{ config, lib, ... }: let mkEmail = name: "${name}@${config.mine.shared.settings.domain}"; mkUserNormal = name: { user_id = name; member_email = mkEmail name; mail = "env:EMAIL_${lib.toUpper name}"; groups = [ "base_member" ]; mail_disk_quota = 100*1024*1024; # mb }; mkUserSystem = name: password_file: { user_id = name; member_email = mkEmail name; password = "file:${password_file}"; # TODO: remove base_member in the future, or have # more granular controls for emails and shit groups = [ "base_member" "system_service" ]; mail_disk_quota = 10*1024*1024; # mb }; mkUserAdmin = name: { user_id = name; member_email = mkEmail name; groups = [ "base_member" "lldap_admin" ]; mail_disk_quota = 100*1024*1024; # mb }; in { imports = [ ./bootstrap/lldap-state-module.nix ]; mine.lldap_provision = { enable = true; url = config.mine.shared.meta.lldap.url; username = "admin"; passwordFile = config.age.secrets.lldap-admin-user-pass.path; # username = "testusername"; # passwordFile = ./test.txt; group_attributes = { group_foo = { attributeType = "STRING"; isEditable = true; isVisible = true; }; }; user_attributes = { member_email = { attributeType = "STRING"; isEditable = false; isVisible = true; }; mail_disk_quota = { attributeType = "INTEGER"; }; }; groups = let gs = [ "base_member" "system_service" "system_email" ]; in lib.listToAttrs (lib.forEach gs (v: lib.nameValuePair v { display_name = v; })); users = { # normal users testusername = { member_email = "env:USER1_EMAIL"; }; user1 = mkUserNormal "thief420"; # admin users admin = mkUserAdmin "admin"; eyjhb = mkUserAdmin "eyjhb"; rasmus = mkUserAdmin "rasmus"; # system users authelia = mkUserSystem "authelia" config.age.secrets.authelia-smtp-password.path; wger = mkUserSystem "wger" config.age.secrets.wger-ldap-pass.path; # bind user bind_user = { groups = [ "lldap_password_manager" "lldap_strict_readonly" ]; }; }; }; systemd.services.lldapsetup.environment = { USER1_EMAIL = "eyjhbbbbbbb@fricloud.dk"; EMAIL_THIEF420 = "someemail@gmail.com"; }; }