155 lines
5.1 KiB
Nix
155 lines
5.1 KiB
Nix
{config, pkgs, ...}:
|
|
|
|
{
|
|
# let's hope this works
|
|
security.acme.certs."bib3.de".postRun = ''
|
|
install -o openldap -g openldap -m 700 -d /var/lib/acme/bib3.de /var/lib/ssl/openldap
|
|
install -o openldap -g openldap -m 600 /var/lib/acme/bib3.de/* /var/lib/ssl/openldap
|
|
'';
|
|
|
|
services.openldap = {
|
|
enable = true;
|
|
dataDir = "/var/lib/openldap";
|
|
rootpwFile = "/etc/nixos/secret/openldaproot.pw";
|
|
suffix = "o=bib3,c=DE";
|
|
rootdn = "cn=admin,o=bib3,c=DE";
|
|
extraConfig = ''
|
|
TLSCipherSuite DEFAULT
|
|
TLSCACertificateFile /var/lib/ssl/openldap/chain.pem
|
|
TLSCertificateFile /var/lib/ssl/openldap/cert.pem
|
|
TLSCertificateKeyFile /var/lib/ssl/openldap/key.pem
|
|
'';
|
|
declarativeContents = ''
|
|
dn: o=bib3, c=DE
|
|
objectclass: organization
|
|
|
|
dn: ou=users, o=bib3, c=DE
|
|
objectclass: organizationalUnit
|
|
ou: users
|
|
|
|
dn: cn=loooph, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
cn: loooph
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$C906P7N7ZbqxjC38$BezcmyYs1XR45cAqUDkuoUyca2fchXzNnvhZsB/TmR5Py6M9xEERdIm9anyXkVMwVvBrMn9LujVXxKxSpuz.1.
|
|
|
|
dn: cn=lmux, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
cn: lmux
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$NGdlZVYAvETLQAb2$AXyC9myezCAGGq94HvyKRgjpvt04MGZXcMSMS5vP10Y.LzPot/DyRdIvx2LBs9rsOtTGsFYPCpTx7dnEK1LDs0
|
|
|
|
dn: cn=imoc, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
cn: imoc
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$3xZm8NPt32CZ4oEJ$B4ptPV2eMuf76bSCkb6siYpft1aa4NObdokMjscNaicMfaMCiwyM0s4R2me3EAOZiPXSl36DMTFl5MaZHBHqP1
|
|
|
|
dn: cn=andrej0913, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$qI3fENURGFHYMVeN$tdqfgaA/Uex.p1DC7YUSXQ4P0tqAsUAUMkrtk68LKLmswLBcz3C2KLbglm4XIYUdEjw2fkWNbPLtrF/.d17nF.
|
|
|
|
dn: cn=gallaron, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$vbhMLZRZmvLcXvP6$U3Q81g7FVuo4jnK.0Yy12PdL0Eqso4Thjlc3YnRGJe9tyfeovKdSeNPhEPDGNhIzFZdnmsVYzJO/xnbb0ub1c0
|
|
|
|
dn: cn=anon, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$ip1kNMpHggg2Psvw$1P.88EI6k3Hvez5xtpZkbeTdvlAO/UKaWVJ3Pn/NM3C/dqy9H2OI1AY3csu9pNKyioEJmbg/GpCUd8CtkHBJI.
|
|
|
|
dn: cn=pear, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$gar1dJcweztqJSZl$NzVvkfXcTbxm4nuBS0UE//2bseA.FEq4paRZyZFof1ECEbICvf5.7ebRb/D8Jwa.5Hog/k9ZwJ9OtfLuZ7phG/
|
|
|
|
dn: cn=clymen, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$8mm3LWImMTN5dnau$G/W1AmZkiHScDEt6iekgj/NedxFtyaxEnK4w68R0FrUXtmot4A6rd1/kkECJQo74yUmPwdvkt.7.wYAr4gp/U/
|
|
|
|
dn: cn=bao, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$3bm2EIkpGr4BUTIX$jeaIhD/73lkb3.4BWZyfIUbAZPtg//U0Y3Xz/Zol0y4fh35rHgTLNblKvRC4i/Yz0Y64EZyt3Fbe7eub2VlJG.
|
|
|
|
dn: cn=ritzga, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$78sfQR79Le/EgTSb$ao/C1OT1bMKH508rg453M4ZJvXIwwa8OCZribUy5suTflXhs4XSyQnt/17Ra/Zf.pk03TtrsAf/OYw4wf/ol30
|
|
|
|
dn: cn=sythelux, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$Idk3eX1mk2h87JdF$2tgpeocD.W4AMeAZKy8EmHxD6gC1.Gr.LY7.1t6.cBwDhc.T9C9AlfT74i13xt648rTcu4Mgl302ZVB77vvqc0
|
|
|
|
dn: cn=ej, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$6E/NwzDxsyU90srA$VIEaxQaWaGoEs51yZvem9UZJXz2bstQEd5Bc3HeajEE3ZAcFaCsEMEUMt8wnp27gTUj/91wfLCaK16xF5C4hB0
|
|
|
|
dn: cn=jakob, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$k33tC5ACS/.fqwUG$m.x4tov5VYsIHeG2tOG6ZmulZt8PwuiaTV.DYbkw2DIQynuw7igcLJZ4l1ZHPQuzxeB5DTsk3X/EAp4Ri97/S0
|
|
|
|
dn: cn=coolpod, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$nqNm7molatCIvQL0$LaZycxCYrkgI1Xkh8mC2ItckMLg/e8Xj/udAq3zBANiJBU47Sju9o2I20JYrsqG19MeGAXfCr20iVQeAT1atV0
|
|
|
|
dn: cn=trotzi, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$m3ZGCNnlsyLc7ETo$9lFKERB7fihYha9hJPXajpMgP0VlicqyABj3qJRRHzfLkMN8IftrRgnMc4/DNRehCJDDLCJXF.PTJ4SK5X.qw/
|
|
|
|
dn: cn=muln1993, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$mJZkGLnaBf1JYYhn$Ye8nx4tKjjXAap6TD0nHkTDxC3dkeUZc0agqM2wLmKjLVhY6q5YgDxdmWSwngnUz5eUsgu1xszAZkycZwo4NI1
|
|
|
|
dn: cn=sschmidt, ou=users, o=bib3, c=DE
|
|
objectclass: InetOrgPerson
|
|
sn:
|
|
givenName:
|
|
mail:
|
|
userPassword: {CRYPT}$6$A2q7qP2ixm2O58Ae$j8jroZLmR2hWTsIvtQKEO8J7tBFmyW1DKM.LXJaP9G4aCnLSZ30EzLZN446Cz3nVDSS5oC5DAk46Fo2fcJTfP/
|
|
'';
|
|
};
|
|
# TODO move users to seperate files
|
|
}
|