3 files changed, 0 insertions, 347 deletions
diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix
deleted file mode 100644
index d35aca0..0000000
--- a/modules/private/databases/openldap/default.nix
+++ /dev/null
@@ -1,147 +0,0 @@
-{ lib, pkgs, config, ... }:
-let
-  cfg = config.myServices.databases.openldap;
-  ldapConfig = let
-    eldiron_schemas = pkgs.callPackage ./eldiron_schemas.nix {};
-  in ''
-    ${eldiron_schemas}
-    pidfile         ${cfg.pids.pid}
-    argsfile        ${cfg.pids.args}
-    moduleload      back_hdb
-    backend         hdb
-    TLSCertificateFile    ${config.security.acme.certs.ldap.directory}/cert.pem
-    TLSCertificateKeyFile ${config.security.acme.certs.ldap.directory}/key.pem
-    TLSCACertificateFile  ${config.security.acme.certs.ldap.directory}/fullchain.pem
-    TLSCACertificatePath  ${pkgs.cacert.unbundled}/etc/ssl/certs/
-    #This makes openldap crash
-    #TLSCipherSuite        DEFAULT
-    sasl-host kerberos.immae.eu
-    '';
-in
-{
-  options.myServices.databases = {
-    openldap = {
-      enable = lib.mkOption {
-        default = false;
-        example = true;
-        description = "Whether to enable ldap";
-        type = lib.types.bool;
-      };
-      baseDn = lib.mkOption {
-        type = lib.types.str;
-        description = ''
-          Base DN for LDAP
-        '';
-      };
-      rootDn = lib.mkOption {
-        type = lib.types.str;
-        description = ''
-          Root DN
-        '';
-      };
-      rootPw = lib.mkOption {
-        type = lib.types.str;
-        description = ''
-          Root (Hashed) password
-        '';
-      };
-      accessFile = lib.mkOption {
-        type = lib.types.path;
-        description = ''
-          The file path that defines the access
-        '';
-      };
-      dataDir = lib.mkOption {
-        type = lib.types.path;
-        default = "/var/lib/openldap";
-        description = ''
-          The directory where Openldap stores its data.
-        '';
-      };
-      socketsDir = lib.mkOption {
-        type = lib.types.path;
-        default = "/run/slapd";
-        description = ''
-          The directory where Openldap puts sockets and pid files.
-          '';
-      };
-      # Output variables
-      pids = lib.mkOption {
-        type = lib.types.attrsOf lib.types.path;
-        default = {
-          pid  = "${cfg.socketsDir}/slapd.pid";
-          args = "${cfg.socketsDir}/slapd.args";
-        };
-        readOnly = true;
-        description = ''
-          Slapd pid files
-          '';
-      };
-    };
-  };
-  config = lib.mkIf cfg.enable {
-    secrets.keys = {
-       "ldap/password" = {
-        permissions = "0400";
-        user = "openldap";
-        group = "openldap";
-        text = "rootpw          ${cfg.rootPw}";
-      };
-      "ldap/access" = {
-        permissions = "0400";
-        user = "openldap";
-        group = "openldap";
-        text = builtins.readFile cfg.accessFile;
-      };
-      "ldap" = {
-        permissions = "0500";
-        user = "openldap";
-        group = "openldap";
-        isDir = true;
-      };
-    };
-    users.users.openldap.extraGroups = [ "keys" ];
-    networking.firewall.allowedTCPPorts = [ 636 389 ];
-    security.acme.certs."ldap" = config.myServices.databasesCerts // {
-      user = "openldap";
-      group = "openldap";
-      domain = "ldap.immae.eu";
-      postRun = ''
-        systemctl restart openldap.service
-      '';
-    };
-    services.filesWatcher.openldap = {
-      restart = true;
-      paths = [ config.secrets.fullPaths."ldap" ];
-    };
-    services.openldap = {
-      enable = true;
-      dataDir = cfg.dataDir;
-      urlList = [ "ldap://" "ldaps://" ];
-      logLevel = "none";
-      extraConfig = ldapConfig;
-      extraDatabaseConfig = ''
-        moduleload      memberof
-        overlay         memberof
-        moduleload      syncprov
-        overlay         syncprov
-        syncprov-checkpoint 100 10
-        include ${config.secrets.fullPaths."ldap/access"}
-        '';
-      rootpwFile = config.secrets.fullPaths."ldap/password";
-      suffix = cfg.baseDn;
-      rootdn = cfg.rootDn;
-      database = "hdb";
-    };
-  };
-}
diff --git a/modules/private/databases/openldap/eldiron_schemas.nix b/modules/private/databases/openldap/eldiron_schemas.nix
deleted file mode 100644
index cf45ebe..0000000
--- a/modules/private/databases/openldap/eldiron_schemas.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ fetchurl, openldap }:
-let
-  kerberosSchema = fetchurl {
-    url = "https://raw.githubusercontent.com/krb5/krb5/0bdd3b8058ed4ec9acc050e316bea86f6830b15f/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema";
-    sha256 = "17fnkkf6s3lznsl7wp6914pqsc78d038rh38l638big8z608ksww";
-  };
-  puppetSchema = fetchurl {
-    url = "https://raw.githubusercontent.com/puppetlabs/puppet/bf7c108825ffdb5ea89cf3e500d55d27ab64b8d2/ext/ldap/puppet.schema";
-    sha256 = "11bjf5zfvqlim7p9vddcafs0wiq3v8ys77x8h6fbp9c6bdfh0awh";
-  };
-  schemas = [
-    #"${openldap}/etc/schema/core.schema"
-    #"${openldap}/etc/schema/cosine.schema"
-    #"${openldap}/etc/schema/inetorgperson.schema"
-    #"${openldap}/etc/schema/nis.schema"
-    puppetSchema
-    kerberosSchema
-    ./immae.schema
-  ];
-in
-  builtins.concatStringsSep "\n" (map (v: "include         ${v}") schemas)
diff --git a/modules/private/databases/openldap/immae.schema b/modules/private/databases/openldap/immae.schema
deleted file mode 100644
index d2ef972..0000000
--- a/modules/private/databases/openldap/immae.schema
+++ /dev/null
@@ -1,179 +0,0 @@
-# vim: set filetype=slapd:
-objectIdentifier Immaeroot 1.3.6.1.4.1.50071
-objectIdentifier Immae Immaeroot:2
-objectIdentifier ImmaeattributeType Immae:3
-objectIdentifier ImmaeobjectClass Immae:4
-# TT-RSS
-attributetype ( ImmaeattributeType:1 NAME 'immaeTtrssLogin'
-        DESC 'login for TTRSS'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-objectclass ( ImmaeobjectClass:1 NAME 'immaeTtrssClass'
-        DESC 'Expansion of the existing object classes for ttrss'
-        SUP top AUXILIARY
-        MUST ( immaeTtrssLogin ) )
-# FTP
-attributetype ( ImmaeattributeType:2 NAME 'immaeFtpDirectory'
-        DESC 'home directory for ftp'
-        EQUALITY caseExactIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-attributetype ( ImmaeattributeType:3 NAME 'immaeFtpUid'
-        DESC 'user id for ftp'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( ImmaeattributeType:4 NAME 'immaeFtpGid'
-        DESC 'group id for ftp'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-objectclass ( ImmaeobjectClass:2 NAME 'immaeFtpClass'
-        DESC 'Expansion of the existing object classes for ftp'
-        SUP top AUXILIARY
-        MUST ( immaeFtpDirectory $ immaeFtpGid $ immaeFtpUid ) )
-# SSH keys
-attributetype ( ImmaeattributeType:5 NAME 'immaeSshKey'
-        DESC 'OpenSSH Public key'
-        EQUALITY octetStringMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-objectClass ( ImmaeobjectClass:3 NAME 'immaeSshClass'
-        DESC 'OpenSSH class'
-        SUP top AUXILIARY
-        MAy ( immaeSSHKey ) )
-# Specific access
-attributetype (ImmaeattributeType:6 NAME 'immaeAccessDn'
-        EQUALITY distinguishedNameMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-attributetype (ImmaeattributeType:17 NAME 'immaeAccessWriteDn'
-        EQUALITY distinguishedNameMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-attributetype (ImmaeattributeType:18 NAME 'immaeAccessReadSubtree'
-        EQUALITY distinguishedNameMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-objectClass ( ImmaeobjectClass:4 NAME 'immaeAccessClass'
-        DESC 'Access class'
-        SUP top AUXILIARY
-        MAY ( immaeAccessDn $ immaeAccessWriteDn $ immaeAccessReadSubtree ) )
-# Xmpp uid
-attributetype ( ImmaeattributeType:7 NAME 'immaeXmppUid'
-        DESC 'user part for Xmpp'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-objectclass ( ImmaeobjectClass:5 NAME 'immaeXmppClass'
-        DESC 'Expansion of the existing object classes for XMPP'
-        SUP top AUXILIARY
-        MUST ( immaeXmppUid ) )
-# Postfix accounts
-attributetype ( ImmaeattributeType:8 NAME 'immaePostfixAddress'
-        DESC 'the dovecot address to match as username'
-        EQUALITY caseIgnoreIA5Match
-        SUBSTR caseIgnoreIA5SubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-attributetype ( ImmaeattributeType:9 NAME 'immaePostfixHome'
-        DESC 'the postfix home directory'
-        EQUALITY caseExactIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-attributetype ( ImmaeattributeType:10 NAME 'immaePostfixMail'
-        DESC 'the dovecot mail location'
-        EQUALITY caseExactIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-attributetype ( ImmaeattributeType:11 NAME 'immaePostfixUid'
-        DESC 'the dovecot uid'
-        EQUALITY caseExactIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-attributetype ( ImmaeattributeType:12 NAME 'immaePostfixGid'
-        DESC 'the dovecot gid'
-        EQUALITY caseExactIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-objectclass ( ImmaeobjectClass:6 NAME 'immaePostfixClass'
-        DESC 'Expansion of the existing object classes for Postfix'
-        SUP top AUXILIARY
-        MUST ( immaePostfixAddress $ immaePostfixHome $
-          immaePostfixMail $ immaePostfixUid $ immaePostfixGid )
-        )
-# Tinc informations
-# Domaine = une classe a part ou une partie du dn ?
-# attributetype ( ImmaeattributeType:13 NAME 'immaeTincIpSegment'
-#         DESC 'the internal ip segment in tinc'
-#         EQUALITY caseIgnoreIA5Match
-#         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-# 
-# attributetype ( ImmaeattributeType:14 NAME 'immaeTincSubdomain'
-#         DESC 'the host subdomain'
-#         EQUALITY caseIgnoreIA5Match
-#         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-# 
-# attributetype ( ImmaeattributeType:15 NAME 'immaeTincHostname'
-#         DESC 'the host name'
-#         EQUALITY caseIgnoreIA5Match
-#         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-# 
-# objectclass ( ImmaeobjectClass:7 NAME 'immaeTincHostClass'
-#       DESC 'Expansion of the existing object classes for Tinc'
-#       SUP top AUXILIARY
-#       MUST ( immaeTincInternalIp $ immaeTincSubdomain $
-#         immaeTincHostname )
-#         )
-attributetype (ImmaeattributeType:16 NAME 'immaePuppetJson'
-        DESC 'Puppet hiera json'
-        EQUALITY octetStringMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-objectclass ( ImmaeobjectClass:8 NAME 'immaePuppetClass'
-        DESC 'Expansion of the existing object classes for Puppet'
-        SUP top AUXILIARY
-        MUST ( immaePuppetJson )
-        )
-attributetype (ImmaeattributeType:19 NAME 'immaeTaskId'
-        DESC 'Taskwarrior server Org:Name:Key'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-objectclass ( ImmaeobjectClass:9 NAME 'immaeTaskClass'
-        DESC 'Expansion of the existing object classes for Task'
-        SUP top AUXILIARY
-        MUST ( immaeTaskId )
-        )
-# Peertube uid
-attributetype ( ImmaeattributeType:20 NAME 'immaePeertubeId'
-        DESC 'login for Peertube'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-objectclass ( ImmaeobjectClass:10 NAME 'immaePeertubeClass'
-        DESC 'Expansion of the existing object classes for peertube'
-        SUP top AUXILIARY
-        MUST ( immaePeertubeId ) )
-# Last:
-# attributetype ( ImmaeattributeType:20 NAME 'immaePeertubeId'
-# objectclass ( ImmaeobjectClass:10 NAME 'immaePeertubeClass'

diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix deleted file mode 100644 index d35aca0..0000000 --- a/modules/private/databases/openldap/default.nix +++ /dev/null
@@ -1,147 +0,0 @@
1	{ lib, pkgs, config, ... }:
2	let
3	cfg = config.myServices.databases.openldap;
4	ldapConfig = let
5	eldiron_schemas = pkgs.callPackage ./eldiron_schemas.nix {};
6	in ''
7	${eldiron_schemas}
8
9	pidfile ${cfg.pids.pid}
10	argsfile ${cfg.pids.args}
11
12	moduleload back_hdb
13	backend hdb
14
15	TLSCertificateFile ${config.security.acme.certs.ldap.directory}/cert.pem
16	TLSCertificateKeyFile ${config.security.acme.certs.ldap.directory}/key.pem
17	TLSCACertificateFile ${config.security.acme.certs.ldap.directory}/fullchain.pem
18	TLSCACertificatePath ${pkgs.cacert.unbundled}/etc/ssl/certs/
19	#This makes openldap crash
20	#TLSCipherSuite DEFAULT
21
22	sasl-host kerberos.immae.eu
23	'';
24	in
25	{
26	options.myServices.databases = {
27	openldap = {
28	enable = lib.mkOption {
29	default = false;
30	example = true;
31	description = "Whether to enable ldap";
32	type = lib.types.bool;
33	};
34	baseDn = lib.mkOption {
35	type = lib.types.str;
36	description = ''
37	Base DN for LDAP
38	'';
39	};
40	rootDn = lib.mkOption {
41	type = lib.types.str;
42	description = ''
43	Root DN
44	'';
45	};
46	rootPw = lib.mkOption {
47	type = lib.types.str;
48	description = ''
49	Root (Hashed) password
50	'';
51	};
52	accessFile = lib.mkOption {
53	type = lib.types.path;
54	description = ''
55	The file path that defines the access
56	'';
57	};
58	dataDir = lib.mkOption {
59	type = lib.types.path;
60	default = "/var/lib/openldap";
61	description = ''
62	The directory where Openldap stores its data.
63	'';
64	};
65	socketsDir = lib.mkOption {
66	type = lib.types.path;
67	default = "/run/slapd";
68	description = ''
69	The directory where Openldap puts sockets and pid files.
70	'';
71	};
72	# Output variables
73	pids = lib.mkOption {
74	type = lib.types.attrsOf lib.types.path;
75	default = {
76	pid = "${cfg.socketsDir}/slapd.pid";
77	args = "${cfg.socketsDir}/slapd.args";
78	};
79	readOnly = true;
80	description = ''
81	Slapd pid files
82	'';
83	};
84	};
85	};
86
87	config = lib.mkIf cfg.enable {
88	secrets.keys = {
89	"ldap/password" = {
90	permissions = "0400";
91	user = "openldap";
92	group = "openldap";
93	text = "rootpw ${cfg.rootPw}";
94	};
95	"ldap/access" = {
96	permissions = "0400";
97	user = "openldap";
98	group = "openldap";
99	text = builtins.readFile cfg.accessFile;
100	};
101	"ldap" = {
102	permissions = "0500";
103	user = "openldap";
104	group = "openldap";
105	isDir = true;
106	};
107	};
108	users.users.openldap.extraGroups = [ "keys" ];
109	networking.firewall.allowedTCPPorts = [ 636 389 ];
110
111	security.acme.certs."ldap" = config.myServices.databasesCerts // {
112	user = "openldap";
113	group = "openldap";
114	domain = "ldap.immae.eu";
115	postRun = ''
116	systemctl restart openldap.service
117	'';
118	};
119
120	services.filesWatcher.openldap = {
121	restart = true;
122	paths = [ config.secrets.fullPaths."ldap" ];
123	};
124
125	services.openldap = {
126	enable = true;
127	dataDir = cfg.dataDir;
128	urlList = [ "ldap://" "ldaps://" ];
129	logLevel = "none";
130	extraConfig = ldapConfig;
131	extraDatabaseConfig = ''
132	moduleload memberof
133	overlay memberof
134
135	moduleload syncprov
136	overlay syncprov
137	syncprov-checkpoint 100 10
138
139	include ${config.secrets.fullPaths."ldap/access"}
140	'';
141	rootpwFile = config.secrets.fullPaths."ldap/password";
142	suffix = cfg.baseDn;
143	rootdn = cfg.rootDn;
144	database = "hdb";
145	};
146	};
147	}


diff --git a/modules/private/databases/openldap/eldiron_schemas.nix b/modules/private/databases/openldap/eldiron_schemas.nix deleted file mode 100644 index cf45ebe..0000000 --- a/modules/private/databases/openldap/eldiron_schemas.nix +++ /dev/null
@@ -1,21 +0,0 @@
1	{ fetchurl, openldap }:
2	let
3	kerberosSchema = fetchurl {
4	url = "https://raw.githubusercontent.com/krb5/krb5/0bdd3b8058ed4ec9acc050e316bea86f6830b15f/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema";
5	sha256 = "17fnkkf6s3lznsl7wp6914pqsc78d038rh38l638big8z608ksww";
6	};
7	puppetSchema = fetchurl {
8	url = "https://raw.githubusercontent.com/puppetlabs/puppet/bf7c108825ffdb5ea89cf3e500d55d27ab64b8d2/ext/ldap/puppet.schema";
9	sha256 = "11bjf5zfvqlim7p9vddcafs0wiq3v8ys77x8h6fbp9c6bdfh0awh";
10	};
11	schemas = [
12	#"${openldap}/etc/schema/core.schema"
13	#"${openldap}/etc/schema/cosine.schema"
14	#"${openldap}/etc/schema/inetorgperson.schema"
15	#"${openldap}/etc/schema/nis.schema"
16	puppetSchema
17	kerberosSchema
18	./immae.schema
19	];
20	in
21	builtins.concatStringsSep "\n" (map (v: "include ${v}") schemas)


diff --git a/modules/private/databases/openldap/immae.schema b/modules/private/databases/openldap/immae.schema deleted file mode 100644 index d2ef972..0000000 --- a/modules/private/databases/openldap/immae.schema +++ /dev/null
@@ -1,179 +0,0 @@
1	# vim: set filetype=slapd:
2	objectIdentifier Immaeroot 1.3.6.1.4.1.50071
3
4	objectIdentifier Immae Immaeroot:2
5	objectIdentifier ImmaeattributeType Immae:3
6	objectIdentifier ImmaeobjectClass Immae:4
7
8	# TT-RSS
9	attributetype ( ImmaeattributeType:1 NAME 'immaeTtrssLogin'
10	DESC 'login for TTRSS'
11	EQUALITY caseIgnoreMatch
12	SUBSTR caseIgnoreSubstringsMatch
13	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
14
15	objectclass ( ImmaeobjectClass:1 NAME 'immaeTtrssClass'
16	DESC 'Expansion of the existing object classes for ttrss'
17	SUP top AUXILIARY
18	MUST ( immaeTtrssLogin ) )
19
20	# FTP
21	attributetype ( ImmaeattributeType:2 NAME 'immaeFtpDirectory'
22	DESC 'home directory for ftp'
23	EQUALITY caseExactIA5Match
24	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
25
26	attributetype ( ImmaeattributeType:3 NAME 'immaeFtpUid'
27	DESC 'user id for ftp'
28	EQUALITY integerMatch
29	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
30
31	attributetype ( ImmaeattributeType:4 NAME 'immaeFtpGid'
32	DESC 'group id for ftp'
33	EQUALITY integerMatch
34	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
35
36	objectclass ( ImmaeobjectClass:2 NAME 'immaeFtpClass'
37	DESC 'Expansion of the existing object classes for ftp'
38	SUP top AUXILIARY
39	MUST ( immaeFtpDirectory $ immaeFtpGid $ immaeFtpUid ) )
40
41
42	# SSH keys
43	attributetype ( ImmaeattributeType:5 NAME 'immaeSshKey'
44	DESC 'OpenSSH Public key'
45	EQUALITY octetStringMatch
46	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
47
48	objectClass ( ImmaeobjectClass:3 NAME 'immaeSshClass'
49	DESC 'OpenSSH class'
50	SUP top AUXILIARY
51	MAy ( immaeSSHKey ) )
52
53	# Specific access
54	attributetype (ImmaeattributeType:6 NAME 'immaeAccessDn'
55	EQUALITY distinguishedNameMatch
56	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
57
58	attributetype (ImmaeattributeType:17 NAME 'immaeAccessWriteDn'
59	EQUALITY distinguishedNameMatch
60	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
61
62	attributetype (ImmaeattributeType:18 NAME 'immaeAccessReadSubtree'
63	EQUALITY distinguishedNameMatch
64	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
65
66	objectClass ( ImmaeobjectClass:4 NAME 'immaeAccessClass'
67	DESC 'Access class'
68	SUP top AUXILIARY
69	MAY ( immaeAccessDn $ immaeAccessWriteDn $ immaeAccessReadSubtree ) )
70
71	# Xmpp uid
72	attributetype ( ImmaeattributeType:7 NAME 'immaeXmppUid'
73	DESC 'user part for Xmpp'
74	EQUALITY caseIgnoreMatch
75	SUBSTR caseIgnoreSubstringsMatch
76	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
77
78	objectclass ( ImmaeobjectClass:5 NAME 'immaeXmppClass'
79	DESC 'Expansion of the existing object classes for XMPP'
80	SUP top AUXILIARY
81	MUST ( immaeXmppUid ) )
82
83	# Postfix accounts
84	attributetype ( ImmaeattributeType:8 NAME 'immaePostfixAddress'
85	DESC 'the dovecot address to match as username'
86	EQUALITY caseIgnoreIA5Match
87	SUBSTR caseIgnoreIA5SubstringsMatch
88	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
89
90	attributetype ( ImmaeattributeType:9 NAME 'immaePostfixHome'
91	DESC 'the postfix home directory'
92	EQUALITY caseExactIA5Match
93	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
94
95	attributetype ( ImmaeattributeType:10 NAME 'immaePostfixMail'
96	DESC 'the dovecot mail location'
97	EQUALITY caseExactIA5Match
98	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
99
100	attributetype ( ImmaeattributeType:11 NAME 'immaePostfixUid'
101	DESC 'the dovecot uid'
102	EQUALITY caseExactIA5Match
103	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
104
105	attributetype ( ImmaeattributeType:12 NAME 'immaePostfixGid'
106	DESC 'the dovecot gid'
107	EQUALITY caseExactIA5Match
108	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
109
110	objectclass ( ImmaeobjectClass:6 NAME 'immaePostfixClass'
111	DESC 'Expansion of the existing object classes for Postfix'
112	SUP top AUXILIARY
113	MUST ( immaePostfixAddress $ immaePostfixHome $
114	immaePostfixMail $ immaePostfixUid $ immaePostfixGid )
115	)
116
117	# Tinc informations
118	# Domaine = une classe a part ou une partie du dn ?
119	# attributetype ( ImmaeattributeType:13 NAME 'immaeTincIpSegment'
120	# DESC 'the internal ip segment in tinc'
121	# EQUALITY caseIgnoreIA5Match
122	# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
123	#
124	# attributetype ( ImmaeattributeType:14 NAME 'immaeTincSubdomain'
125	# DESC 'the host subdomain'
126	# EQUALITY caseIgnoreIA5Match
127	# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
128	#
129	# attributetype ( ImmaeattributeType:15 NAME 'immaeTincHostname'
130	# DESC 'the host name'
131	# EQUALITY caseIgnoreIA5Match
132	# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
133	#
134	# objectclass ( ImmaeobjectClass:7 NAME 'immaeTincHostClass'
135	# DESC 'Expansion of the existing object classes for Tinc'
136	# SUP top AUXILIARY
137	# MUST ( immaeTincInternalIp $ immaeTincSubdomain $
138	# immaeTincHostname )
139	# )
140
141	attributetype (ImmaeattributeType:16 NAME 'immaePuppetJson'
142	DESC 'Puppet hiera json'
143	EQUALITY octetStringMatch
144	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
145
146	objectclass ( ImmaeobjectClass:8 NAME 'immaePuppetClass'
147	DESC 'Expansion of the existing object classes for Puppet'
148	SUP top AUXILIARY
149	MUST ( immaePuppetJson )
150	)
151
152	attributetype (ImmaeattributeType:19 NAME 'immaeTaskId'
153	DESC 'Taskwarrior server Org:Name:Key'
154	EQUALITY caseIgnoreMatch
155	SUBSTR caseIgnoreSubstringsMatch
156	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
157
158	objectclass ( ImmaeobjectClass:9 NAME 'immaeTaskClass'
159	DESC 'Expansion of the existing object classes for Task'
160	SUP top AUXILIARY
161	MUST ( immaeTaskId )
162	)
163
164	# Peertube uid
165	attributetype ( ImmaeattributeType:20 NAME 'immaePeertubeId'
166	DESC 'login for Peertube'
167	EQUALITY caseIgnoreMatch
168	SUBSTR caseIgnoreSubstringsMatch
169	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
170
171	objectclass ( ImmaeobjectClass:10 NAME 'immaePeertubeClass'
172	DESC 'Expansion of the existing object classes for peertube'
173	SUP top AUXILIARY
174	MUST ( immaePeertubeId ) )
175
176
177	# Last:
178	# attributetype ( ImmaeattributeType:20 NAME 'immaePeertubeId'
179	# objectclass ( ImmaeobjectClass:10 NAME 'immaePeertubeClass'