diff options
author | Kai Wohlfahrt <kai.wohlfahrt@gmail.com> | 2020-08-24 00:07:24 +0100 |
---|---|---|
committer | Kai Wohlfahrt <kai.wohlfahrt@gmail.com> | 2020-11-21 15:39:19 +0000 |
commit | 9528faf1829bbf77fa693e8700cf8b27eb0b869e (patch) | |
tree | 949e594cc734a47cfad8e823173866bab8ef989b /nixos/modules | |
parent | 057cb570beb9226b610dffa00cffd98b007a0686 (diff) |
nixos/openldap: Allow declarativeContents for multiple databases
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/databases/openldap.nix | 52 |
1 files changed, 34 insertions, 18 deletions
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index d03c8cd7cfd3..c3a8e03c880b 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -5,7 +5,6 @@ let cfg = config.services.openldap; openldap = cfg.package; - dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents; configFile = pkgs.writeText "slapd.conf" ((optionalString (cfg.defaultSchemas != null && cfg.defaultSchemas) '' include ${openldap}/etc/schema/core.schema include ${openldap}/etc/schema/cosine.schema @@ -26,7 +25,7 @@ let ${if cfg.extraDatabaseConfig != null then cfg.extraDatabaseConfig else ""} ''); - configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d"; + configDir = lib.escapeShellArg (if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d"); ldapValueType = let singleLdapValueType = types.either types.str (types.submodule { @@ -209,7 +208,7 @@ in { example = "dc=example,dc=org"; description = '' Specify the DN suffix of queries that will be passed to the first - database database. + backend database. ''; }; @@ -292,10 +291,10 @@ in { }; declarativeContents = mkOption { - type = with types; nullOr lines; - default = null; + type = with types; either lines (attrsOf lines); + default = {}; description = '' - Declarative contents for the LDAP database, in LDIF format. + Declarative contents for the first LDAP database, in LDIF format. Note a few facts when using it. First, the database <emphasis>must</emphasis> be stored in the directory defined by @@ -359,6 +358,10 @@ in { maintainers = with lib.maintainters; [ mic92 kwohlfahrt ]; }; + # TODO: Check that dataDir/declarativeContents/configDir all match + # - deprecate declarativeContents = ''...''; + # - no declarativeContents = ''...'' if dataDir == null; + # - no declarativeContents = { ... } if configDir != null config = mkIf cfg.enable { warnings = let deprecations = [ @@ -458,32 +461,45 @@ in { after = [ "network.target" ]; preStart = let dbSettings = lib.filterAttrs (name: value: lib.hasPrefix "olcDatabase=" name) cfg.settings.children; - dataDirs = lib.mapAttrsToList (name: value: value.attrs.olcDbDirectory) dbSettings; + dataDirs = lib.mapAttrs' (name: value: lib.nameValuePair value.attrs.olcSuffix value.attrs.olcDbDirectory) + (lib.filterAttrs (_: value: value.attrs ? olcDbDirectory) dbSettings); settingsFile = pkgs.writeText "config.ldif" (lib.concatStringsSep "\n" (attrsToLdif "cn=config" cfg.settings)); in '' mkdir -p /run/slapd chown -R "${cfg.user}:${cfg.group}" /run/slapd - mkdir -p '${configDir}' ${lib.escapeShellArgs dataDirs} - chown "${cfg.user}:${cfg.group}" '${configDir}' ${lib.escapeShellArgs dataDirs} + mkdir -p ${configDir} ${lib.escapeShellArgs (lib.attrValues dataDirs)} + chown "${cfg.user}:${cfg.group}" ${configDir} ${lib.escapeShellArgs (lib.attrValues dataDirs)} ${lib.optionalString (cfg.configDir == null) ( if (cfg.extraConfig != "" || cfg.extraDatabaseConfig != "") then '' - rm -Rf '${configDir}'/* + rm -Rf ${configDir}/* # -u disables config generation, so just ignore the return code ${openldap}/bin/slaptest -f ${configFile} -F ${configDir} || true '' else '' - rm -Rf '${configDir}'/* + rm -Rf ${configDir}/* ${openldap}/bin/slapadd -F ${configDir} -bcn=config -l ${settingsFile} '' )} - chown -R "${cfg.user}:${cfg.group}" '${configDir}' - - ${optionalString (cfg.declarativeContents != null) '' - rm -Rf '${lib.head dataDirs}'/* - ${openldap}/bin/slapadd -F ${configDir} -b${cfg.suffix} -l ${dataFile} - chown -R "${cfg.user}:${cfg.group}" ${lib.escapeShellArgs dataDirs} - ''} + chown -R "${cfg.user}:${cfg.group}" ${configDir} + + ${if types.lines.check cfg.declarativeContents then (let + dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents; + in '' + rm -rf ${lib.escapeShellArg cfg.dataDir}/* + ${openldap}/bin/slapadd -F ${configDir} -l ${dataFile} + chown -R "${cfg.user}:${cfg.group}" ${lib.escapeShellArg cfg.dataDir} + '') else (let + dataFiles = lib.mapAttrs (dn: contents: pkgs.writeText "${dn}.ldif" contents) cfg.declarativeContents; + in '' + ${lib.concatStrings (lib.mapAttrsToList (dn: file: let + dataDir = lib.escapeShellArg (getAttr dn dataDirs); + in '' + rm -rf ${dataDir}/* + ${openldap}/bin/slapadd -F ${configDir} -b ${dn} -l ${file} + chown -R "${cfg.user}:${cfg.group}" ${dataDir} + '') dataFiles)} + '')} ${openldap}/bin/slaptest -u -F ${configDir} ''; |