fricloud/server-configs
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

nextcloud: moved admin into own ldap group

Browse source
This commit is contained in:
eyjhb 2025-03-14 16:41:44 +01:00
parent 4e58a128d8
commit a10111a791
Signed by: eyjhb
GPG key ID: 609F508E3239F920
4 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
machines/gerd/services/lldap/default.nix
View file

@ -275,7 +275,7 @@ in {
user_id = name; user_id = name;
display_name = name; # required for nextcloud display_name = name; # required for nextcloud
membermail = mkProvisionEmail name; membermail = mkProvisionEmail name;
groups = [ lconfig.groups.admin lconfig.groups.member ]; groups = with lconfig.groups; [ admin nextcloud_admin member ];
membermaildiskquota = 100*1024*1024; # mb membermaildiskquota = 100*1024*1024; # mb
nextcloudquota = 100*1024*1024; # mb nextcloudquota = 100*1024*1024; # mb
}); });

1
machines/gerd/services/lldap/module/default.nix
View file

@ -162,5 +162,6 @@ in {
${pythonEnv}/bin/python -m bootstrap.main ${configFile} ${pythonEnv}/bin/python -m bootstrap.main ${configFile}
''; '';
}; };
systemd.services.lldap.restartTriggers = [ configFile ];
}; };
} }

1
machines/gerd/services/lldap/provision.nix
View file

@ -36,6 +36,7 @@
"base_member" = {}; "base_member" = {};
"system_service" = {}; "system_service" = {};
"system_mail" = {}; "system_mail" = {};
"nextcloud_admin" = {};
}; };
# attributes # attributes

4
machines/gerd/services/nextcloud.nix
View file

@ -49,7 +49,7 @@ let
ldapGroupFilter = config.mine.shared.lib.ldap.mkFilter (lconfig: llib: ldapGroupFilter = config.mine.shared.lib.ldap.mkFilter (lconfig: llib:
llib.mkAnd [ llib.mkAnd [
(llib.mkOC lconfig.oc.groupOfUniqueNames) (llib.mkOC lconfig.oc.groupOfUniqueNames)
(llib.mkOr [ "cn=${lconfig.groups.admin}" "cn=${lconfig.groups.member}"]) (llib.mkOr [ "cn=${lconfig.groups.nextcloud_admin}" "cn=${lconfig.groups.member}"])
] ]
); );
ldapGroupFilterGroups = "admin;user"; ldapGroupFilterGroups = "admin;user";
@ -86,7 +86,7 @@ let
done done
# promote ldap admin group to admins # promote ldap admin group to admins
${occ} ldap:promote-group ${config.mine.shared.settings.ldap.groups.admin} --yes -n ${occ} ldap:promote-group ${config.mine.shared.settings.ldap.groups.nextcloud_admin} --yes -n
''; '';
# script for resetting nextcloud admin password on each startup # script for resetting nextcloud admin password on each startup