diff options
author | Jozko Skrablin <jozko@zomg.si> | 2013-11-28 22:21:50 +0100 |
---|---|---|
committer | Jozko Skrablin <jozko@zomg.si> | 2013-11-28 22:21:50 +0100 |
commit | cb691265b65bd207741dc2798ff3cc911ff01437 (patch) | |
tree | eb8a7c58017b510667dc442d32233da2421ca751 /nixos | |
parent | 0d18b8169ed873a3eaab39009662478f2cd547d3 (diff) | |
download | nixpkgs-cb691265b65bd207741dc2798ff3cc911ff01437.tar nixpkgs-cb691265b65bd207741dc2798ff3cc911ff01437.tar.gz nixpkgs-cb691265b65bd207741dc2798ff3cc911ff01437.tar.bz2 nixpkgs-cb691265b65bd207741dc2798ff3cc911ff01437.tar.lz nixpkgs-cb691265b65bd207741dc2798ff3cc911ff01437.tar.xz nixpkgs-cb691265b65bd207741dc2798ff3cc911ff01437.tar.zst nixpkgs-cb691265b65bd207741dc2798ff3cc911ff01437.zip |
Added openldap user, group and configure service so its not running as root.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/databases/openldap.nix | 27 |
2 files changed, 27 insertions, 2 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 0b4274b13e6..ccd75d5b915 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -107,6 +107,7 @@ redis = 96; haproxy = 97; mongodb = 98; + openldap = 99; # When adding a uid, make sure it doesn't match an existing gid. @@ -194,6 +195,7 @@ amule = 90; minidlna = 91; haproxy = 92; + openldap = 93; # When adding a gid, make sure it doesn't match an existing uid. diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index a4dd30be1fb..0fc8b88c652 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -26,6 +26,16 @@ in "; }; + user = mkOption { + default = "openldap"; + description = "User account under which slapd runs."; + }; + + group = mkOption { + default = "openldap"; + description = "Group account under which slapd runs."; + }; + extraConfig = mkOption { default = ""; description = " @@ -49,10 +59,23 @@ in after = [ "network.target" ]; preStart = '' mkdir -p /var/run/slapd + chown -R ${cfg.user}:${cfg.group} /var/run/slapd + mkdir -p /var/db/openldap + chown -R ${cfg.user}:${cfg.group} /var/db/openldap ''; - serviceConfig.ExecStart = "${openldap}/libexec/slapd -d 0 -f ${configFile}"; + serviceConfig.ExecStart = "${openldap}/libexec/slapd -u openldap -g openldap -d 0 -f ${configFile}"; }; - }; + users.extraUsers = optionalAttrs (cfg.user == "openldap") (singleton + { name = "openldap"; + group = "openldap"; + uid = config.ids.uids.openldap; + }); + + users.extraGroups = optionalAttrs (cfg.group == "openldap") (singleton + { name = "openldap"; + gid = config.ids.gids.openldap; + }); + }; } |