diff options
| author | Léo Gaspard <leo@gaspard.io> | 2018-03-03 15:33:23 +0100 |
|---|---|---|
| committer | Léo Gaspard <leo@gaspard.io> | 2018-03-03 15:33:23 +0100 |
| commit | aeef7c91f14bfbf0db7527acd36fc550cd37ea65 (patch) | |
| tree | fdf2970589e5d81ff23d803dad8bdd62f6789749 /nixos | |
| parent | cca9ec2a6649c48dc308b0879728c6e108bd40f1 (diff) | |
| download | nixlib-aeef7c91f14bfbf0db7527acd36fc550cd37ea65.tar nixlib-aeef7c91f14bfbf0db7527acd36fc550cd37ea65.tar.gz nixlib-aeef7c91f14bfbf0db7527acd36fc550cd37ea65.tar.bz2 nixlib-aeef7c91f14bfbf0db7527acd36fc550cd37ea65.tar.lz nixlib-aeef7c91f14bfbf0db7527acd36fc550cd37ea65.tar.xz nixlib-aeef7c91f14bfbf0db7527acd36fc550cd37ea65.tar.zst nixlib-aeef7c91f14bfbf0db7527acd36fc550cd37ea65.zip | |
openldap module: allow defining contents declaratively
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/databases/openldap.nix | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 9c6b33a16bf1..a67c61eb9949 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -7,6 +7,7 @@ let cfg = config.services.openldap; openldap = pkgs.openldap; + dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents; configFile = pkgs.writeText "slapd.conf" cfg.extraConfig; configOpts = if cfg.configDir == null then "-f ${configFile}" else "-F ${cfg.configDir}"; @@ -82,6 +83,34 @@ in ''' ''; }; + + declarativeContents = mkOption { + type = with types; nullOr lines; + default = null; + description = '' + Declarative contents for the LDAP database, in LDIF format. + + Note a few facts when using it. First, the database + <emphasis>must</emphasis> be stored in the directory defined by + <code>dataDir</code>. Second, all <code>dataDir</code> will be erased + when starting the LDAP server. Third, modifications to the database + are not prevented, they are just dropped on the next reboot of the + server. Finally, performance-wise the database and indexes are rebuilt + on each server startup, so this will slow down server startup, + especially with large databases. + ''; + example = '' + dn: dc=example,dc=org + objectClass: domain + dc: example + + dn: ou=users,dc=example,dc=org + objectClass = organizationalUnit + ou: users + + # ... + ''; + }; }; }; @@ -100,7 +129,13 @@ in preStart = '' mkdir -p /var/run/slapd chown -R "${cfg.user}:${cfg.group}" /var/run/slapd + ${optionalString (cfg.declarativeContents != null) '' + rm -Rf "${cfg.dataDir}" + ''} mkdir -p "${cfg.dataDir}" + ${optionalString (cfg.declarativeContents != null) '' + ${openldap.out}/bin/slapadd ${configOpts} -l ${dataFile} + ''} chown -R "${cfg.user}:${cfg.group}" "${cfg.dataDir}" ''; serviceConfig.ExecStart = |