diff options
author | Domen Kožar <domen@dev.si> | 2013-11-28 13:40:11 -0800 |
---|---|---|
committer | Domen Kožar <domen@dev.si> | 2013-11-28 13:40:11 -0800 |
commit | 4da388351a1fb6e5ae8e82c1ea09c5f335328f02 (patch) | |
tree | 3a64991027f490d998f4cba446883989bad3a1b8 /nixos/modules/services/databases | |
parent | 32fbf27bc364ae3e7e233f5adbc142658e5a1346 (diff) | |
parent | cb691265b65bd207741dc2798ff3cc911ff01437 (diff) | |
download | nixlib-4da388351a1fb6e5ae8e82c1ea09c5f335328f02.tar nixlib-4da388351a1fb6e5ae8e82c1ea09c5f335328f02.tar.gz nixlib-4da388351a1fb6e5ae8e82c1ea09c5f335328f02.tar.bz2 nixlib-4da388351a1fb6e5ae8e82c1ea09c5f335328f02.tar.lz nixlib-4da388351a1fb6e5ae8e82c1ea09c5f335328f02.tar.xz nixlib-4da388351a1fb6e5ae8e82c1ea09c5f335328f02.tar.zst nixlib-4da388351a1fb6e5ae8e82c1ea09c5f335328f02.zip |
Merge pull request #1292 from jozko/openldap-fixes
Added openldap user, group and configure service so its not running as root
Diffstat (limited to 'nixos/modules/services/databases')
-rw-r--r-- | nixos/modules/services/databases/openldap.nix | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index a4dd30be1fb7..0fc8b88c6526 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -26,6 +26,16 @@ in "; }; + user = mkOption { + default = "openldap"; + description = "User account under which slapd runs."; + }; + + group = mkOption { + default = "openldap"; + description = "Group account under which slapd runs."; + }; + extraConfig = mkOption { default = ""; description = " @@ -49,10 +59,23 @@ in after = [ "network.target" ]; preStart = '' mkdir -p /var/run/slapd + chown -R ${cfg.user}:${cfg.group} /var/run/slapd + mkdir -p /var/db/openldap + chown -R ${cfg.user}:${cfg.group} /var/db/openldap ''; - serviceConfig.ExecStart = "${openldap}/libexec/slapd -d 0 -f ${configFile}"; + serviceConfig.ExecStart = "${openldap}/libexec/slapd -u openldap -g openldap -d 0 -f ${configFile}"; }; - }; + users.extraUsers = optionalAttrs (cfg.user == "openldap") (singleton + { name = "openldap"; + group = "openldap"; + uid = config.ids.uids.openldap; + }); + + users.extraGroups = optionalAttrs (cfg.group == "openldap") (singleton + { name = "openldap"; + gid = config.ids.gids.openldap; + }); + }; } |