nixos/openldap: Add support for base64 values

2024-09-29 15:43:00 +00:00 · 2020-09-13 22:42:14 +01:00 · 2020-09-13 22:42:14 +01:00 · adda7e62d0
commit adda7e62d0
parent d05061c5cd
1 changed files with 32 additions and 12 deletions
--- a/nixos/modules/services/databases/openldap.nix
+++ b/nixos/modules/services/databases/openldap.nix
@ -28,17 +28,31 @@ let
  configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d";

  ldapValueType = let
-    singleLdapValueType = types.either types.str (types.submodule {
-      options = {
-        path = mkOption {
-          type = types.path;
-          description = ''
-            A path containing the LDAP attribute. This is included at run-time, so
-            is recommended for storing secrets.
-          '';
+    singleLdapValueType = types.oneOf [
+      types.str
+      (types.submodule {
+        options = {
+          path = mkOption {
+            type = types.path;
+            description = ''
+              A path containing the LDAP attribute. This is included at run-time, so
+              is recommended for storing secrets.
+            '';
+          };
        };
-      };
-    });
+      })
+      (types.submodule {
+        options = {
+          base64 = mkOption {
+            type = types.str;
+            description = ''
+              A base64-encoded LDAP attribute. Useful for storing values which
+              contain special characters (e.g. newlines) in LDIF files.
+            '';
+          };
+        };
+      })
+    ];
  in types.either singleLdapValueType (types.listOf singleLdapValueType);

  ldapAttrsType =
@ -83,8 +97,14 @@ let
    in types.submodule { inherit options; };

  valueToLdif = attr: values: let
-    singleValueToLdif = value: if lib.isAttrs value then "${attr}:< file://${value.path}" else "${attr}: ${value}";
-  in if lib.isList values then map singleValueToLdif values else [ (singleValueToLdif values) ];
+    listValues = if lib.isList values then values else lib.singleton values;
+  in map (value:
+    if lib.isAttrs value then
+      if lib.hasAttr "path" value
+      then "${attr}:< file://${value.path}"
+      else "${attr}:: ${value.base64}"
+    else "${attr}: ${lib.replaceStrings [ "\n" ] [ "\n " ] value}"
+  ) listValues;

  attrsToLdif = dn: { attrs, children, includes, ... }: [''
    dn: ${dn}