domainGroup = "sourcephile";
domainOrg = "sourcephile";
domainSuffix = "dc=" + lib.concatStringsSep ",dc=" (lib.splitString "." domain);
- posixAccount =
- { uid
- , uidNumber
- , gidNumber ? uidNumber
- , cn ? ""
- , sn ? ""
- , userPassword ? null # Use slappasswd -o module-load=pw-pbkdf2 -h "{PBKDF2-SHA256}"
- , mailAlias ? []
- , homeDirectory ? ""
- , mailStorageDirectory ? null
- , loginShell ? "/run/current-system/sw/bin/bash"
- , mailEnabled ? true
- , mailForwardingAddress ? []
- }:
- "\n" + lib.concatStringsSep "\n\n" [
- (unlines ([ ''
- dn: uid=${uid},ou=accounts,ou=posix,${domainSuffix}
- objectClass: person
- objectClass: posixAccount
- objectClass: shadowAccount
- objectClass: PostfixBookMailAccount
- objectClass: PostfixBookMailForward
- cn: ${cn}
- sn: ${sn}
- mail: ${uid}@${domain}
- mailEnabled: ${if mailEnabled then "TRUE" else "FALSE"}
- mailGroupMember: ${domainGroup}''
- ]
- ++ [ "uidNumber: ${toString uidNumber}" ]
- ++ [ "gidNumber: ${toString gidNumber}" ]
- ++ [ "homeDirectory: ${homeDirectory}" ]
- ++ lib.optional (loginShell != null) "loginShell: ${loginShell}"
- ++ lib.optional (userPassword != null) "userPassword: ${userPassword}"
- ++ lib.optional (mailStorageDirectory != null) "mailStorageDirectory: ${mailStorageDirectory}"
- ++ map (forward: "mailForwardingAddress: ${forward}") mailForwardingAddress
- ++ map (alias: "mailAlias: ${alias}@${domain}") mailAlias
- ++ lib.optional (mailAlias == []) "mailAlias:"
- # NOTE: required by PostfixBookMailForward
- ))
- ''
- dn: cn=${uid},ou=groups,ou=posix,${domainSuffix}
- objectClass: top
- objectClass: posixGroup
- gidNumber: ${toString gidNumber}
- memberUid: ${uid}
- ''
- ];
+ posixAccount = pkgs.callPackage (import ./posixAccount.nix) { inherit domain domainSuffix domainGroup; };
in
{
+users.groups."${domainGroup}" = {
+ gid = 20000;
+ members = ["julm"];
+};
# DEBUG: echo "$(nixops show-option mermet -d production services.openldap.databases."g".data)"
services.openldap.databases."${domainSuffix}" = {
# DEBUG: sudo ldapsearch -LLL -H ldapi:// -D cn=admin,cn=config -Y EXTERNAL -b 'olcDatabase={1}mdb,cn=config' -s sub
# WARNING: newlines matter
conf = ''
- dn: olcBackend=mdb,cn=config
- objectClass: olcBackendConfig
-
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
by * none
olcAccess: to dn.sub="ou=posix,${domainSuffix}"
by self read
- by dn="gidNumber=${toString groups.nslcd.gid}+uidNumber=${toString users.nslcd.uid},cn=peercred,cn=external,cn=auth" read
${lib.optionalString (hasAttr postfix.user users) ''by dn="gidNumber=${toString groups.postfix.gid}+uidNumber=${toString users.postfix.uid},cn=peercred,cn=external,cn=auth" read''}
${lib.optionalString (hasAttr dovecot2.user users) ''by dn="gidNumber=${toString groups.dovecot2.gid}+uidNumber=${toString users.dovecot2.uid},cn=peercred,cn=external,cn=auth" read''}
by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
objectClass: top
objectClass: organizationalUnit
+ ''
+/*
dn: cn=${domainGroup},ou=groups,ou=posix,${domainSuffix}
objectClass: top
objectClass: posixGroup
gidNumber: 20000
memberUid: julm
- memberUid: sevy
- ''
+ dn: cn=autogeree,ou=groups,ou=posix,${domainSuffix}
+ objectClass: top
+ objectClass: posixGroup
+ gidNumber: 20001
+ memberUid: julm
+*/
+ lib.concatMapStrings posixAccount [ rec
{ uid = "julm";
cn = "Julien Moutinho";
# bypassing IMAP because (neo)mutt support of IMAP is very bad
# (can't even have a decent $folder_format (with %n or %m) working,
# neither sorting them by date).
- "maildir:${stateDir}/mail/${d}/${uid}/mail.d:LAYOUT=maildir++:UTF-8:CONTROL=${stateDir}/control/${d}/${uid}:INDEX=${stateDir}/index/${d}/${uid}";
+ "maildir:${stateDir}/home/${d}/${uid}/mail:LAYOUT=maildir++:UTF-8:CONTROL=${stateDir}/control/${d}/${uid}:INDEX=${stateDir}/index/${d}/${uid}";
}
- #{ uid="sevy"; uidNumber=10001; cn="Séverine Popek"; sn="sévy";
- # mailAlias = ["severine.popek" "ouais-ouais"]; }
- #{ uid="nomail"; uidNumber=10002; mailAlias = ["noalias"]; mailEnabled = false; }
- #{ uid="post"; mailForwardingAddress = ["ju@${domain}"]; }
- #{ uid="host"; mailForwardingAddress = ["ju@${domain}"]; }
];
};
}
sourcephile / git / sourcephile-nix.git / blobdiff