diff options
| author | Kai Wohlfahrt <kai.wohlfahrt@gmail.com> | 2020-09-13 22:42:14 +0100 |
|---|---|---|
| committer | Kai Wohlfahrt <kai.wohlfahrt@gmail.com> | 2020-11-21 15:39:20 +0000 |
| commit | adda7e62d0c2a80aa85e0c22ad806874812f9f54 (patch) | |
| tree | 2df1909e23c96754ba779db7d4ecd2b5e0b35c96 /nixos | |
| parent | d05061c5cdd5662157591c75f45113c483443f4a (diff) | |
nixos/openldap: Add support for base64 values
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/databases/openldap.nix | 44 |
1 files changed, 32 insertions, 12 deletions
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 0def1e8c34de6..cb51a3cc575c5 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -28,17 +28,31 @@ let configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d"; ldapValueType = let - singleLdapValueType = types.either types.str (types.submodule { - options = { - path = mkOption { - type = types.path; - description = '' - A path containing the LDAP attribute. This is included at run-time, so - is recommended for storing secrets. - ''; + singleLdapValueType = types.oneOf [ + types.str + (types.submodule { + options = { + path = mkOption { + type = types.path; + description = '' + A path containing the LDAP attribute. This is included at run-time, so + is recommended for storing secrets. + ''; + }; }; - }; - }); + }) + (types.submodule { + options = { + base64 = mkOption { + type = types.str; + description = '' + A base64-encoded LDAP attribute. Useful for storing values which + contain special characters (e.g. newlines) in LDIF files. + ''; + }; + }; + }) + ]; in types.either singleLdapValueType (types.listOf singleLdapValueType); ldapAttrsType = @@ -83,8 +97,14 @@ let in types.submodule { inherit options; }; valueToLdif = attr: values: let - singleValueToLdif = value: if lib.isAttrs value then "${attr}:< file://${value.path}" else "${attr}: ${value}"; - in if lib.isList values then map singleValueToLdif values else [ (singleValueToLdif values) ]; + listValues = if lib.isList values then values else lib.singleton values; + in map (value: + if lib.isAttrs value then + if lib.hasAttr "path" value + then "${attr}:< file://${value.path}" + else "${attr}:: ${value.base64}" + else "${attr}: ${lib.replaceStrings [ "\n" ] [ "\n " ] value}" + ) listValues; attrsToLdif = dn: { attrs, children, includes, ... }: ['' dn: ${dn} |