felschr/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(services): add lldap

Browse source
This commit is contained in:
Felix Schröter 2023-12-08 21:53:29 +01:00
parent 2978197378
commit fdc00ec4aa
Signed by: felschr
GPG key ID: 671E39E6744C807D
6 changed files with 81 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

40
services/lldap.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, ... }:
let
domain = "ldap.felschr.com";
cfg = config.services.lldap;
port = cfg.settings.http_port;
in {
age.secrets.lldap-key-seed.file = ../secrets/lldap/key-seed.age;
age.secrets.lldap-jwt.file = ../secrets/lldap/jwt.age;
age.secrets.lldap-password.file = ../secrets/lldap/password.age;
services.lldap = {
enable = true;
settings = {
http_url = "https://${domain}";
ldap_base_dn = "dc=felschr,dc=com";
};
environment = {
LLDAP_KEY_SEED = "%d/key-seed";
LLDAP_JWT_SECRET_FILE = "%d/jwt";
LLDAP_LDAP_USER_PASS_FILE = "%d/password";
};
};
systemd.services.lldap = {
serviceConfig.LoadCredential = [
"key-seed:${config.age.secrets.lldap-key-seed.path}"
"jwt:${config.age.secrets.lldap-jwt.path}"
"password:${config.age.secrets.lldap-password.path}"
];
};
services.nginx = {
virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://[::1]:${toString port}";
};
};
}