ran deadnix

2025-04-25 16:08:30 +02:00 · 2024-09-10 13:12:09 +02:00 · 2024-09-10 13:12:09 +02:00 · 2281866548
commit 2281866548
parent cf5fdaed5d
7 changed files with 105 additions and 109 deletions
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -53,56 +53,56 @@
  console.keyMap = "dvorak";


-  # services.openldap = {
-  #   enable = true;
-  #   urlList = [ "ldap:///" ];
-  #   settings = {
-  #     attrs = {
-  #       olcLogLevel = "conns config";
-  #     };
-  #     children = {
-  #       "cn=schema".includes = [
-  #         "${pkgs.openldap}/etc/schema/core.ldif"
-  #         # attributetype ( 9999.1.1 NAME 'isMemberOf'
-  #         # DESC 'back-reference to groups this user is a member of'
-  #         # SUP distinguishedName )
-  #         "${pkgs.openldap}/etc/schema/cosine.ldif"
-  #         "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
-  #         "${pkgs.openldap}/etc/schema/nis.ldif"
-  #         # "${pkgs.writeText "openssh.schema" ''
-  #         # 	attributetype ( 9999.1.2 NAME 'sshPublicKey'
-  #         # 		DESC 'SSH public key used by this user'
-  #         # 		SUP name )
-  #         # ''}"
-  #       ];
+  services.openldap = {
+    enable = true;
+    urlList = [ "ldap:///" ];
+    settings = {
+      attrs = {
+        olcLogLevel = "conns config";
+      };
+      children = {
+        "cn=schema".includes = [
+          "${pkgs.openldap}/etc/schema/core.ldif"
+          # attributetype ( 9999.1.1 NAME 'isMemberOf'
+          # DESC 'back-reference to groups this user is a member of'
+          # SUP distinguishedName )
+          "${pkgs.openldap}/etc/schema/cosine.ldif"
+          "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
+          "${pkgs.openldap}/etc/schema/nis.ldif"
+          # "${pkgs.writeText "openssh.schema" ''
+          # 	attributetype ( 9999.1.2 NAME 'sshPublicKey'
+          # 		DESC 'SSH public key used by this user'
+          # 		SUP name )
+          # ''}"
+        ];

-  #       "olcDatabase={1}mdb".attrs = {
-  #         objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
+        "olcDatabase={1}mdb".attrs = {
+          objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];

-  #         olcDatabase = "{1}mdb";
-  #         olcDbDirectory = "/var/lib/openldap/data";
+          olcDatabase = "{1}mdb";
+          olcDbDirectory = "/var/lib/openldap/data";

-  #         olcSuffix = "dc=ifsr,dc=de";
+          olcSuffix = "dc=ifsr,dc=de";

-  #         /* your admin account, do not use writeText on a production system */
-  #         olcRootDN = "cn=portunus,dc=ifsr,dc=de";
-  #         olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";
+          /* your admin account, do not use writeText on a production system */
+          olcRootDN = "cn=portunus,dc=ifsr,dc=de";
+          olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";

-  #         olcAccess = [
-  #           /* custom access rules for userPassword attributes */
-  #           ''{0}to attrs=userPassword
-  #               by self write
-  #               by anonymous auth
-  #               by * none''
+          olcAccess = [
+            /* custom access rules for userPassword attributes */
+            ''{0}to attrs=userPassword
+                by self write
+                by anonymous auth
+                by * none''

-  #           /* allow read on anything else */
-  #           ''{1}to *
-  #               by * read''
-  #         ];
-  #       };
-  #     };
-  #   };
-  # };
+            /* allow read on anything else */
+            ''{1}to *
+                by * read''
+          ];
+        };
+      };
+    };
+  };


  services = {