nixos-config/configurations/host/waffentrager/services/auth/lldap.nix

{ config, pkgs, lib, materusArg, ... }:
{
  options.waffentragerService.auth.lldap.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable lldap";
  config =
    let
      cfg = config.waffentragerService.auth.lldap;
    in
    lib.mkIf cfg.enable {
      waffentragerService.elements.enable = true;
      systemd.services.lldap = {
        partOf = [ "elements-mount.service" ];
        requires = [ "elements-mount.service" ];
        after = [ "elements-mount.service" ];
        serviceConfig = {
          DynamicUser = lib.mkForce false;
          WorkingDirectory = lib.mkForce config.waffentragerService.elements.lldapDir;
        };
      };
      users.groups.lldap = { };
      users.users.lldap = {
        group = "lldap";
        isSystemUser = true;
      };
      sops.secrets.jwt = { owner = "lldap"; group = "lldap";};
      services.lldap.enable = true;
      services.lldap.environment = {
        LLDAP_JWT_SECRET_FILE = config.sops.secrets.jwt.path;
      };
      services.lldap.settings = {
        ldap_base_dn = "dc=podkos,dc=pl";
        database_url = "sqlite://${config.waffentragerService.elements.lldapDir}/users.db?mode=rwc";
        http_url = "http://mamba.podkos.pl";
        ldap_user_dn = "master";
        ldap_user_email = "materus@podkos.pl";
        key_seed = materusArg.waffentrager.lldap.seed;
      };
    };
}
waffentrager: config lldap 2024-07-13 15:44:07 +02:00			`{ config, pkgs, lib, materusArg, ... }:`
			`{`
			`options.waffentragerService.auth.lldap.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable lldap";`
			`config =`
			`let`
			`cfg = config.waffentragerService.auth.lldap;`
			`in`
			`lib.mkIf cfg.enable {`
			`waffentragerService.elements.enable = true;`
			`systemd.services.lldap = {`
			`partOf = [ "elements-mount.service" ];`
			`requires = [ "elements-mount.service" ];`
			`after = [ "elements-mount.service" ];`
			`serviceConfig = {`
			`DynamicUser = lib.mkForce false;`
			`WorkingDirectory = lib.mkForce config.waffentragerService.elements.lldapDir;`
			`};`
			`};`
			`users.groups.lldap = { };`
			`users.users.lldap = {`
			`group = "lldap";`
			`isSystemUser = true;`
			`};`
			`sops.secrets.jwt = { owner = "lldap"; group = "lldap";};`
			`services.lldap.enable = true;`
			`services.lldap.environment = {`
			`LLDAP_JWT_SECRET_FILE = config.sops.secrets.jwt.path;`
			`};`
			`services.lldap.settings = {`
			`ldap_base_dn = "dc=podkos,dc=pl";`
			`database_url = "sqlite://${config.waffentragerService.elements.lldapDir}/users.db?mode=rwc";`
			`http_url = "http://mamba.podkos.pl";`
			`ldap_user_dn = "master";`
			`ldap_user_email = "materus@podkos.pl";`
			`key_seed = materusArg.waffentrager.lldap.seed;`
			`};`
			`};`
			`}`