/cosine.schema
 58            include ''${pkgs.openldap}/etc/openldap/schema/inetorgperson.schema
 59            include ''${pkgs.openldap}/etc/openldap/schema/nis.schema
 60
 61            database bdb 
 62            suffix dc=example,dc=org 
 63            rootdn cn=admin,dc=example,dc=org 
 64            # NOTE: change after first start
 65            rootpw secret
 66            directory /var/db/openldap
 67          '';
 68      };
 69    };
 70
 71  };
 72
 73
 74  ###### implementation
 75
 76  config = mkIf config.services.openldap.enable {
 77
 78    environment.systemPackages = [ openldap ];
 79
 80    systemd.services.openldap = {
 81      description = "LDAP server";
 82      wantedBy = [ "multi-user.target" ];
 83      after = [ "network.target" ];
 84      preStart = ''
 85        mkdir -p /var/run/slapd
 86        chown -R ${cfg.user}:${cfg.group} /var/run/slapd
 87        mkdir -p ${cfg.dataDir}
 88        chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
 89      '';
 90      serviceConfig.ExecStart = "${openldap}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -f ${configFile}";
 91    };
 92
 93    users.extraUsers.openldap =
 94      { name = cfg.user;
 95        group = cfg.group;
 96        uid = config.ids.uids.openldap;
 97      };
 98
 99    users.extraGroups.openldap =
100      { name = cfg.group;
101        gid = config.ids.gids.openldap;
102      };
103
104  };
105}