fricloud/server-configs
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
server-configs/machines/gerd/services/lldap/provision.nix

68 lines
1.6 KiB
Nix
Raw Blame History

{ config, lib, ... }:
{
imports = [
./module
];
services.lldap = {
provisionUsername = "admin";
provisionPasswordFile = config.age.secrets.lldap-admin-user-pass.path;
provision = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
# users
users = {
# normal users
testusername = {
membermail = "env:EMAIL_EMAIL0";
groups = [ config.services.lldap.provision.groups.system_mail.display_name ];
};
user1 = llib.mkProvisionUserNormal "thief420";
# admin users
admin = llib.mkProvisionUserAdmin "admin";
eyjhb = llib.mkProvisionUserAdmin "eyjhb";
rasmus = llib.mkProvisionUserAdmin "rasmus";
# system users - defined in each service
# should not be done here
# bind user
bind = {
user_id = "bind_user";
groups = [ lconfig.groups.password_manager lconfig.groups.strict_readonly ];
};
};
# groups
groups = {
"base_member" = {};
"system_service" = {};
"system_mail" = {};
};
# attributes
group_attributes = {
group_foo = {
attributeType = "STRING";
isEditable = true;
isVisible = true;
};
};
user_attributes = {
membermail = {
attributeType = "STRING";
isEditable = false;
isVisible = true;
};
membermaildiskquota = {
attributeType = "INTEGER";
};
};
});
};
systemd.services.lldapsetup.serviceConfig.EnvironmentFile = config.age.secrets.lldap-user-emails-env.path;
}
Reference in a new issue View git blame Copy permalink