Compare commits
2 commits
02ab47fad5
...
68c8c26857
| Author | SHA1 | Date | |
|---|---|---|---|
|
68c8c26857
|
||
|
|
332a10a0f9
|
3 changed files with 27 additions and 14 deletions
|
|
@ -246,10 +246,12 @@ in {
|
|||
mkProvisionEmail = name: "${name}@${config.mine.shared.settings.domain}";
|
||||
mkProvisionUserNormal = name: config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
|
||||
user_id = name;
|
||||
display_name = name; # required for nextcloud
|
||||
membermail = mkProvisionEmail name;
|
||||
mail = "env:EMAIL_${lib.toUpper name}";
|
||||
groups = [ lconfig.groups.member ];
|
||||
membermaildiskquota = 100*1024*1024; # mb
|
||||
nextcloudquota = 5*1024*1024; # mb
|
||||
});
|
||||
|
||||
mkProvisionUserSystem = name: password_file: config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
|
||||
|
|
@ -261,11 +263,21 @@ in {
|
|||
membermaildiskquota = 10*1024*1024; # mb
|
||||
});
|
||||
|
||||
mkProvisionUserSystemExt = name: password_file: custom_attrs: lib.recursiveUpdate (config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
|
||||
user_id = name;
|
||||
membermail = mkProvisionEmail name;
|
||||
password = "file:${password_file}";
|
||||
groups = [ lconfig.groups.system_mail lconfig.groups.system_service ];
|
||||
membermaildiskquota = 10*1024*1024; # mb
|
||||
})) custom_attrs;
|
||||
|
||||
mkProvisionUserAdmin = name: config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
|
||||
user_id = name;
|
||||
display_name = name; # required for nextcloud
|
||||
membermail = mkProvisionEmail name;
|
||||
groups = [ lconfig.groups.admin lconfig.groups.member ];
|
||||
membermaildiskquota = 100*1024*1024; # mb
|
||||
nextcloudquota = 100*1024*1024; # mb
|
||||
});
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -12,27 +12,23 @@
|
|||
provision = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
|
||||
# users
|
||||
users = {
|
||||
# normal users
|
||||
testusername = {
|
||||
membermail = "env:EMAIL_EMAIL0";
|
||||
groups = [ config.services.lldap.provision.groups.system_mail.display_name ];
|
||||
# bind user
|
||||
bind = {
|
||||
user_id = "bind_user";
|
||||
groups = [ lconfig.groups.password_manager lconfig.groups.strict_readonly ];
|
||||
};
|
||||
|
||||
user1 = llib.mkProvisionUserNormal "thief420";
|
||||
# system users - defined in each service
|
||||
# should not be done here
|
||||
|
||||
# admin users
|
||||
admin = llib.mkProvisionUserAdmin "admin";
|
||||
eyjhb = llib.mkProvisionUserAdmin "eyjhb";
|
||||
rasmus = llib.mkProvisionUserAdmin "rasmus";
|
||||
|
||||
# system users - defined in each service
|
||||
# should not be done here
|
||||
|
||||
# bind user
|
||||
bind = {
|
||||
user_id = "bind_user";
|
||||
groups = [ lconfig.groups.password_manager lconfig.groups.strict_readonly ];
|
||||
};
|
||||
# normal users
|
||||
user1 = llib.mkProvisionUserNormal "thief420";
|
||||
testusername = (llib.mkProvisionUserNormal "testusername") // { mail = "testusername@fricloud.dk"; };
|
||||
};
|
||||
|
||||
# groups
|
||||
|
|
@ -59,6 +55,9 @@
|
|||
membermaildiskquota = {
|
||||
attributeType = "INTEGER";
|
||||
};
|
||||
nextcloudquota = {
|
||||
attributeType = "INTEGER";
|
||||
};
|
||||
};
|
||||
|
||||
});
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
let
|
||||
svc_domain = "nextcloud.${config.mine.shared.settings.domain}";
|
||||
|
||||
default_storage_quota = "100MB";
|
||||
default_storage_quota = "1mb";
|
||||
|
||||
# place data into own zfs dataset
|
||||
stateDir = config.mine.zfsMounts."rpool/safe/svcs/nextcloud";
|
||||
|
|
@ -59,6 +59,8 @@ let
|
|||
ldapUserFilterMode = 1;
|
||||
ldapExpertUsernameAttr = config.mine.shared.settings.ldap.attr.uid;
|
||||
ldapConfigurationActive = 1;
|
||||
ldapQuotaDefault = 1;
|
||||
ldapQuotaAttribute = config.mine.shared.settings.ldap.attr.nextcloudquota;
|
||||
};
|
||||
ldap_commands = lib.mapAttrsToList (n: v: "${occ} ldap:set-config $NEW_CONFIG_ID ${n} '${builtins.toString v}'") ldap_settings;
|
||||
in pkgs.writeShellScript "nextcloud-add-ldap.sh" ''
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue