From 46b136c22e8da83e6163f757dc4cfd868b559bf0 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Tue, 25 May 2021 00:26:34 +0200
Subject: fix(tvl-slapd): Replace deprecated OpenLDAP module options

Use the new module settings which apply configuration in cn=config
instead of slapd.conf.

The module performed this update via lib.mkChangedModuleOption, I've
applied the transformations contained therein manually. Note that some
of the settings were already in place, which means that the `suffix`
and `database` options seemingly disappear into the void.

Fixes b/105.

Change-Id: I8a968c1eb8cb7827618cb732cdb46006a5d011f9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3157
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
---
 ops/modules/tvl-slapd/default.nix | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'ops/modules/tvl-slapd')

diff --git a/ops/modules/tvl-slapd/default.nix b/ops/modules/tvl-slapd/default.nix
index ae99fced7499..cbfdeff31eb0 100644
--- a/ops/modules/tvl-slapd/default.nix
+++ b/ops/modules/tvl-slapd/default.nix
@@ -40,24 +40,26 @@ in {
 
   services.openldap = {
     enable = true;
-    dataDir = "/var/lib/openldap";
-    database = "mdb";
-    suffix = "dc=tvl,dc=fyi";
-    rootdn = "cn=admin,dc=tvl,dc=fyi";
-    rootpw = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OfcgkOQ96VQ3aJj7NfA9vQ$oS6HQOkYl/bUYg4SejpltQYy7kvqx/RUxvoR4zo1vXU";
 
     settings.children = {
       "olcDatabase={1}mdb".attrs = {
         objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
         olcDatabase = "{1}mdb";
+        olcDbDirectory = "/var/lib/openldap";
         olcSuffix = "dc=tvl,dc=fyi";
         olcAccess = "to *  by * read";
+        olcRootDN = "cn=admin,dc=tvl,dc=fyi";
+        olcRootPW = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OfcgkOQ96VQ3aJj7NfA9vQ$oS6HQOkYl/bUYg4SejpltQYy7kvqx/RUxvoR4zo1vXU";
       };
 
       "cn=module{0}".attrs = {
         objectClass = "olcModuleList";
         olcModuleLoad = "pw-argon2";
       };
+
+      "cn=schema".includes =
+        map (schema: "${depot.third_party.openldap}/etc/schema/${schema}.ldif")
+            [ "core" "cosine" "inetorgperson" "nis" ];
     };
 
     # Contents are immutable at runtime, and adding user accounts etc.
-- 
cgit 1.4.1