Add LDAP network, disable nscd
This commit is contained in:
parent
1dad0af755
commit
675e92dd22
|
|
@ -260,14 +260,14 @@ in {
|
||||||
socketPath = "/var/run/dovecot2/old-stats";
|
socketPath = "/var/run/dovecot2/old-stats";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nscd.enable = false;
|
||||||
|
|
||||||
sssd = {
|
sssd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# FIXME: pass as config
|
# FIXME: pass as config
|
||||||
environmentFile = "/run/dovecot-secrets/sssd.env";
|
environmentFile = "/run/dovecot-secrets/sssd.env";
|
||||||
config = ''
|
config = ''
|
||||||
[nss]
|
[nss]
|
||||||
filter_users = root
|
|
||||||
filter_groups = root
|
|
||||||
reconnection_retries = 3
|
reconnection_retries = 3
|
||||||
|
|
||||||
[sssd]
|
[sssd]
|
||||||
|
|
@ -283,8 +283,6 @@ in {
|
||||||
cache_credentials = False
|
cache_credentials = False
|
||||||
id_provider = ldap
|
id_provider = ldap
|
||||||
auth_provider = ldap
|
auth_provider = ldap
|
||||||
access_provider = ldap
|
|
||||||
chpass_provider = ldap
|
|
||||||
ldap_uri = $SSSD_LDAP_SERVER
|
ldap_uri = $SSSD_LDAP_SERVER
|
||||||
|
|
||||||
ldap_schema = rfc2307bis
|
ldap_schema = rfc2307bis
|
||||||
|
|
|
||||||
|
|
@ -256,6 +256,7 @@ in {
|
||||||
external_network.internal = false;
|
external_network.internal = false;
|
||||||
internal_network.internal = true;
|
internal_network.internal = true;
|
||||||
redis_network.internal = true;
|
redis_network.internal = true;
|
||||||
|
ldap_network.internal = true;
|
||||||
};
|
};
|
||||||
services = let
|
services = let
|
||||||
antivirusPort = 15407;
|
antivirusPort = 15407;
|
||||||
|
|
@ -271,8 +272,10 @@ in {
|
||||||
service = {
|
service = {
|
||||||
networks = [
|
networks = [
|
||||||
"internal_network"
|
"internal_network"
|
||||||
# Needs access to internet to forward emails
|
# Needs access to internet to forward emails & lookup hosts
|
||||||
"external_network"
|
"external_network"
|
||||||
|
# For auth lookups
|
||||||
|
"ldap_network"
|
||||||
];
|
];
|
||||||
volumes = [
|
volumes = [
|
||||||
"${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"
|
"${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"
|
||||||
|
|
@ -332,7 +335,7 @@ in {
|
||||||
};
|
};
|
||||||
imap = {
|
imap = {
|
||||||
service = {
|
service = {
|
||||||
networks = [ "internal_network" "external_network" ];
|
networks = [ "internal_network" "ldap_network" ];
|
||||||
ports = [ "143:143" "993:993" ];
|
ports = [ "143:143" "993:993" ];
|
||||||
volumes = [
|
volumes = [
|
||||||
"${cfg.state-directory}/dovecot:/state"
|
"${cfg.state-directory}/dovecot:/state"
|
||||||
|
|
@ -380,8 +383,8 @@ in {
|
||||||
image = cfg.images.ldap-proxy;
|
image = cfg.images.ldap-proxy;
|
||||||
restart = "always";
|
restart = "always";
|
||||||
networks = [
|
networks = [
|
||||||
"internal_network"
|
"ldap_network"
|
||||||
# Needs access to external network for user lookups
|
# Needs access to external network to talk to Authentik
|
||||||
"external_network"
|
"external_network"
|
||||||
];
|
];
|
||||||
env_file = [ hostSecrets.mailLdapProxyEnv.target-file ];
|
env_file = [ hostSecrets.mailLdapProxyEnv.target-file ];
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue