69 lines
1.7 KiB
Nix
69 lines
1.7 KiB
Nix
{ config, lib, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./module
|
|
];
|
|
|
|
services.lldap = {
|
|
provisionUsername = "admin";
|
|
provisionPasswordFile = config.age.secrets.lldap-admin-user-pass.path;
|
|
|
|
provision = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
|
|
# users
|
|
users = {
|
|
# bind user
|
|
bind = {
|
|
user_id = "bind_user";
|
|
groups = [ lconfig.groups.password_manager lconfig.groups.strict_readonly ];
|
|
};
|
|
|
|
# system users - defined in each service
|
|
# should not be done here
|
|
|
|
# admin users
|
|
admin = llib.mkProvisionUserAdmin "admin";
|
|
eyjhb = llib.mkProvisionUserAdmin "eyjhb";
|
|
rasmus = llib.mkProvisionUserAdmin "rasmus";
|
|
|
|
# normal users
|
|
user1 = llib.mkProvisionUserNormal "thief420";
|
|
testusername = (llib.mkProvisionUserNormal "testusername") // { mail = "testusername@fricloud.dk"; };
|
|
};
|
|
|
|
# groups
|
|
groups = {
|
|
"base_member" = {};
|
|
"system_service" = {};
|
|
"system_mail" = {};
|
|
"nextcloud_admin" = {};
|
|
"grafana_admin" = {};
|
|
};
|
|
|
|
# attributes
|
|
group_attributes = {
|
|
group_foo = {
|
|
attributeType = "STRING";
|
|
isEditable = true;
|
|
isVisible = true;
|
|
};
|
|
};
|
|
user_attributes = {
|
|
membermail = {
|
|
attributeType = "STRING";
|
|
isEditable = false;
|
|
isVisible = true;
|
|
};
|
|
membermaildiskquota = {
|
|
attributeType = "INTEGER";
|
|
};
|
|
nextcloudquota = {
|
|
attributeType = "INTEGER";
|
|
};
|
|
};
|
|
|
|
});
|
|
};
|
|
|
|
systemd.services.lldapsetup.serviceConfig.EnvironmentFile = config.age.secrets.lldap-user-emails-env.path;
|
|
}
|