Add lldap to auth01 host

2025-04-01 22:22:43 +02:00
parent 5370d01c3d
commit cba1821f3b
11 changed files with 253 additions and 76 deletions
--- a/services/authelia/default.nix
+++ b/services/authelia/default.nix
@@ -0,0 +1,24 @@
+{ ... }:
+{
+  authelia.instances."auth" = {
+    enable = true;
+    settings = {
+      authentication_backend = {
+        ldap = {
+          address = "ldap://127.0.0.1:389";
+          implementation = "lldap";
+          timeout = "5s";
+          base_dn = "dc=home,dc=2rjus,dc=net";
+          attributes = {
+            distinguished_name = "distinguishedName";
+            username = "user_id";
+            display_name = "displayName";
+            mail = "mail";
+            member_of = "memberOf";
+            group_name = "cn";
+          };
+        };
+      };
+    };
+  };
+}
--- a/services/http-proxy/proxy.nix
+++ b/services/http-proxy/proxy.nix
@@ -82,6 +82,14 @@
        }
        reverse_proxy http://jelly01.home.2rjus.net:8096
      }
+      lldap.home.2rjus.net {
+        log {
+          output file /var/log/caddy/auth.log {
+            mode 644
+          }
+        }
+        reverse_proxy http://auth01.home.2rjus.net:17170
+      }
      http://http-proxy.home.2rjus.net/metrics {
        log {
          output file /var/log/caddy/caddy-metrics.log {
--- a/services/lldap/default.nix
+++ b/services/lldap/default.nix
@@ -0,0 +1,28 @@
+{ ... }:
+{
+  services.lldap = {
+    enable = true;
+    settings = {
+      ldap_base_dn = "dc=home,dc=2rjus,dc=net";
+      ldap_user_email = "admin@home.2rjus.net";
+      ldap_user_dn = "admin";
+      ldaps_options = {
+        enabled = true;
+        port = 6360;
+        cert_file = "/var/lib/acme/auth01.home.2rjus.net/cert.pem";
+        key_file = "/var/lib/acme/auth01.home.2rjus.net/key.pem";
+      };
+    };
+  };
+  systemd.services.lldap = {
+    serviceConfig = {
+      SupplementaryGroups = [ "acme" ];
+    };
+  };
+  security.acme.certs."auth01.home.2rjus.net" = {
+    listenHTTP = ":80";
+    reloadServices = [ "lldap" ];
+    extraDomainNames = [ "ldap.home.2rjus.net" ];
+    enableDebugLogs = true;
+  };
+}
--- a/services/ns/zones-home-2rjus-net.conf
+++ b/services/ns/zones-home-2rjus-net.conf
@@ -1,7 +1,7 @@
 $ORIGIN home.2rjus.net.
 $TTL 1800
@       IN      SOA     ns1.home.2rjus.net.      admin.test.2rjus.net. (
-                        2053                    ; serial number
+                        2060                    ; serial number
                        3600                    ; refresh
                        900                     ; retry
                        1209600                 ; expire
@@ -61,6 +61,7 @@ nix-cache01         IN      A       10.69.13.15
 nix-cache           IN      CNAME   nix-cache01
 pgdb1               IN      A       10.69.13.16
 nats1               IN      A       10.69.13.17
+auth01              IN      A       10.69.13.18

 ; http-proxy cnames
 nzbget              IN      CNAME   http-proxy
@@ -72,6 +73,11 @@ grafana             IN      CNAME   http-proxy
 prometheus          IN      CNAME   http-proxy
 alertmanager        IN      CNAME   http-proxy
 jelly               IN      CNAME   http-proxy
+auth                IN      CNAME   http-proxy
+lldap               IN      CNAME   http-proxy
+
+ldap                IN      CNAME   auth01
+

 ; 22_WLAN
 unifi-ctrl          IN      A       10.69.22.5