1 { pkgs, lib, domain, domainSuffix, domainGroup }:
3 inherit (pkgs.lib) unlines;
7 , gidNumber ? uidNumber
10 , userPassword ? null # Use slappasswd -o module-load=pw-pbkdf2 -h "{PBKDF2-SHA256}"
13 , mailStorageDirectory ? null
14 , loginShell ? "/run/current-system/sw/bin/bash"
16 , mailForwardingAddress ? []
17 , mailGroupMember ? domainGroup
19 "\n" + lib.concatStringsSep "\n\n" [
21 dn: uid=${uid},ou=accounts,ou=posix,${domainSuffix}
23 objectClass: posixAccount
24 objectClass: shadowAccount
25 objectClass: PostfixBookMailAccount
26 objectClass: PostfixBookMailForward
29 mail: ${uid}@${domain}
30 mailEnabled: ${if mailEnabled then "TRUE" else "FALSE"}
31 mailGroupMember: ${mailGroupMember}''
33 ++ [ "uidNumber: ${toString uidNumber}" ]
34 ++ [ "gidNumber: ${toString gidNumber}" ]
35 ++ [ "homeDirectory: ${homeDirectory}" ]
36 ++ lib.optional (loginShell != null) "loginShell: ${loginShell}"
37 ++ lib.optional (userPassword != null) "userPassword: ${userPassword}"
38 ++ lib.optional (mailStorageDirectory != null) "mailStorageDirectory: ${mailStorageDirectory}"
39 ++ map (forward: "mailForwardingAddress: ${forward}") mailForwardingAddress
40 ++ map (alias: "mailAlias: ${alias}@${domain}") mailAlias
41 ++ lib.optional (mailAlias == []) "mailAlias:"
42 # mailAlias is required by PostfixBookMailForward
45 dn: cn=${uid},ou=groups,ou=posix,${domainSuffix}
47 objectClass: posixGroup
48 gidNumber: ${toString gidNumber}