From 960500b2d735688fcef2552c5866d1057831ec83 Mon Sep 17 00:00:00 2001
From: Lyes Saadi <dev@lyes.eu>
Date: Mon, 13 Oct 2025 16:14:51 +0200
Subject: [PATCH] Adding taf ldap conf

---
 modules/server/taf/default.nix      |  41 +++++++++++++++++++++++++++-
 secrets.nix                         |   1 +
 secrets/zora/services/taf-token.age | Bin 0 -> 733 bytes
 3 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 secrets/zora/services/taf-token.age

diff --git a/modules/server/taf/default.nix b/modules/server/taf/default.nix
index 3abc95e..ec6e4fb 100644
--- a/modules/server/taf/default.nix
+++ b/modules/server/taf/default.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 
 {
   mailserver = {
@@ -15,6 +15,26 @@
 
     ldap = {
       enable = true;
+
+      uris = [ "ldaps://" ];
+      searchBase = "dc=auth,dc=lyes,dc=eu";
+      searchScope = "sub";
+
+      bind = {
+        dn = "dn=token,dc=auth,dc=lyes,dc=eu";
+        passwordFile = config.age.secrets.taf-token.path;
+      };
+
+      dovecot = {
+        userFilter = "(mail=%u)";
+        passFilter = "(mail=%u)";
+      };
+
+      postfix = {
+        filter = "(mail=%s)";
+        mailAttribute = "mail";
+        uidAttribute = "name";
+      };
     };
 
     extraVirtualAliases = {
@@ -23,4 +43,23 @@
 
     certificateScheme = "acme-nginx";
   };
+
+  services.roundcube = {
+    enable = true;
+
+    hostName = "mail.lyes.eu";
+    extraConfig = ''
+      $config['smtp_host'] = "tls://taf.lyes.eu";
+      $config['smtp_port'] = 587;
+      $config['smtp_user'] = "%u";
+      $config['smtp_pass'] = "%p";
+    '';
+  };
+
+  age.secrets = {
+    taf-token = {
+      owner = "postfix";
+      file = ../../../secrets/zora/services/taf-token.age;
+    };
+  };
 }
diff --git a/secrets.nix b/secrets.nix
index b72bf1d..77739cc 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -12,4 +12,5 @@ in
   # Zora
   "secrets/zora/services/kanidm-admin-password.age".publicKeys = all;
   "secrets/zora/services/kanidm-idm-admin-password.age".publicKeys = all;
+  "secrets/zora/services/taf-token.age".publicKeys = all;
 }
diff --git a/secrets/zora/services/taf-token.age b/secrets/zora/services/taf-token.age
new file mode 100644
index 0000000000000000000000000000000000000000..a5ac55e9beb14d29715fed352590cc91f44b4237
GIT binary patch
literal 733
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH&nOKl2vqR&E6gl+
z^(qQ+swyjX)sFP?^GnSS3(HS(DRV0iOEQTv&rEXjEecLDD&}(2FEn=c_RTbM^()Xe
zbIl5@EcDMc%F3|x(Koe-3Qa9HF|r5@^D2!<N=COW#H}#hGhHDsEzI24+&MDSH!;b$
z+$+F1*Eb{5F~U3|%240O&mh+<BOou#G0ZU8D3B|{&rjbk)i<!p$sozsG|eC<(=;_e
zyCOLywIHpuJlQ4Ev)IEg)i9+*-+)V3S63k<r65^9C?LSJ(ksloqB6>}B*Q&QKPcVE
zyS%u_%c3CF$*;i0I6t?vFq>=9)&n+u8yptjyb*jc<;3PJ>Bn#9mV7_mzwn3HeZ`L<
zPWjt7-oM$|>u_%2S9f97kV9@AUjluSOj7p7*09F8&&fIPq^8gR+xCrz#2Xf@I+Zy4
z$f`~IuRoop(j*`r{(H`8W?S<M*LA04Z9Xzf=LoCE$*?mHbJ+i^?U_-$TB|&4ac}9;
zg)cm~8gAZHOxhtgbLU_4ndddXmw%VPzv*G}jSD%^vh~%wZ=ZExpI|NCAANd@i|mQ>
zy4~xne{z_VCq-$rPkX17(Rwf4{O>i!m8mCvjW4C8H=kdvd0w9RW^l;Cs5r)jvWBxf
zy`~gPi1R<1TrM2c8MJd!?2jc6_*@OORXhGp$mr1bI&rCRqwkg;6;og9?vv^<izmlO
z&2rS4<{8D4#_hu5(0Qx4C&`X$`ak^_vzrcc8!%3-e-iuVRWQS%1#f$QG<{gjGI_<y
zOL9(fhF`vL&(}MxlCim#b@9rVQK6~XAJ3Mo@xSB$T<T?a*q<(;2+xMlP1#S+t?cXk
zvMEhW<kbhyePS!q^*2YeCYh{n$vSjtxiZ5=ze%C2djBuXJ{e#a)u+|JjAvi>$}?9c
XA9%@R^5W`}_<xHS9GlLzb20z`V+A?r

literal 0
HcmV?d00001