Add lldap to auth01 host

2025-04-01 22:22:43 +02:00
parent 5370d01c3d
commit cba1821f3b
11 changed files with 253 additions and 76 deletions
--- a/services/lldap/default.nix
+++ b/services/lldap/default.nix
@@ -0,0 +1,28 @@
+{ ... }:
+{
+  services.lldap = {
+    enable = true;
+    settings = {
+      ldap_base_dn = "dc=home,dc=2rjus,dc=net";
+      ldap_user_email = "admin@home.2rjus.net";
+      ldap_user_dn = "admin";
+      ldaps_options = {
+        enabled = true;
+        port = 6360;
+        cert_file = "/var/lib/acme/auth01.home.2rjus.net/cert.pem";
+        key_file = "/var/lib/acme/auth01.home.2rjus.net/key.pem";
+      };
+    };
+  };
+  systemd.services.lldap = {
+    serviceConfig = {
+      SupplementaryGroups = [ "acme" ];
+    };
+  };
+  security.acme.certs."auth01.home.2rjus.net" = {
+    listenHTTP = ":80";
+    reloadServices = [ "lldap" ];
+    extraDomainNames = [ "ldap.home.2rjus.net" ];
+    enableDebugLogs = true;
+  };
+}