nixos/ldap: rename password file options properly

users.ldap.daemon.rootpwmodpw -> users.ldap.daemon.rootpwmodpwFile users.ldap.bind.password -> users.ldap.bind.passwordFile as users.ldap.daemon.rootpwmodpw never was part of a release, no mkRenamedOptionModule is introduced.
2019-03-27 01:46:19 +01:00 · 2019-03-27 01:46:19 +01:00 · 0a1451afe3
commit 0a1451afe3
parent 2dc4153633
2 changed files with 16 additions and 13 deletions
--- a/nixos/modules/config/ldap.nix
+++ b/nixos/modules/config/ldap.nix
@ -139,13 +139,13 @@ in
          '';
        };

-        rootpwmodpw = mkOption {
+        rootpwmodpwFile = mkOption {
          default = "";
          example = "/run/keys/nslcd.rootpwmodpw";
          type = types.str;
          description = ''
-            The path to a file containing the credentials with which
-            to bind to the LDAP server if the root user tries to change a user's password
+            The path to a file containing the credentials with which to bind to
+            the LDAP server if the root user tries to change a user's password.
          '';
        };
      };
@ -161,7 +161,7 @@ in
          '';
        };

-        password = mkOption {
+        passwordFile = mkOption {
          default = "/etc/ldap/bind.password";
          type = types.str;
          description = ''
@ -224,10 +224,10 @@ in

    system.activationScripts = mkIf insertLdapPassword {
      ldap = stringAfter [ "etc" "groups" "users" ] ''
-        if test -f "${cfg.bind.password}" ; then
+        if test -f "${cfg.bind.passwordFile}" ; then
          umask 0077
          conf="$(mktemp)"
-          printf 'bindpw %s\n' "$(cat ${cfg.bind.password})" |
+          printf 'bindpw %s\n' "$(cat ${cfg.bind.passwordFile})" |
          cat ${ldapConfig.source} - >"$conf"
          mv -fT "$conf" /etc/ldap.conf
        fi
@ -260,10 +260,10 @@ in
          conf="$(mktemp)"
          {
            cat ${nslcdConfig.source}
-            test -z '${cfg.bind.distinguishedName}' -o ! -f '${cfg.bind.password}' ||
-            printf 'bindpw %s\n' "$(cat '${cfg.bind.password}')"
-            test -z '${cfg.daemon.rootpwmoddn}' -o ! -f '${cfg.daemon.rootpwmodpw}' ||
-            printf 'rootpwmodpw %s\n' "$(cat '${cfg.daemon.rootpwmodpw}')"
+            test -z '${cfg.bind.distinguishedName}' -o ! -f '${cfg.bind.passwordFile}' ||
+            printf 'bindpw %s\n' "$(cat '${cfg.bind.passwordFile}')"
+            test -z '${cfg.daemon.rootpwmoddn}' -o ! -f '${cfg.daemon.rootpwmodpwFile}' ||
+            printf 'rootpwmodpw %s\n' "$(cat '${cfg.daemon.rootpwmodpwFile}')"
          } >"$conf"
          mv -fT "$conf" /etc/nslcd.conf
        '';
@ -287,4 +287,8 @@ in
    };

  };
+
+  imports =
+    [ (mkRenamedOptionModule [ "users" "ldap" "bind" "password"] [ "users" "ldap" "bind" "passwordFile"])
+    ];
 }
--- a/nixos/tests/ldap.nix
+++ b/nixos/tests/ldap.nix
@ -28,9 +28,8 @@ let
      users.ldap.daemon = {
        enable = useDaemon;
        rootpwmoddn = "cn=admin,${dbSuffix}";
-        rootpwmodpw = "/etc/nslcd.rootpwmodpw";
+        rootpwmodpwFile = "/etc/nslcd.rootpwmodpw";
      };
-      # NOTE: password stored in clear in Nix's store, but this is a test.
      environment.etc."nslcd.rootpwmodpw".source = pkgs.writeText "rootpwmodpw" dbAdminPwd;
      users.ldap.loginPam = true;
      users.ldap.nsswitch = true;
@ -38,7 +37,7 @@ let
      users.ldap.base = "ou=posix,${dbSuffix}";
      users.ldap.bind = {
        distinguishedName = "cn=admin,${dbSuffix}";
-        password = "/etc/ldap/bind.password";
+        passwordFile = "/etc/ldap/bind.password";
      };
      # NOTE: password stored in clear in Nix's store, but this is a test.
      environment.etc."ldap/bind.password".source = pkgs.writeText "password" dbAdminPwd;