fricloud/server-configs
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
server-configs/machines/gerd/services/lldap/test.nix
eyjhb ae3c110e18
more work on ldap bootstrapping
2025-02-02 00:12:38 +01:00

98 lines
2.4 KiB
Nix
Raw Blame History

{ config, lib, ... }:
let
mkEmail = name: "${name}@${config.mine.shared.settings.domain}";
mkUserNormal = name: {
user_id = name;
member_email = mkEmail name;
mail = "env:EMAIL_${lib.toUpper name}";
groups = [ "base_member" ];
mail_disk_quota = 100*1024*1024; # mb
};
mkUserSystem = name: password_file: {
user_id = name;
member_email = mkEmail name;
password = "file:${password_file}";
# TODO: remove base_member in the future, or have
# more granular controls for emails and shit
groups = [ "base_member" "system_service" ];
mail_disk_quota = 10*1024*1024; # mb
};
mkUserAdmin = name: {
user_id = name;
member_email = mkEmail name;
groups = [ "base_member" "lldap_admin" ];
mail_disk_quota = 100*1024*1024; # mb
};
in {
imports = [
./bootstrap/lldap-state-module.nix
];
mine.lldap_provision = {
enable = true;
url = config.mine.shared.meta.lldap.url;
username = "admin";
passwordFile = config.age.secrets.lldap-admin-user-pass.path;
# username = "testusername";
# passwordFile = ./test.txt;
group_attributes = {
group_foo = {
attributeType = "STRING";
isEditable = true;
isVisible = true;
};
};
user_attributes = {
member_email = {
attributeType = "STRING";
isEditable = false;
isVisible = true;
};
mail_disk_quota = {
attributeType = "INTEGER";
};
};
groups = let
gs = [
"base_member"
"system_service"
"system_email"
];
in lib.listToAttrs (lib.forEach gs (v: lib.nameValuePair v { display_name = v; }));
users = {
# normal users
testusername = {
member_email = "env:USER1_EMAIL";
};
user1 = mkUserNormal "thief420";
# admin users
admin = mkUserAdmin "admin";
eyjhb = mkUserAdmin "eyjhb";
rasmus = mkUserAdmin "rasmus";
# system users
authelia = mkUserSystem "authelia" config.age.secrets.authelia-smtp-password.path;
wger = mkUserSystem "wger" config.age.secrets.wger-ldap-pass.path;
# bind user
bind_user = {
groups = [ "lldap_password_manager" "lldap_strict_readonly" ];
};
};
};
systemd.services.lldapsetup.environment = {
USER1_EMAIL = "eyjhbbbbbbb@fricloud.dk";
EMAIL_THIEF420 = "someemail@gmail.com";
};
}
Reference in a new issue View git blame Copy permalink