From 492236862cc5ddd06107183290128a69ed02bd16 Mon Sep 17 00:00:00 2001
From: eyjhb <eyjhbb@gmail.com>
Date: Wed, 14 Aug 2024 21:55:33 +0200
Subject: [PATCH] gerd.nextcloud: ldap promote admin group

---
 machines/gerd/services/nextcloud.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/machines/gerd/services/nextcloud.nix b/machines/gerd/services/nextcloud.nix
index 71aa0fe..26dde09 100644
--- a/machines/gerd/services/nextcloud.nix
+++ b/machines/gerd/services/nextcloud.nix
@@ -36,8 +36,8 @@ let
       # EDIT: nextcloud_users group, contains the users who can login to Nextcloud
       ldapUserFilter = "(&(objectclass=person)${config.mine.shared.settings.ldap.user_filter})";
       ldapUserFilterObjectclass = "person";
-      ldapGroupFilter = "(&(objectclass=groupOfUniqueNames)(cn=${config.mine.shared.settings.ldap.groups.member}))";
-      ldapGroupFilterGroups = config.mine.shared.settings.ldap.groups.member;
+      ldapGroupFilter = "(&(objectclass=groupOfUniqueNames)(|(cn=${config.mine.shared.settings.ldap.groups.admin})(cn=${config.mine.shared.settings.ldap.groups.member})))";
+      ldapGroupFilterGroups = "admin;user";
       ldapGroupFilterObjectclass = "groupOfUniqueNames";
       ldapGroupMemberAssocAttr = "uniqueMember";
       ldapEmailAttribute = config.mine.shared.settings.ldap.attr.email;
@@ -59,10 +59,13 @@ let
     # create new empty config
     ${occ} ldap:create-empty-config
 
-    # setup password
+    # setup ldap password
     BIND_USERPASS="$(cat $CREDENTIALS_DIRECTORY/lldap-bind-user-pass)"
     ${occ} ldap:set-config s01 ldapAgentPassword "$BIND_USERPASS"
 
+    # promote ldap admin group to admins
+    ${occ} ldap:promote-group ${config.mine.shared.settings.ldap.groups.admin} || true
+
     # set settings
     ${builtins.concatStringsSep "\n" ldap_commands}
   '';