adds drasl ldap admin group

machines/gerd/services/drasl.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, lib, ... }:
 
 let
   sources = import ./../../../shared/sources;
@@ -25,6 +25,15 @@ in {
 
       ListenAddress = "localhost:${builtins.toString port}";
 
+      # all ldap admins in group `drasl-admin` are default admins here
+      DefaultAdmins = config.mine.shared.lib.ldap.mkScope (lconfig: llib: let
+        admins = lib.forEach (
+          lib.filter
+            (v: lib.elem lconfig.groups.drasl_admin (v.groups or []))
+            (lib.attrValues lconfig.provision.users)
+        ) (v: v.mail);
+      in admins);
+
       CreateNewPlayer.Allow = true;
       RegistrationNewPlayer.Allow = true;
       AllowPasswordLogin = false;

machines/gerd/services/lldap/default.nix

@@ -176,6 +176,8 @@ in {
       groupOfUniqueNames = "groupOfUniqueNames";
     };
 
+    provision = config.services.lldap.provision;
+
     users = {
       admin = "admin";
       # bind = "bind_user";
@@ -275,7 +277,8 @@ in {
       user_id = name;
       display_name = name; # required for nextcloud
       membermail = mkProvisionEmail name;
-      groups = with lconfig.groups; [ admin nextcloud_admin grafana_admin member ];
+      mail = mkProvisionEmail name;
+      groups = with lconfig.groups; [ admin nextcloud_admin grafana_admin drasl_admin member ];
       membermaildiskquota = 100*1024*1024; # mb
       nextcloudquota = 100*1024*1024; # mb
     });

machines/gerd/services/lldap/provision.nix

@@ -37,6 +37,7 @@
         "system_service" = {};
         "system_mail" = {};
         "nextcloud_admin" = {};
+        "drasl_admin" = {};
         "grafana_admin" = {};
       };