server-configs/machines/gerd/services/lldap.nix

{ config, ... }:

{
  services.lldap = {
    enable = true;

    settings = {
      verbose = true;
      ldap_user_email = "fricloudlldap.grief462@simplelogin.com";
      ldap_base_dn = "dc=fricloud,dc=dk";
    };

    environment = {
      # always set admin password on startup
      LLDAP_LDAP_USER_PASS_FILE = config.age.secrets.lldap-admin-user-pass.path;
      # only available on the newest master branch, will be enabled when a 
      # new version is released.
      # https://github.com/lldap/lldap/issues/790
      # LLDAP_FORCE_LDAP_USER_PASS_RESET = "true";
    };
  };

  services.nginx.virtualHosts."ldap.fricloud.dk" = {
    forceSSL = true;
    enableACME = true;
    locations."/".proxyPass = "http://localhost:${builtins.toString config.services.lldap.settings.http_port}";
  };

  # persistent files
  environment.persistence.root.directories = [
    { directory = "/var/lib/private/lldap"; mode = "0700"; }
  ];

  # lldap user + setup secrets owner (need to add user for secrets to work)
  users.users.lldap = { group = "lldap"; isSystemUser = true; };
  users.groups.lldap = {};
  age.secrets = {
    lldap-admin-user-pass.owner = "lldap";
  };
}
gerd.lldap: adds ldap service 2024-08-09 19:37:40 +00:00			`{ config, ... }:`

			`{`
			`services.lldap = {`
			`enable = true;`

			`settings = {`
			`verbose = true;`
			`ldap_user_email = "fricloudlldap.grief462@simplelogin.com";`
			`ldap_base_dn = "dc=fricloud,dc=dk";`
			`};`

			`environment = {`
			`# always set admin password on startup`
gerd.lldap: renamed user-pass to admin-user-pass and added bind-user-pass 2024-08-10 17:23:17 +00:00			`LLDAP_LDAP_USER_PASS_FILE = config.age.secrets.lldap-admin-user-pass.path;`
gerd.lldap: adds ldap service 2024-08-09 19:37:40 +00:00			`# only available on the newest master branch, will be enabled when a`
			`# new version is released.`
			`# https://github.com/lldap/lldap/issues/790`
			`# LLDAP_FORCE_LDAP_USER_PASS_RESET = "true";`
			`};`
			`};`

			`services.nginx.virtualHosts."ldap.fricloud.dk" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/".proxyPass = "http://localhost:${builtins.toString config.services.lldap.settings.http_port}";`
			`};`

			`# persistent files`
			`environment.persistence.root.directories = [`
			`{ directory = "/var/lib/private/lldap"; mode = "0700"; }`
			`];`

			`# lldap user + setup secrets owner (need to add user for secrets to work)`
			`users.users.lldap = { group = "lldap"; isSystemUser = true; };`
			`users.groups.lldap = {};`
			`age.secrets = {`
gerd.lldap: renamed user-pass to admin-user-pass and added bind-user-pass 2024-08-10 17:23:17 +00:00			`lldap-admin-user-pass.owner = "lldap";`
gerd.lldap: adds ldap service 2024-08-09 19:37:40 +00:00			`};`
			`}`