sourcephile / git / sourcephile-nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fail2ban: enable on mermet too
[sourcephile-nix.git] / nixos / modules / services / databases / openldap.nix
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix
index 1ae5eea592bbbf98e43fc46707ed09d31e2d945b..bc7a2ecc843d463d6456eaf95d3869898bc6a5eb 100644 (file)
--- a/nixos/modules/services/databases/openldap.nix
+++ b/nixos/modules/services/databases/openldap.nix
@@ -2,9 +2,10 @@
 let
   inherit (builtins) baseNameOf readFile;
   inherit (lib) types;
-  inherit (pkgs.lib) unlinesAttrs;
   inherit (config.services) openldap;
   inherit (config.users) ldap;
+  unlines = lib.concatStringsSep "\n";
+  unlinesAttrs = f: as: unlines (lib.mapAttrsToList f as);
 in
 {
 options = {
@@ -27,8 +28,8 @@ services.openldap.cnConfig = lib.mkOption {
     dn: cn={0}module,cn=config
     objectClass: olcModuleList
     olcModulePath: ${pkgs.openldap}/lib/modules
-    olcModuleLoad: pw-sha2
-    olcModuleLoad: pw-pbkdf2
+    #olcModuleLoad: pw-sha2
+    #olcModuleLoad: pw-pbkdf2
     olcModuleLoad: back_mdb
 
     dn: olcDatabase={-1}frontend,cn=config
@@ -45,7 +46,8 @@ services.openldap.cnConfig = lib.mkOption {
     olcAccess: to dn.base="cn=Subschema"
       by * read
     # Hash algorithm to be used by LDAP Password Modify Extended Operation or the ppolicy overlay
-    olcPasswordHash: {PBKDF2-SHA256}
+    #olcPasswordHash: {PBKDF2-SHA256}
+    olcPasswordHash: {SSHA}
 
     dn: olcDatabase={0}config,cn=config
     objectClass: olcDatabaseConfig
NixOS configurations for Sourcephile's infrastructure