]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/openldap/posixAccount.nix
mermet: knot: change dnssec-policy to ed25519
[sourcephile-nix.git] / hosts / mermet / openldap / posixAccount.nix
1 { pkgs, lib, domain, domainSuffix, domainGroup }:
2 let
3 inherit (pkgs.lib) unlines;
4 in
5 { uid
6 , uidNumber
7 , gidNumber ? uidNumber
8 , cn ? ""
9 , sn ? ""
10 , userPassword ? null # Use slappasswd -o module-load=pw-pbkdf2 -h "{PBKDF2-SHA256}"
11 , mailAlias ? [ ]
12 , homeDirectory ? ""
13 , mailHomeDirectory ? null
14 , mailStorageDirectory ? null
15 , loginShell ? "/run/current-system/sw/bin/bash"
16 , mailEnabled ? true
17 , mailForwardingAddress ? [ ]
18 , mailGroupMember ? domainGroup
19 , mailQuota ? null
20 }:
21 "\n" + lib.concatStringsSep "\n\n" [
22 (unlines ([
23 ''
24 dn: uid=${uid},ou=accounts,ou=posix,${domainSuffix}
25 objectClass: person
26 objectClass: posixAccount
27 objectClass: shadowAccount
28 objectClass: PostfixBookMailAccount
29 objectClass: PostfixBookMailForward
30 cn: ${cn}
31 sn: ${sn}
32 mail: ${uid}@${domain}
33 mailEnabled: ${if mailEnabled then "TRUE" else "FALSE"}
34 mailGroupMember: ${mailGroupMember}''
35 ]
36 ++ [ "uidNumber: ${toString uidNumber}" ]
37 ++ [ "gidNumber: ${toString gidNumber}" ]
38 ++ [ "homeDirectory: ${homeDirectory}" ]
39 ++ lib.optional (loginShell != null) "loginShell: ${loginShell}"
40 ++ lib.optional (userPassword != null) "userPassword: ${userPassword}"
41 ++ lib.optional (mailHomeDirectory != null) "mailHomeDirectory: ${mailHomeDirectory}"
42 ++ lib.optional (mailStorageDirectory != null) "mailStorageDirectory: ${mailStorageDirectory}"
43 ++ lib.optional (mailQuota != null) "mailQuota: ${mailQuota}"
44 ++ map (forward: "mailForwardingAddress: ${forward}") mailForwardingAddress
45 ++ map (alias: "mailAlias: ${alias}@${domain}") mailAlias
46 ++ lib.optional (mailAlias == [ ]) "mailAlias:"
47 # mailAlias is required by PostfixBookMailForward
48 ))
49 ''
50 dn: cn=${uid},ou=groups,ou=posix,${domainSuffix}
51 objectClass: top
52 objectClass: posixGroup
53 gidNumber: ${toString gidNumber}
54 memberUid: ${uid}
55 ''
56 ]