mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-10 04:49:19 -08:00
111 lines
2.8 KiB
Nix
111 lines
2.8 KiB
Nix
{
|
|
config,
|
|
gensokyo-zone,
|
|
lib,
|
|
...
|
|
}: let
|
|
inherit (gensokyo-zone.lib) userIs mkAlmostOptionDefault;
|
|
inherit (lib.modules) mkMerge mkDefault;
|
|
inherit (lib.attrsets) mapAttrs filterAttrs;
|
|
ldapUsers = filterAttrs (_: userIs "peeps") config.users.users;
|
|
ldapGroups = filterAttrs (_: group: group.gid != null && group.gid >= 8000 && group.gid < 8256) config.users.groups;
|
|
management = {
|
|
users =
|
|
mapAttrs (name: user: {
|
|
user.name = mkAlmostOptionDefault name;
|
|
samba = {
|
|
enable = mkDefault true;
|
|
sync.enable = mkDefault true;
|
|
accountFlags = {
|
|
noPasswordExpiry = mkDefault true;
|
|
};
|
|
};
|
|
})
|
|
ldapUsers;
|
|
groups =
|
|
mapAttrs (name: group: {
|
|
group.name = mkAlmostOptionDefault name;
|
|
samba.enable = mkDefault true;
|
|
})
|
|
ldapGroups;
|
|
};
|
|
in {
|
|
config.users.ldap = {
|
|
management = mkMerge [
|
|
management
|
|
{
|
|
users = {
|
|
guest.user.enable = true;
|
|
admin = {
|
|
user.enable = true;
|
|
samba.enable = true;
|
|
};
|
|
opl = {
|
|
user.enable = true;
|
|
samba = {
|
|
enable = true;
|
|
#sync.enable = true;
|
|
accountFlags = {
|
|
noPasswordExpiry = mkDefault true;
|
|
normalUser = true;
|
|
};
|
|
};
|
|
object.settings.settings = {
|
|
sambaNTPassword = "F7C2C5D78C24EACB73550B02BF5888E3";
|
|
sambaLMPassword = "A5C96CDE7660B20BAAD3B435B51404EE";
|
|
};
|
|
};
|
|
};
|
|
groups = {
|
|
nogroup = {
|
|
group.enable = true;
|
|
samba.enable = true;
|
|
};
|
|
guest = {
|
|
samba = {
|
|
enable = true;
|
|
groupType = 4;
|
|
sid = "S-1-5-32-546";
|
|
};
|
|
};
|
|
admin = {
|
|
group.enable = true;
|
|
samba.enable = true;
|
|
};
|
|
kyuuto-peeps = {
|
|
group.enable = true;
|
|
samba.enable = true;
|
|
};
|
|
kyuuto = {
|
|
group.enable = true;
|
|
samba.enable = true;
|
|
};
|
|
peeps = {
|
|
group.enable = true;
|
|
samba.enable = true;
|
|
};
|
|
admins = {
|
|
samba = {
|
|
enable = true;
|
|
#sync.enable = true;
|
|
groupType = 4;
|
|
sid = "S-1-5-32-544";
|
|
};
|
|
};
|
|
smb = {
|
|
name = "Default SMB Group";
|
|
samba = {
|
|
enable = true;
|
|
#sync.enable = true;
|
|
groupType = 4;
|
|
sid = "S-1-5-32-545";
|
|
};
|
|
};
|
|
};
|
|
objects = {
|
|
# TODO: ipa hostname krb5 aliases should be populated here!!!
|
|
};
|
|
}
|
|
];
|
|
};
|
|
}
|