hpc
/
nixcfg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
NixOS configuration for HPC cluster https://docs.hpc.informatik.hs-fulda.de/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
352 KiB
Tree: ce8862bf37
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ce8862bf37'
${ noResults }
nixcfg/machines/manager/ldap.nix

43 lines
1.3 KiB
Raw Normal View History

Inital import
1 year ago
  1. { config, ... }:
  3. {
  4. services.openldap = {
  5. enable = true;
  6. settings = {
  7. children = {
  8. "cn=schema".includes = [
  9. "${config.services.openldap.package}/etc/schema/core.ldif"
  10. "${config.services.openldap.package}/etc/schema/cosine.ldif"
  11. "${config.services.openldap.package}/etc/schema/inetorgperson.ldif"
  12. "${config.services.openldap.package}/etc/schema/nis.ldif"
  13. ];
  14. "olcDatabase={1}mdb" = {
  15. attrs = {
  16. objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
  18. olcDatabase = "{1}mdb";
  19. olcDbDirectory = "/var/lib/openldap/db";
  21. olcSuffix = "dc=sc,dc=informatik,dc=hs-fulda,dc=de";
  23. olcRootDN = "cn=root,dc=sc,dc=informatik,dc=hs-fulda,dc=de";
  24. olcRootPW.path = config.sops.secrets."ldap/root/password".path;
  26. olcAccess = [
  27. # Custom access rules for userPassword attributes
  28. ''{0}to attrs=userPassword
  29. by self write
  30. by anonymous auth
  31. by * none''
  33. # Allow read on anything else
  34. ''{1}to *
  35. by * read''
  36. ];
  37. };
  38. };
  39. };
  40. };
  41. };
  43. sops.secrets."ldap/root/password" = { };
  44. }