pyrox.dev
lol
Merge pull request #1292 from jozko/openldap-fixes
Added openldap user, group and configure service so its not running as root
+27
-2
+2
nixos/modules/misc/ids.nix
+2
nixos/modules/misc/ids.nix
···
107
redis = 96;
108
haproxy = 97;
109
mongodb = 98;
110
+
openldap = 99;
111
112
# When adding a uid, make sure it doesn't match an existing gid.
113
···
195
amule = 90;
196
minidlna = 91;
197
haproxy = 92;
198
+
openldap = 93;
199
200
# When adding a gid, make sure it doesn't match an existing uid.
201
+25
-2
nixos/modules/services/databases/openldap.nix
+25
-2
nixos/modules/services/databases/openldap.nix
···
26
";
27
};
28
29
+
user = mkOption {
30
+
default = "openldap";
31
+
description = "User account under which slapd runs.";
32
+
};
33
+
34
+
group = mkOption {
35
+
default = "openldap";
36
+
description = "Group account under which slapd runs.";
37
+
};
38
+
39
extraConfig = mkOption {
40
default = "";
41
description = "
···
59
after = [ "network.target" ];
60
preStart = ''
61
mkdir -p /var/run/slapd
62
+
chown -R ${cfg.user}:${cfg.group} /var/run/slapd
63
+
mkdir -p /var/db/openldap
64
+
chown -R ${cfg.user}:${cfg.group} /var/db/openldap
65
'';
66
+
serviceConfig.ExecStart = "${openldap}/libexec/slapd -u openldap -g openldap -d 0 -f ${configFile}";
67
};
68
69
+
users.extraUsers = optionalAttrs (cfg.user == "openldap") (singleton
70
+
{ name = "openldap";
71
+
group = "openldap";
72
+
uid = config.ids.uids.openldap;
73
+
});
74
+
75
+
users.extraGroups = optionalAttrs (cfg.group == "openldap") (singleton
76
+
{ name = "openldap";
77
+
gid = config.ids.gids.openldap;
78
+
});
79
80
+
};
81
}