nixpkgs/nixos/modules/config
Florian Klink 8817bbefdb nixos/ldap: set proper User= and Group= for nslcd service
eb90d9700958aefbc7b886f2b524c6d04dc1d80d broke nslcd, as /run/nslcd was
created/chowned as root user, while nslcd wants to do parts as nslcd
user.

This commit changes the nslcd to run with the proper uid/gid from the
start (through User= and Group=), so the RuntimeDirectory has proper
permissions, too.

In some cases, secrets are baked into nslcd's config file during startup
(so we don't want to provide it from the store).

This config file is normally hard-wired to /etc/nslcd.conf, but we don't
want to use PermissionsStartOnly anymore (#56265), and activation
scripts are ugly, so redirect /etc/nslcd.conf to /run/nslcd/nslcd.conf,
which now gets provisioned inside ExecStartPre=.

This change requires the files referenced to in
users.ldap.bind.passwordFile and users.ldap.daemon.rootpwmodpwFile to be
readable by the nslcd user (in the non-nslcd case, this was already the
case for users.ldap.bind.passwordFile)

fixes #57783
2019-03-28 13:08:47 +01:00
..
fonts nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
gtk nixos gtk.iconCache.enable: default from xserver.enable 2018-11-17 11:18:10 +01:00
krb5 nixos: correct improper uses of mkEnableOption, clarify service descriptions 2018-10-05 13:14:45 +07:00
xdg nixos: add XDG sounds module 2018-12-18 00:32:13 +01:00
appstream.nix nixos: add AppStream module 2018-12-04 20:26:25 +00:00
debug-info.nix Set $NIX_DEBUG_INFO_DIRS when environment.enableDebugInfo is enabled 2017-10-10 12:04:57 +02:00
gnu.nix treewide: isArm -> isAarch32 2018-04-25 15:28:55 -04:00
i18n.nix Merge pull request #36424 from jfrankenau/i18n-extra-locale 2018-11-29 16:22:34 +01:00
iproute2.nix alternative for iproute module (#41801) 2018-09-01 20:28:23 +02:00
ldap.nix nixos/ldap: set proper User= and Group= for nslcd service 2019-03-28 13:08:47 +01:00
networking.nix Revert "resolvconf.conf: Remove forced NSCD service restart" 2018-11-21 15:26:37 +01:00
no-x-libs.nix nixos/no-x-libs.nix: override pinentry directly 2019-02-27 23:53:50 -05:00
nsswitch.nix nixos/nsswitch: add option to configure nssHosts 2019-02-22 23:00:24 +01:00
power-management.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
pulseaudio.nix nixos/pulseaudio: disable flat-volumes by default 2019-01-27 19:51:26 +00:00
shells-environment.nix nixos/shells: enable to nullify already defined aliases 2018-10-14 00:14:49 +09:00
swap.nix change swap.randomEncryption config option to "coercedTo" for backwards compatibility 2017-07-26 20:57:10 +03:00
sysctl.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
system-environment.nix
system-path.nix system-path: set implicitly installed packages to be low-priority 2018-12-26 23:16:17 +09:00
terminfo.nix
timezone.nix nixos/config/timezone: Disallow spaces 2017-10-09 20:52:25 +02:00
unix-odbc-drivers.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
update-users-groups.pl
users-groups.nix lib.makePerlPath -> perlPackages.makePerlPath 2018-12-15 03:50:31 +00:00
vpnc.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
zram.nix zram: revert "change default algorithm to zstd" (#56856) 2019-03-07 02:11:20 +02:00