Lander Van den Bulcke
a7f742b6c8
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
49 lines
1.2 KiB
Nix
49 lines
1.2 KiB
Nix
{ config, ... }:
|
|
{
|
|
services = {
|
|
lldap = {
|
|
enable = true;
|
|
settings = {
|
|
ldap_base_dn = "dc=escapeangle,dc=com";
|
|
ldap_user_email = "lander@escapeangle.com";
|
|
database_url = "postgresql://lldap@db-01.tailnet.escapeangle.com/lldap";
|
|
};
|
|
environment = {
|
|
LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt_secret".path;
|
|
LLDAP_KEY_SEED_FILE = config.sops.secrets."lldap/key_seed".path;
|
|
LLDAP_USER_PASS_FILE = config.sops.secrets."lldap/admin_password".path;
|
|
};
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."users.escapeangle.com" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:${toString config.services.lldap.settings.http_port}";
|
|
};
|
|
};
|
|
|
|
users = {
|
|
users.lldap = {
|
|
group = "lldap";
|
|
isSystemUser = true;
|
|
};
|
|
groups.lldap = { };
|
|
};
|
|
|
|
sops.secrets = {
|
|
"lldap/jwt_secret" = {
|
|
owner = "lldap";
|
|
sopsFile = ../secrets.yaml;
|
|
};
|
|
"lldap/key_seed" = {
|
|
owner = "lldap";
|
|
sopsFile = ../secrets.yaml;
|
|
};
|
|
"lldap/admin_password" = {
|
|
owner = "lldap";
|
|
sopsFile = ../secrets.yaml;
|
|
};
|
|
};
|
|
}
|