]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/openldap/posixAccount.nix
openldap: use PR#79286
[sourcephile-nix.git] / servers / mermet / openldap / posixAccount.nix
1 { pkgs, lib, domain, domainSuffix, domainGroup }:
2 let
3 inherit (pkgs.lib) unlines;
4 in
5 { uid
6 , uidNumber
7 , gidNumber ? uidNumber
8 , cn ? ""
9 , sn ? ""
10 , userPassword ? null # Use slappasswd -o module-load=pw-pbkdf2 -h "{PBKDF2-SHA256}"
11 , mailAlias ? []
12 , homeDirectory ? ""
13 , mailStorageDirectory ? null
14 , loginShell ? "/run/current-system/sw/bin/bash"
15 , mailEnabled ? true
16 , mailForwardingAddress ? []
17 }:
18 "\n" + lib.concatStringsSep "\n\n" [
19 (unlines ([ ''
20 dn: uid=${uid},ou=accounts,ou=posix,${domainSuffix}
21 objectClass: person
22 objectClass: posixAccount
23 objectClass: shadowAccount
24 objectClass: PostfixBookMailAccount
25 objectClass: PostfixBookMailForward
26 cn: ${cn}
27 sn: ${sn}
28 mail: ${uid}@${domain}
29 mailEnabled: ${if mailEnabled then "TRUE" else "FALSE"}
30 mailGroupMember: ${domainGroup}''
31 ]
32 ++ [ "uidNumber: ${toString uidNumber}" ]
33 ++ [ "gidNumber: ${toString gidNumber}" ]
34 ++ [ "homeDirectory: ${homeDirectory}" ]
35 ++ lib.optional (loginShell != null) "loginShell: ${loginShell}"
36 ++ lib.optional (userPassword != null) "userPassword: ${userPassword}"
37 ++ lib.optional (mailStorageDirectory != null) "mailStorageDirectory: ${mailStorageDirectory}"
38 ++ map (forward: "mailForwardingAddress: ${forward}") mailForwardingAddress
39 ++ map (alias: "mailAlias: ${alias}@${domain}") mailAlias
40 ++ lib.optional (mailAlias == []) "mailAlias:"
41 # mailAlias is required by PostfixBookMailForward
42 ))
43 ''
44 dn: cn=${uid},ou=groups,ou=posix,${domainSuffix}
45 objectClass: top
46 objectClass: posixGroup
47 gidNumber: ${toString gidNumber}
48 memberUid: ${uid}
49 ''
50 ]