Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

ldap: now got secure mode

Browse source
This commit is contained in:
silver 2023-05-21 22:45:20 +01:00
parent a660a60346
commit de76e8eee6
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
applications/ldap.nix
View file

@ -97,7 +97,7 @@ Gonna use a priper nixos module for this
after = [ "acme-${cfg.domain.base}.service" ]; after = [ "acme-${cfg.domain.base}.service" ];
}; };
users.groups.certs.members = [ "openldap" ]; users.groups.acme.members = [ "openldap" ];
services.openldap = { services.openldap = {
enable = true; enable = true;
@ -114,10 +114,12 @@ Gonna use a priper nixos module for this
olcTLSCACertificateFile = "/var/lib/acme/${cfg.domain.base}/full.pem"; olcTLSCACertificateFile = "/var/lib/acme/${cfg.domain.base}/full.pem";
olcTLSCertificateFile = "/var/lib/acme/${cfg.domain.base}/cert.pem"; olcTLSCertificateFile = "/var/lib/acme/${cfg.domain.base}/cert.pem";
olcTLSCertificateKeyFile = "/var/lib/acme/${cfg.domain.base}/key.pem"; olcTLSCertificateKeyFile = "/var/lib/acme/${cfg.domain.base}/key.pem";
olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL"; # got teh ciphers from https://access.redhat.com/articles/1474813
# the ones provided on the nixos page didnt work
olcTLSCipherSuite = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!EDH:!EXP:!SSLV2:!eNULL";
olcTLSCRLCheck = "none"; olcTLSCRLCheck = "none";
olcTLSVerifyClient = "never"; olcTLSVerifyClient = "never";
olcTLSProtocolMin = "3.1"; olcTLSProtocolMin = "3.3";
}; };
children = { children = {