Added openldap user, group and configure service so its not running as root.

2013-11-28 22:21:50 +01:00 · 2013-11-28 22:21:50 +01:00 · cb691265b6
commit cb691265b6
parent 0d18b8169e
2 changed files with 27 additions and 2 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -107,6 +107,7 @@
      redis = 96;
      haproxy = 97;
      mongodb = 98;
      openldap = 99;
      # When adding a uid, make sure it doesn't match an existing gid.
@ -194,6 +195,7 @@
      amule = 90;
      minidlna = 91;
      haproxy = 92;
      openldap = 93;
      # When adding a gid, make sure it doesn't match an existing uid.
--- a/nixos/modules/services/databases/openldap.nix
+++ b/nixos/modules/services/databases/openldap.nix
@ -26,6 +26,16 @@ in
        ";
      };
      user = mkOption {
        default = "openldap";
        description = "User account under which slapd runs.";
      };
      group = mkOption {
        default = "openldap";
        description = "Group account under which slapd runs.";
      };
      extraConfig = mkOption {
        default = "";
        description = "
@ -49,10 +59,23 @@ in
      after = [ "network.target" ];
      preStart = ''
        mkdir -p /var/run/slapd
        chown -R ${cfg.user}:${cfg.group} /var/run/slapd
        mkdir -p /var/db/openldap
        chown -R ${cfg.user}:${cfg.group} /var/db/openldap
      '';
-      serviceConfig.ExecStart = "${openldap}/libexec/slapd -d 0 -f ${configFile}";
+      serviceConfig.ExecStart = "${openldap}/libexec/slapd -u openldap -g openldap -d 0 -f ${configFile}";
    };
-  };
+    users.extraUsers = optionalAttrs (cfg.user == "openldap") (singleton
      { name = "openldap";
        group = "openldap";
        uid = config.ids.uids.openldap;
      });
    users.extraGroups = optionalAttrs (cfg.group == "openldap") (singleton
      { name = "openldap";
        gid = config.ids.gids.openldap;
     });
  };
 }