diff --git a/machines/gerd/services/drasl.nix b/machines/gerd/services/drasl.nix index dbfdf9c..0f4a1bd 100644 --- a/machines/gerd/services/drasl.nix +++ b/machines/gerd/services/drasl.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: let sources = import ./../../../shared/sources; @@ -25,6 +25,15 @@ in { ListenAddress = "localhost:${builtins.toString port}"; + # all ldap admins in group `drasl-admin` are default admins here + DefaultAdmins = config.mine.shared.lib.ldap.mkScope (lconfig: llib: let + admins = lib.forEach ( + lib.filter + (v: lib.elem lconfig.groups.drasl_admin (v.groups or [])) + (lib.attrValues lconfig.provision.users) + ) (v: v.mail); + in admins); + CreateNewPlayer.Allow = true; RegistrationNewPlayer.Allow = true; AllowPasswordLogin = false; diff --git a/machines/gerd/services/lldap/default.nix b/machines/gerd/services/lldap/default.nix index bf25375..12806c5 100644 --- a/machines/gerd/services/lldap/default.nix +++ b/machines/gerd/services/lldap/default.nix @@ -176,6 +176,8 @@ in { groupOfUniqueNames = "groupOfUniqueNames"; }; + provision = config.services.lldap.provision; + users = { admin = "admin"; # bind = "bind_user"; @@ -275,7 +277,8 @@ in { user_id = name; display_name = name; # required for nextcloud membermail = mkProvisionEmail name; - groups = with lconfig.groups; [ admin nextcloud_admin grafana_admin member ]; + mail = mkProvisionEmail name; + groups = with lconfig.groups; [ admin nextcloud_admin grafana_admin drasl_admin member ]; membermaildiskquota = 100*1024*1024; # mb nextcloudquota = 100*1024*1024; # mb }); diff --git a/machines/gerd/services/lldap/provision.nix b/machines/gerd/services/lldap/provision.nix index b5f46ff..5153b9a 100644 --- a/machines/gerd/services/lldap/provision.nix +++ b/machines/gerd/services/lldap/provision.nix @@ -37,6 +37,7 @@ "system_service" = {}; "system_mail" = {}; "nextcloud_admin" = {}; + "drasl_admin" = {}; "grafana_admin" = {}; };