posixAccount = pkgs.callPackage (import ./posixAccount.nix) { inherit domain domainSuffix domainGroup; };
in
{
+users.groups."${domainGroup}" = {
+ gid = 20000;
+ members = [users."julm".name];
+};
# DEBUG: echo "$(nixops show-option mermet -d production services.openldap.databases."g".data)"
services.openldap.databases."${domainSuffix}" = {
# DEBUG: sudo ldapsearch -LLL -H ldapi:// -D cn=admin,cn=config -Y EXTERNAL -b 'olcDatabase={1}mdb,cn=config' -s sub
# WARNING: newlines matter
conf = ''
- dn: olcBackend=mdb,cn=config
- objectClass: olcBackendConfig
-
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
by * none
olcAccess: to dn.sub="ou=posix,${domainSuffix}"
by self read
- by dn="gidNumber=${toString groups.nslcd.gid}+uidNumber=${toString users.nslcd.uid},cn=peercred,cn=external,cn=auth" read
${lib.optionalString (hasAttr postfix.user users) ''by dn="gidNumber=${toString groups.postfix.gid}+uidNumber=${toString users.postfix.uid},cn=peercred,cn=external,cn=auth" read''}
${lib.optionalString (hasAttr dovecot2.user users) ''by dn="gidNumber=${toString groups.dovecot2.gid}+uidNumber=${toString users.dovecot2.uid},cn=peercred,cn=external,cn=auth" read''}
by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
objectClass: top
objectClass: organizationalUnit
+ ''
+/*
dn: cn=${domainGroup},ou=groups,ou=posix,${domainSuffix}
objectClass: top
objectClass: posixGroup
gidNumber: 20000
memberUid: julm
- memberUid: sevy
- ''
+ dn: cn=autogeree,ou=groups,ou=posix,${domainSuffix}
+ objectClass: top
+ objectClass: posixGroup
+ gidNumber: 20001
+ memberUid: julm
+*/
+ lib.concatMapStrings posixAccount [ rec
{ uid = "julm";
cn = "Julien Moutinho";
sn = uid;
- uidNumber = users.julm.uid;
- gidNumber = groups.julm.gid;
+ uidNumber = users."julm".uid;
+ gidNumber = groups."users".gid;
mailAlias = [ "julien.moutinho" ];
userPassword = pass-chomp "members/julm/mail/hashedPassword";
+ mailHomeDirectory = "/home/${uid}/mail/${domain}";
mailStorageDirectory =
- let stateDir = "/var/lib/dovecot";
- d=domain;
- in
+ let stateDir = "/var/lib/dovecot"; in
# I'm personnaly using "maildir:" instead of "sdbox:" to be able to use a local (neo)mutt on it,
# bypassing IMAP because (neo)mutt support of IMAP is very bad
# (can't even have a decent $folder_format (with %n or %m) working,
# neither sorting them by date).
- "maildir:${stateDir}/mail/${d}/${uid}/mail.d:LAYOUT=maildir++:UTF-8:CONTROL=${stateDir}/control/${d}/${uid}:INDEX=${stateDir}/index/${d}/${uid}";
+ # WARNING: regarding the atomicity of backuping,
+ # it's not a good idea to put the mails
+ # and the index/control on different ZFS datasets like here.
+ "maildir:/home/${uid}/mail/${domain}/mail:LAYOUT=maildir++:UTF-8:CONTROL=${stateDir}/control/${domain}/${uid}:INDEX=${stateDir}/index/${domain}/${uid}";
}
- #{ uid="sevy"; uidNumber=10001; cn="Séverine Popek"; sn="sévy";
- # mailAlias = ["severine.popek" "ouais-ouais"]; }
- #{ uid="nomail"; uidNumber=10002; mailAlias = ["noalias"]; mailEnabled = false; }
- #{ uid="post"; mailForwardingAddress = ["ju@${domain}"]; }
- #{ uid="host"; mailForwardingAddress = ["ju@${domain}"]; }
];
};
}
sourcephile / git / sourcephile-nix.git / blobdiff