57 lines
1.7 KiB
Nix
57 lines
1.7 KiB
Nix
{config, pkgs, ...}:
|
|
|
|
{
|
|
# let's hope this works
|
|
security.acme.certs."bib3.de".postRun = ''
|
|
install -o openldap -g openldap -m 700 -d /var/lib/acme/bib3.de /var/lib/ssl/openldap
|
|
install -o openldap -g openldap -m 600 /var/lib/acme/bib3.de/* /var/lib/ssl/openldap
|
|
'';
|
|
|
|
services.openldap = {
|
|
enable = true;
|
|
dataDir = "/var/lib/openldap";
|
|
rootpwFile = "/etc/nixos/secret/openldaproot.pw";
|
|
suffix = "o=bib3,c=DE";
|
|
rootdn = "cn=admin,o=bib3,c=DE";
|
|
extraConfig = ''
|
|
TLSCipherSuite DEFAULT
|
|
TLSCACertificateFile /var/lib/ssl/openldap/chain.pem
|
|
TLSCertificateFile /var/lib/ssl/openldap/cert.pem
|
|
TLSCertificateKeyFile /var/lib/ssl/openldap/key.pem
|
|
'';
|
|
declarativeContents = ''
|
|
dn: o=bib3, c=DE
|
|
objectclass: organization
|
|
|
|
dn: ou=users, o=bib3, c=DE
|
|
objectclass: organizationalUnit
|
|
ou: users
|
|
|
|
dn: cn=test, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
cn: test
|
|
sn: testsn
|
|
givenName: test test
|
|
mail: test@test.de
|
|
userPassword: {CRYPT}$6$ssV7iTyDF7VMB.gx$DKUJgb/M5q.nd0/ilBTQRaR/pw9bMGhbrCp0CSD9Mt1epgoXYu9LA9P4UtWOyVV/QV3LHvJNoiBsfZMcBMAQN.
|
|
|
|
dn: cn=loooph, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
cn: loooph
|
|
sn:
|
|
givenName: Christoph
|
|
mail:
|
|
userPassword: {CRYPT}$6$ssV7iTyDF7VMB.gx$DKUJgb/M5q.nd0/ilBTQRaR/pw9bMGhbrCp0CSD9Mt1epgoXYu9LA9P4UtWOyVV/QV3LHvJNoiBsfZMcBMAQN.
|
|
|
|
dn: cn=lmux, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
cn: lmux
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$NGdlZVYAvETLQAb2$AXyC9myezCAGGq94HvyKRgjpvt04MGZXcMSMS5vP10Y.LzPot/DyRdIvx2LBs9rsOtTGsFYPCpTx7dnEK1LDs0
|
|
'';
|
|
};
|
|
# TODO move users to seperate files
|
|
}
|