Adding taf ldap conf

2025-10-13 16:14:51 +02:00 · 2025-10-13 16:14:51 +02:00 · 960500b2d7
commit 960500b2d7
parent 6bb2c91a2f
3 changed files with 41 additions and 1 deletions
--- a/modules/server/taf/default.nix
+++ b/modules/server/taf/default.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:

 {
  mailserver = {
@ -15,6 +15,26 @@

    ldap = {
      enable = true;
+
+      uris = [ "ldaps://" ];
+      searchBase = "dc=auth,dc=lyes,dc=eu";
+      searchScope = "sub";
+
+      bind = {
+        dn = "dn=token,dc=auth,dc=lyes,dc=eu";
+        passwordFile = config.age.secrets.taf-token.path;
+      };
+
+      dovecot = {
+        userFilter = "(mail=%u)";
+        passFilter = "(mail=%u)";
+      };
+
+      postfix = {
+        filter = "(mail=%s)";
+        mailAttribute = "mail";
+        uidAttribute = "name";
+      };
    };

    extraVirtualAliases = {
@ -23,4 +43,23 @@

    certificateScheme = "acme-nginx";
  };
+
+  services.roundcube = {
+    enable = true;
+
+    hostName = "mail.lyes.eu";
+    extraConfig = ''
+      $config['smtp_host'] = "tls://taf.lyes.eu";
+      $config['smtp_port'] = 587;
+      $config['smtp_user'] = "%u";
+      $config['smtp_pass'] = "%p";
+    '';
+  };
+
+  age.secrets = {
+    taf-token = {
+      owner = "postfix";
+      file = ../../../secrets/zora/services/taf-token.age;
+    };
+  };
 }