nixos-servers/services/lldap/default.nix

{ ... }:
{
  services.lldap = {
    enable = true;
    settings = {
      ldap_base_dn = "dc=home,dc=2rjus,dc=net";
      ldap_user_email = "admin@home.2rjus.net";
      ldap_user_dn = "admin";
      ldaps_options = {
        enabled = true;
        port = 6360;
        cert_file = "/var/lib/acme/auth01.home.2rjus.net/cert.pem";
        key_file = "/var/lib/acme/auth01.home.2rjus.net/key.pem";
      };
    };
  };
  systemd.services.lldap = {
    serviceConfig = {
      SupplementaryGroups = [ "acme" ];
    };
  };
  security.acme.certs."auth01.home.2rjus.net" = {
    listenHTTP = ":80";
    reloadServices = [ "lldap" ];
    extraDomainNames = [ "ldap.home.2rjus.net" ];
    enableDebugLogs = true;
  };
}