diff options
author | Kai Wohlfahrt <kai.wohlfahrt@gmail.com> | 2020-09-27 18:03:40 +0100 |
---|---|---|
committer | Kai Wohlfahrt <kai.wohlfahrt@gmail.com> | 2020-11-21 16:13:03 +0000 |
commit | ce1acd97a7162094accfb764cb1d33159dc5165f (patch) | |
tree | f2cdc7c028dacdbb571cb59bc7d490af969c01a3 /nixos | |
parent | b2ebffe18634e5038fe911b3bd2c74d26e7a7ab9 (diff) |
nixos/openldap: fix path + base64 value types
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/databases/openldap.nix | 33 | ||||
-rw-r--r-- | nixos/tests/openldap.nix | 11 |
2 files changed, 17 insertions, 27 deletions
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 6f1ac3ed71721..c333f817d0310 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -7,31 +7,14 @@ let configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d"; ldapValueType = let - singleLdapValueType = types.oneOf [ - types.str - (types.submodule { - options = { - path = mkOption { - type = types.path; - description = '' - A path containing the LDAP attribute. This is included at run-time, so - is recommended for storing secrets. - ''; - }; - }; - }) - (types.submodule { - options = { - base64 = mkOption { - type = types.str; - description = '' - A base64-encoded LDAP attribute. Useful for storing values which - contain special characters (e.g. newlines) in LDIF files. - ''; - }; - }; - }) - ]; + # Can't do types.either with multiple non-overlapping submodules, so define our own + singleLdapValueType = lib.mkOptionType rec { + name = "LDAP"; + description = "LDAP value"; + check = x: lib.isString x || (lib.isAttrs x && (x ? "path" || x ? "base64")); + merge = lib.mergeEqualOption; + }; + # We don't coerce to lists of single values, as some values must be unique in types.either singleLdapValueType (types.listOf singleLdapValueType); ldapAttrsType = diff --git a/nixos/tests/openldap.nix b/nixos/tests/openldap.nix index b6dd8f573d5d9..beaff91647446 100644 --- a/nixos/tests/openldap.nix +++ b/nixos/tests/openldap.nix @@ -21,6 +21,7 @@ in { name = "openldap"; machine = { pkgs, ... }: { + environment.etc."openldap/root_password".text = "notapassword"; services.openldap = { enable = true; defaultSchemas = null; @@ -37,13 +38,19 @@ in { ]; }; "olcDatabase={1}mdb" = { + # This tests string, base64 and path values, as well as lists of string values attrs = { objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; olcDatabase = "{1}mdb"; olcDbDirectory = "/var/db/openldap"; olcSuffix = "dc=example"; - olcRootDN = "cn=root,dc=example"; - olcRootPW = "notapassword"; + olcRootDN = { + # cn=root,dc=example + base64 = "Y249cm9vdCxkYz1leGFtcGxl"; + }; + olcRootPW = { + path = "/etc/openldap/root_password"; + }; }; }; }; |