39 lines
1.2 KiB
Nix
39 lines
1.2 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
...
|
|
}: {
|
|
systemd.services.lldap-bootstrap = {
|
|
description = "Bootstraps LLDAP users";
|
|
requires = ["lldap.service"];
|
|
serviceConfig = {
|
|
DynamicUser = true;
|
|
Type = "oneshot";
|
|
ProtectSystem = "strict";
|
|
ProtectHome = true;
|
|
PrivateUsers = true;
|
|
PrivateTmp = true;
|
|
LoadCredential = "inadyn.conf:${config.sops.templates."inadyn.conf".path}";
|
|
CacheDirectory = "inadyn";
|
|
ExecStart = ''
|
|
export LLDAP_URL=http://localhost:8080
|
|
export LLDAP_ADMIN_USERNAME=admin
|
|
export LLDAP_ADMIN_PASSWORD=changeme
|
|
export USER_CONFIGS_DIR="$(realpath ./configs/user)"
|
|
export GROUP_CONFIGS_DIR="$(realpath ./configs/group)"
|
|
export USER_SCHEMAS_DIR="$(realpath ./configs/user-schema)"
|
|
export GROUP_SCHEMAS_DIR="$(realpath ./configs/group-schema)"
|
|
export LLDAP_SET_PASSWORD_PATH="$(realpath ./lldap_set_password)"
|
|
export DO_CLEANUP=false
|
|
./bootstrap.sh
|
|
|
|
${pkgs.inadyn}/bin/inadyn \
|
|
--foreground \
|
|
--syslog \
|
|
--once \
|
|
--cache-dir ''${CACHE_DIRECTORY} \
|
|
--config ''${CREDENTIALS_DIRECTORY}/inadyn.conf
|
|
'';
|
|
};
|
|
};
|
|
}
|