{config, pkgs, ...}: { # let's hope this works security.acme.certs."bib3.de".postRun = '' install -o openldap -g openldap -m 700 -d /var/lib/acme/bib3.de /var/lib/ssl/openldap install -o openldap -g openldap -m 600 /var/lib/acme/bib3.de/* /var/lib/ssl/openldap ''; services.openldap = { enable = true; settings = { children = { "cn=schema".includes = [ "${pkgs.openldap}/etc/schema/core.ldif" "${pkgs.openldap}/etc/schema/cosine.ldif" "${pkgs.openldap}/etc/schema/inetorgperson.ldif" "${pkgs.openldap}/etc/schema/nis.ldif" ]; "olcDatabase={-1}frontend" = { attrs = { objectClass = "olcDatabaseConfig"; olcDatabase = "{-1}frontend"; }; }; "olcDatabase={0}config" = { attrs = { objectClass = "olcDatabaseConfig"; olcDatabase = "{0}config"; olcAccess = [ "{0}to * by * none break" ]; }; }; "olcDatabase={1}mdb" = { attrs = { objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; olcDatabase = "{1}mdb"; olcDbDirectory = "/var/lib/openldap"; olcSuffix = "o=bib3,c=DE"; }; }; }; attrs = { objectClass = "olcGlobal"; olcTLSCipherSuite = "DEFAULT"; olcTLSCACertificateFile = "/var/lib/ssl/openldap/chain.pem"; olcTLSCertificateFile = "/var/lib/ssl/openldap/cert.pem"; olcTLSCertificateKeyFile = "/var/lib/ssl/openldap/key.pem"; }; }; declarativeContents = { "o=bib3,c=DE" = '' dn: o=bib3, c=DE objectclass: organization dn: ou=users, o=bib3, c=DE objectclass: organizationalUnit ou: users dn: cn=test, ou=users, o=bib3, c=DE objectclass: InetOrgPerson objectclass: PosixAccount uid: test uidNumber: 2000 gidNumber: 2000 homeDirectory: /home/bib3.de/test loginShell: /run/current-system/sw/bin/bash sn: givenName: mail: userPassword: {CRYPT}$6$GRvHa9J1FuDnxZu4$oZT75ZDoh78JQ1GNQGtzftlL9HO6HPzouxdGsbyBCyDld/9skUC78/8m6YW.KE3k5p6pWMAZs.4iYvrhvDfwe. dn: cn=loooph, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$C906P7N7ZbqxjC38$BezcmyYs1XR45cAqUDkuoUyca2fchXzNnvhZsB/TmR5Py6M9xEERdIm9anyXkVMwVvBrMn9LujVXxKxSpuz.1. dn: cn=lmux, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$NGdlZVYAvETLQAb2$AXyC9myezCAGGq94HvyKRgjpvt04MGZXcMSMS5vP10Y.LzPot/DyRdIvx2LBs9rsOtTGsFYPCpTx7dnEK1LDs0 dn: cn=imoc, ou=users, o=bib3, c=DE objectclass: InetOrgPerson cn: imoc sn: givenName: mail: userPassword: {CRYPT}$6$3xZm8NPt32CZ4oEJ$B4ptPV2eMuf76bSCkb6siYpft1aa4NObdokMjscNaicMfaMCiwyM0s4R2me3EAOZiPXSl36DMTFl5MaZHBHqP1 dn: cn=andrej0913, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$qI3fENURGFHYMVeN$tdqfgaA/Uex.p1DC7YUSXQ4P0tqAsUAUMkrtk68LKLmswLBcz3C2KLbglm4XIYUdEjw2fkWNbPLtrF/.d17nF. dn: cn=gallaron, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$vbhMLZRZmvLcXvP6$U3Q81g7FVuo4jnK.0Yy12PdL0Eqso4Thjlc3YnRGJe9tyfeovKdSeNPhEPDGNhIzFZdnmsVYzJO/xnbb0ub1c0 dn: cn=anon, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$e8EvCa/QTDNYMASu$JQ3F9gcgOZ/ADV4TtLBoHBWtapECY7noFFhJUqM54sR3uvV8Mb008K/H4/Y0./Ad3xEVDo7A5XziT14NxrsXo. dn: cn=pear, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$gar1dJcweztqJSZl$NzVvkfXcTbxm4nuBS0UE//2bseA.FEq4paRZyZFof1ECEbICvf5.7ebRb/D8Jwa.5Hog/k9ZwJ9OtfLuZ7phG/ dn: cn=clymen, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$LBoVn0HpmBtkzK/I$Wu44jPkMq8t1eudg7wNHvpZVDELl1ZHZFepZVzYgtVoy7nTCBrggYn7w4CdoKEPfzD8SrkcEG2LDBBjIoaqBs. dn: cn=bao, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$3bm2EIkpGr4BUTIX$jeaIhD/73lkb3.4BWZyfIUbAZPtg//U0Y3Xz/Zol0y4fh35rHgTLNblKvRC4i/Yz0Y64EZyt3Fbe7eub2VlJG. dn: cn=ritzga, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$IhG5rX4tH2o8n74B$ZLRx3kEhUe7gCcI.W1Pp9vgpLV6HeVysVeRxwdGmPmEweWKTN7eiLXNjRPI4k80tDnsOA8bKdg69YWKWKi5o00 dn: cn=sythelux, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$Idk3eX1mk2h87JdF$2tgpeocD.W4AMeAZKy8EmHxD6gC1.Gr.LY7.1t6.cBwDhc.T9C9AlfT74i13xt648rTcu4Mgl302ZVB77vvqc0 dn: cn=ej, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$6E/NwzDxsyU90srA$VIEaxQaWaGoEs51yZvem9UZJXz2bstQEd5Bc3HeajEE3ZAcFaCsEMEUMt8wnp27gTUj/91wfLCaK16xF5C4hB0 dn: cn=jakob, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$k33tC5ACS/.fqwUG$m.x4tov5VYsIHeG2tOG6ZmulZt8PwuiaTV.DYbkw2DIQynuw7igcLJZ4l1ZHPQuzxeB5DTsk3X/EAp4Ri97/S0 dn: cn=coolpod, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$nqNm7molatCIvQL0$LaZycxCYrkgI1Xkh8mC2ItckMLg/e8Xj/udAq3zBANiJBU47Sju9o2I20JYrsqG19MeGAXfCr20iVQeAT1atV0 dn: cn=trotzi, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$m3ZGCNnlsyLc7ETo$9lFKERB7fihYha9hJPXajpMgP0VlicqyABj3qJRRHzfLkMN8IftrRgnMc4/DNRehCJDDLCJXF.PTJ4SK5X.qw/ dn: cn=muln1993, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$mJZkGLnaBf1JYYhn$Ye8nx4tKjjXAap6TD0nHkTDxC3dkeUZc0agqM2wLmKjLVhY6q5YgDxdmWSwngnUz5eUsgu1xszAZkycZwo4NI1 dn: cn=sschmidt, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$A2q7qP2ixm2O58Ae$j8jroZLmR2hWTsIvtQKEO8J7tBFmyW1DKM.LXJaP9G4aCnLSZ30EzLZN446Cz3nVDSS5oC5DAk46Fo2fcJTfP/ dn: cn=fennel, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$h.cPmeWyHursgygn$3A7geff6OxRdH.fdr4Wi9VMp7aLnPceEcpTBV11bRw3D0dttGBWOMv8yiqKu4o0AT2OJIv6ABIfY0Z6URDhlI0 dn: cn=enk, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$73CY61UhTPzTdvPy$d/R.8SYekHZMvTRgbBkEwzjG6RW6jw3wpFrUB/WsxDdK9BNCEyAOMLrBxlWAntldAd2vlpkTc/6wME5qMng63. dn: cn=merlinobolt, ou=users, o=bib3, c=DE objectclass: InetOrgPerson sn: givenName: mail: userPassword: {CRYPT}$6$MBNh42EIkqwk9q2.$nacPz6Hc.12AJZs/ZgapM5uOdB3urdU2ARq8gOgwJ6pWPD8zMnrdrTELMvitbCkBWScdKRscHmUBwl2V3c0Xc0 ''; }; }; # TODO move users to seperate files }