40 lines
1.1 KiB
Nix
40 lines
1.1 KiB
Nix
{ config, ... }:
|
|
|
|
{
|
|
services.lldap = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
verbose = true;
|
|
ldap_user_email = "fricloudlldap.grief462@simplelogin.com";
|
|
ldap_base_dn = "dc=fricloud,dc=dk";
|
|
};
|
|
|
|
environment = {
|
|
# always set admin password on startup
|
|
LLDAP_LDAP_USER_PASS_FILE = config.age.secrets.lldap-admin-user-pass.path;
|
|
# only available on the newest master branch, will be enabled when a
|
|
# new version is released.
|
|
# https://github.com/lldap/lldap/issues/790
|
|
# LLDAP_FORCE_LDAP_USER_PASS_RESET = "true";
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."ldap.fricloud.dk" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/".proxyPass = "http://localhost:${builtins.toString config.services.lldap.settings.http_port}";
|
|
};
|
|
|
|
# persistent files
|
|
environment.persistence.root.directories = [
|
|
{ directory = "/var/lib/private/lldap"; mode = "0700"; }
|
|
];
|
|
|
|
# lldap user + setup secrets owner (need to add user for secrets to work)
|
|
users.users.lldap = { group = "lldap"; isSystemUser = true; };
|
|
users.groups.lldap = {};
|
|
age.secrets = {
|
|
lldap-admin-user-pass.owner = "lldap";
|
|
};
|
|
}
|