lldap: automatic provision + system users + stalwart + whatever

machines/gerd/services/stalwart/stalwart.nix

@@ -50,7 +50,10 @@ in {
         filter = let
           _mkFilter = attrs: ph: config.mine.shared.lib.ldap.mkFilter (lconfig: llib:
             llib.mkAnd [
-              (llib.mkGroup lconfig.groups.member)
+              (llib.mkOr [
+                (llib.mkGroup lconfig.groups.member)
+                (llib.mkGroup lconfig.groups.system_mail)
+              ])
               (llib.mkOr (lib.forEach attrs (v: llib.mkSearch v ph)))
             ]
           );
@@ -58,22 +61,21 @@ in {
           attrs = config.mine.shared.settings.ldap.attr // { emailAlias = "mailAlias"; emailList = "mailList"; };
         in {
           name = _mkFilter [ attrs.uid ] "?";
-          email = _mkFilter [ attrs.email attrs.emailAlias attrs.emailList ] "?";
-          verify = _mkFilter [ attrs.email attrs.emailAlias ] "*?*";
-          expand = _mkFilter [ attrs.emailList ] "?";
-          domains = _mkFilter [ attrs.email attrs.emailAlias ] "*@?";
+          email = _mkFilter [ attrs.membermail ] "?";
         };
 
-        attributes = {
-          name = "uid";
+        attributes = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
+          name = lconfig.attr.uid;
+          # name = lconfig.attr.member_mail;
+          description = lconfig.attr.firstname;
+          email = lconfig.attr.membermail;
+          quota = lconfig.attr.membermaildiskquota;
           class = "objectClass";
-          description = "givenName";
-          secret = "uid";
           groups = "memberOf";
-          email = "mail";
-          # email-alias = "mailAlias";
-          # quota = "diskQuota";
-        };
+          # we dont have access to this in lldap
+          # secret = lconfig.attr.stalwart_secret;
+        });
+
         
       };