hosts/weird-row-server/lldap.nix at main · wiro.world/dotfiles

wiro.world / dotfiles

yep, more dotfiles

dotfiles / hosts / weird-row-server / lldap.nix

at main 1.0 kB view raw

 1{ config
 2, ...
 3}:
 4
 5let
 6  lldap-port = 3007;
 7  lldap-hostname = "ldap.net.wiro.world";
 8in
 9{
10  config = {
11    age.secrets.lldap-env.file = secrets/lldap-env.age;
12    users.users.lldap = { isSystemUser = true; group = "lldap"; };
13    users.groups.lldap = { };
14    age.secrets.lldap-user-pass = { file = secrets/lldap-user-pass.age; owner = "lldap"; };
15    services.lldap = {
16      enable = true;
17
18      silenceForceUserPassResetWarning = true;
19
20      settings = {
21        http_url = "https://${lldap-hostname}";
22        http_port = lldap-port;
23
24        ldap_user_pass_file = config.age.secrets.lldap-user-pass.path;
25        force_ldap_user_pass_reset = false;
26
27        ldap_base_dn = "dc=wiro,dc=world";
28      };
29      environmentFile = config.age.secrets.lldap-env.path;
30    };
31
32    services.caddy = {
33      virtualHosts."http://${lldap-hostname}".extraConfig = ''
34        bind tailscale/ldap
35        reverse_proxy http://localhost:${toString config.services.lldap.settings.http_port}
36      '';
37    };
38  };
39}