nextcloud: moved admin into own ldap group

machines/gerd/services/lldap/default.nix

@@ -275,7 +275,7 @@ in {
       user_id = name;
       display_name = name; # required for nextcloud
       membermail = mkProvisionEmail name;
-      groups = [ lconfig.groups.admin lconfig.groups.member ];
+      groups = with lconfig.groups; [ admin nextcloud_admin member ];
       membermaildiskquota = 100*1024*1024; # mb
       nextcloudquota = 100*1024*1024; # mb
     });

machines/gerd/services/lldap/module/default.nix

@@ -162,5 +162,6 @@ in {
         ${pythonEnv}/bin/python -m bootstrap.main ${configFile}
       '';
     };
+    systemd.services.lldap.restartTriggers = [ configFile ];
   };
 }

machines/gerd/services/lldap/provision.nix

@@ -36,6 +36,7 @@
         "base_member" = {};
         "system_service" = {};
         "system_mail" = {};
+        "nextcloud_admin" = {};
       };
 
       # attributes

machines/gerd/services/nextcloud.nix

@@ -49,7 +49,7 @@ let
       ldapGroupFilter = config.mine.shared.lib.ldap.mkFilter (lconfig: llib:
         llib.mkAnd [
           (llib.mkOC lconfig.oc.groupOfUniqueNames)
-          (llib.mkOr [ "cn=${lconfig.groups.admin}" "cn=${lconfig.groups.member}"])
+          (llib.mkOr [ "cn=${lconfig.groups.nextcloud_admin}" "cn=${lconfig.groups.member}"])
         ]
       );
       ldapGroupFilterGroups = "admin;user";
@@ -86,7 +86,7 @@ let
     done
 
     # promote ldap admin group to admins
-    ${occ} ldap:promote-group ${config.mine.shared.settings.ldap.groups.admin} --yes -n
+    ${occ} ldap:promote-group ${config.mine.shared.settings.ldap.groups.nextcloud_admin} --yes -n
   '';
 
   # script for resetting nextcloud admin password on each startup