Torjus Håkestad
8eefe38d5e
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
38 lines
993 B
Nix
38 lines
993 B
Nix
{ config, ... }:
|
|
{
|
|
sops.secrets.lldap_user_pass = {
|
|
format = "yaml";
|
|
key = "lldap_user_pass";
|
|
sopsFile = ../../secrets/auth01/secrets.yaml;
|
|
restartUnits = [ "lldap.service" ];
|
|
group = "acme";
|
|
};
|
|
|
|
services.lldap = {
|
|
enable = true;
|
|
settings = {
|
|
ldap_base_dn = "dc=home,dc=2rjus,dc=net";
|
|
ldap_user_email = "admin@home.2rjus.net";
|
|
ldap_user_dn = "admin";
|
|
ldap_user_pass_file = config.sops.secrets.lldap_user_pass.path;
|
|
ldaps_options = {
|
|
enabled = true;
|
|
port = 6360;
|
|
cert_file = "/var/lib/acme/auth01.home.2rjus.net/cert.pem";
|
|
key_file = "/var/lib/acme/auth01.home.2rjus.net/key.pem";
|
|
};
|
|
};
|
|
};
|
|
systemd.services.lldap = {
|
|
serviceConfig = {
|
|
SupplementaryGroups = [ "acme" ];
|
|
};
|
|
};
|
|
security.acme.certs."auth01.home.2rjus.net" = {
|
|
listenHTTP = ":80";
|
|
reloadServices = [ "lldap" ];
|
|
extraDomainNames = [ "ldap.home.2rjus.net" ];
|
|
enableDebugLogs = true;
|
|
};
|
|
}
|