about summary refs log tree commit diff
path: root/ops
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2021-05-24T22·26+0200
committertazjin <mail@tazj.in>2021-05-24T22·52+0000
commit46b136c22e8da83e6163f757dc4cfd868b559bf0 (patch)
tree2abdc85a4c682782aa77e231460940ee46f54908 /ops
parent4a89bcd6a5cd409731d7d80fe3dbe364ba00c187 (diff)
fix(tvl-slapd): Replace deprecated OpenLDAP module options r/2627
Use the new module settings which apply configuration in cn=config
instead of slapd.conf.

The module performed this update via lib.mkChangedModuleOption, I've
applied the transformations contained therein manually. Note that some
of the settings were already in place, which means that the `suffix`
and `database` options seemingly disappear into the void.

Fixes b/105.

Change-Id: I8a968c1eb8cb7827618cb732cdb46006a5d011f9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3157
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Diffstat (limited to 'ops')
-rw-r--r--ops/modules/tvl-slapd/default.nix12
1 files changed, 7 insertions, 5 deletions
diff --git a/ops/modules/tvl-slapd/default.nix b/ops/modules/tvl-slapd/default.nix
index ae99fced7499..cbfdeff31eb0 100644
--- a/ops/modules/tvl-slapd/default.nix
+++ b/ops/modules/tvl-slapd/default.nix
@@ -40,24 +40,26 @@ in {
 
   services.openldap = {
     enable = true;
-    dataDir = "/var/lib/openldap";
-    database = "mdb";
-    suffix = "dc=tvl,dc=fyi";
-    rootdn = "cn=admin,dc=tvl,dc=fyi";
-    rootpw = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OfcgkOQ96VQ3aJj7NfA9vQ$oS6HQOkYl/bUYg4SejpltQYy7kvqx/RUxvoR4zo1vXU";
 
     settings.children = {
       "olcDatabase={1}mdb".attrs = {
         objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
         olcDatabase = "{1}mdb";
+        olcDbDirectory = "/var/lib/openldap";
         olcSuffix = "dc=tvl,dc=fyi";
         olcAccess = "to *  by * read";
+        olcRootDN = "cn=admin,dc=tvl,dc=fyi";
+        olcRootPW = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OfcgkOQ96VQ3aJj7NfA9vQ$oS6HQOkYl/bUYg4SejpltQYy7kvqx/RUxvoR4zo1vXU";
       };
 
       "cn=module{0}".attrs = {
         objectClass = "olcModuleList";
         olcModuleLoad = "pw-argon2";
       };
+
+      "cn=schema".includes =
+        map (schema: "${depot.third_party.openldap}/etc/schema/${schema}.ldif")
+            [ "core" "cosine" "inetorgperson" "nis" ];
     };
 
     # Contents are immutable at runtime, and adding user accounts etc.