gerd.nextcloud: ldap promote admin group

machines/gerd/services/nextcloud.nix

@@ -36,8 +36,8 @@ let
       # EDIT: nextcloud_users group, contains the users who can login to Nextcloud
       ldapUserFilter = "(&(objectclass=person)${config.mine.shared.settings.ldap.user_filter})";
       ldapUserFilterObjectclass = "person";
-      ldapGroupFilter = "(&(objectclass=groupOfUniqueNames)(cn=${config.mine.shared.settings.ldap.groups.member}))";
+      ldapGroupFilter = "(&(objectclass=groupOfUniqueNames)(|(cn=${config.mine.shared.settings.ldap.groups.admin})(cn=${config.mine.shared.settings.ldap.groups.member})))";
-      ldapGroupFilterGroups = config.mine.shared.settings.ldap.groups.member;
+      ldapGroupFilterGroups = "admin;user";
       ldapGroupFilterObjectclass = "groupOfUniqueNames";
       ldapGroupMemberAssocAttr = "uniqueMember";
       ldapEmailAttribute = config.mine.shared.settings.ldap.attr.email;
@@ -59,10 +59,13 @@ let
     # create new empty config
     ${occ} ldap:create-empty-config
 
-    # setup password
+    # setup ldap password
     BIND_USERPASS="$(cat $CREDENTIALS_DIRECTORY/lldap-bind-user-pass)"
     ${occ} ldap:set-config s01 ldapAgentPassword "$BIND_USERPASS"
 
+    # promote ldap admin group to admins
+    ${occ} ldap:promote-group ${config.mine.shared.settings.ldap.groups.admin} || true
+
     # set settings
     ${builtins.concatStringsSep "\n" ldap_commands}
   '';