refactor(ops/nixos): Move my NixOS configurations to //users/tazjin

NixOS modules move one level up because it's unlikely that //ops/nixos will contain actual systems at this point (they're user-specific). This is the first users folder, so it is also added to the root readTree invocation for the repository. Change-Id: I546c701145fa204b7ba7518a8a56a783588629e0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/244 Reviewed-by: tazjin <mail@tazj.in>
2020-06-13 21:52:20 +01:00 · 2020-06-13 21:52:20 +01:00 · 268729083e
commit 268729083e
parent 9658e96a87
24 changed files with 51 additions and 124 deletions
--- a/ops/nixos/modules/tvl-slapd/default.nix
+++ b/ops/nixos/modules/tvl-slapd/default.nix
@ -1,30 +0,0 @@
-# Configures an OpenLDAP instance for TVL
-#
-# TODO(tazjin): Configure ldaps://
-{ pkgs, config, ... }:
-
-{
-  services.openldap = {
-    enable = true;
-    dataDir = "/var/lib/openldap";
-    suffix = "dc=tvl,dc=fyi";
-    rootdn = "cn=admin,dc=tvl,dc=fyi";
-    rootpw = "{SSHA}yEEO6Ol2W3ritdiJzPSsjOtyPGxWF2JW";
-
-    # Contents are immutable at runtime, and adding user accounts etc.
-    # is done statically in the LDIF-formatted contents in this folder.
-    declarativeContents = builtins.readFile ./contents.ldif;
-
-    # ACL configuration
-    extraDatabaseConfig = ''
-      # Allow users to change their own password
-      access to attrs=userPassword
-        by self write
-        by anonymous auth
-        by users none
-
-      # Allow default read access to other directory elements
-      access to * by * read
-    '';
-  };
-}