feat: add docfast.dev to openldap and mail

2026-02-16 19:01:12 +01:00 · 2026-02-16 19:01:12 +01:00 · 473273146d
commit 473273146d
parent 7763b90d3f
2 changed files with 64 additions and 14 deletions
--- a/hosts/mail/modules/dovecot.nix
+++ b/hosts/mail/modules/dovecot.nix
@ -55,6 +55,10 @@ let
    doveadm user *@scana11y.com | while read user; do
    doveadm -v sync -u $user $SERVER
    done
+
+    doveadm user *@docfast.dev | while read user; do
+    doveadm -v sync -u $user $SERVER
+    done
  '';

  quotaWarning = pkgs.writeShellScriptBin "quota-warning.sh" ''
@ -250,7 +254,7 @@ in
  };

  users.groups.acme.members = [ "openldap" ];
-  
+
  /* trigger the actual certificate generation for your hostname */
  security.acme.certs."imap.${domain}" = {
    extraDomainNames = [
--- a/hosts/mail/modules/openldap.nix
+++ b/hosts/mail/modules/openldap.nix
@ -1,11 +1,11 @@
-{
-  pkgs,
-  config,
-  ...
+{ pkgs
+, config
+, ...
 }:
 let
  domain = config.networking.domain;
-in {
+in
+{
  services.openldap = {
    enable = true;

@ -33,7 +33,7 @@ in {
      ];

      "olcDatabase={1}mdb".attrs = {
-        objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
+        objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];

        olcDatabase = "{1}mdb";
        olcDbDirectory = "/var/lib/openldap/data";
@ -101,7 +101,7 @@ in {
      # };
      "olcDatabase={2}monitor".attrs = {
        olcDatabase = "{2}monitor";
-        objectClass = ["olcDatabaseConfig" "olcMonitorConfig"];
+        objectClass = [ "olcDatabaseConfig" "olcMonitorConfig" ];
        olcAccess = [
          ''
            {0}to *
@ -112,7 +112,7 @@ in {
      };

      "olcDatabase={4}mdb".attrs = {
-        objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
+        objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];

        olcDatabase = "{4}mdb";
        olcDbDirectory = "/var/lib/openldap/data";
@ -158,7 +158,7 @@ in {


      "olcDatabase={6}mdb".attrs = {
-        objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
+        objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];

        olcDatabase = "{6}mdb";
        olcDbDirectory = "/var/lib/openldap/data";
@ -203,7 +203,7 @@ in {
      # };

      "olcDatabase={7}mdb".attrs = {
-        objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
+        objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];

        olcDatabase = "{7}mdb";
        olcDbDirectory = "/var/lib/openldap/data";
@ -249,7 +249,7 @@ in {
      # };

      "olcDatabase={8}mdb".attrs = {
-        objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
+        objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];

        olcDatabase = "{8}mdb";
        olcDbDirectory = "/var/lib/openldap/data";
@ -285,7 +285,7 @@ in {
      };

      "olcDatabase={9}mdb".attrs = {
-        objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
+        objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];

        olcDatabase = "{9}mdb";
        olcDbDirectory = "/var/lib/openldap/data";
@ -320,6 +320,52 @@ in {
        ];
      };

+      "olcDatabase={10}mdb".attrs = {
+        objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
+
+        olcDatabase = "{10}mdb";
+        olcDbDirectory = "/var/lib/openldap/data";
+
+        olcSuffix = "dc=docfast,dc=dev";
+
+        olcAccess = [
+          ''
+            {0}to attrs=userPassword
+              by self write
+              by anonymous auth
+              by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
+              by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write
+              by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
+              by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
+              by * none
+          ''
+          ''
+            {1}to attrs=pgpPublicKey
+              by self write
+              by anonymous read
+              by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
+              by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
+              by * read
+          ''
+          ''
+            {2}to *
+              by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
+              by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
+              by * read
+          ''
+        ];
+      };
+      "olcOverlay=memberof,olcDatabase={10}mdb".attrs = {
+        objectClass = [ "olcOverlayConfig" "olcMemberOf" ];
+        olcOverlay = "memberof";
+        olcMemberOfRefint = "TRUE";
+      };
+      "olcOverlay=ppolicy,olcDatabase={10}mdb".attrs = {
+        objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ];
+        olcOverlay = "ppolicy";
+        olcPPolicyHashCleartext = "TRUE";
+      };
+
      # "cn=module{0},cn=config" = {
      #   attrs = {
      #     objectClass = "olcModuleList";
@ -537,7 +583,7 @@ in {
  };

  users.groups.acme.members = [ "openldap" ];
-  
+
  /* trigger the actual certificate generation for your hostname */
  security.acme.certs."ldap.${domain}" = {
    extraDomainNames = [