sourcephile / git / sourcephile-nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
nix: comment .envrc
[sourcephile-nix.git] / servers / mermet / openldap / sourcephile.fr.nix
diff --git a/servers/mermet/openldap/sourcephile.fr.nix b/servers/mermet/openldap/sourcephile.fr.nix
index 49caec9674b6391e2d1ab800aabcdb89ac9e25b3..7bfc857bbca10f2fb27c193bb06598bd491f49da 100644 (file)
--- a/servers/mermet/openldap/sourcephile.fr.nix
+++ b/servers/mermet/openldap/sourcephile.fr.nix
@@ -15,7 +15,7 @@ in
 {
 users.groups."${domainGroup}" = {
   gid = 20000;
-  members = ["julm"];
+  members = [users."julm".name];
 };
 # DEBUG: echo "$(nixops show-option mermet -d production services.openldap.databases."g".data)"
 services.openldap.databases."${domainSuffix}" = {
@@ -56,7 +56,6 @@ services.openldap.databases."${domainSuffix}" = {
       by * none
     olcAccess: to dn.sub="ou=posix,${domainSuffix}"
       by self read
-      by dn="gidNumber=${toString groups.nslcd.gid}+uidNumber=${toString users.nslcd.uid},cn=peercred,cn=external,cn=auth" read
       ${lib.optionalString (hasAttr postfix.user users) ''by dn="gidNumber=${toString groups.postfix.gid}+uidNumber=${toString users.postfix.uid},cn=peercred,cn=external,cn=auth" read''}
       ${lib.optionalString (hasAttr dovecot2.user users) ''by dn="gidNumber=${toString groups.dovecot2.gid}+uidNumber=${toString users.dovecot2.uid},cn=peercred,cn=external,cn=auth" read''}
       by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
@@ -108,19 +107,21 @@ services.openldap.databases."${domainSuffix}" = {
     { uid = "julm";
       cn = "Julien Moutinho";
       sn = uid;
-      uidNumber = users.julm.uid;
-      gidNumber = groups.julm.gid;
+      uidNumber = users."julm".uid;
+      gidNumber = groups."users".gid;
       mailAlias = [ "julien.moutinho" ];
       userPassword = pass-chomp "members/julm/mail/hashedPassword";
+      mailHomeDirectory = "/home/${uid}/mail/${domain}";
       mailStorageDirectory =
-        let stateDir = "/var/lib/dovecot";
-            d=domain;
-        in
+        let stateDir = "/var/lib/dovecot"; in
         # I'm personnaly using "maildir:" instead of "sdbox:" to be able to use a local (neo)mutt on it,
         # bypassing IMAP because (neo)mutt support of IMAP is very bad
         # (can't even have a decent $folder_format (with %n or %m) working,
         # neither sorting them by date).
-        "maildir:${stateDir}/home/${d}/${uid}/mail:LAYOUT=maildir++:UTF-8:CONTROL=${stateDir}/control/${d}/${uid}:INDEX=${stateDir}/index/${d}/${uid}";
+        # WARNING: regarding the atomicity of backuping,
+        # it's not a good idea to put the mails
+        # and the index/control on different ZFS datasets like here.
+        "maildir:/home/${uid}/mail/${domain}/mail:LAYOUT=maildir++:UTF-8:CONTROL=${stateDir}/control/${domain}/${uid}:INDEX=${stateDir}/index/${domain}/${uid}";
     }
   ];
 };
NixOS configurations for Sourcephile's infrastructure