waffentrager: config lldap

This commit is contained in:
2024-07-13 15:44:07 +02:00
parent 6a1700f0b7
commit 7abe845c5a
7 changed files with 66 additions and 3 deletions
@@ -2,9 +2,10 @@
{
imports =
[
./lldap.nix
];
config =
{
waffentragerService.auth.lldap.enable = true;
};
}
@@ -0,0 +1,38 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.waffentragerService.auth.lldap.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable lldap";
config =
let
cfg = config.waffentragerService.auth.lldap;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
systemd.services.lldap = {
partOf = [ "elements-mount.service" ];
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
serviceConfig = {
DynamicUser = lib.mkForce false;
WorkingDirectory = lib.mkForce config.waffentragerService.elements.lldapDir;
};
};
users.groups.lldap = { };
users.users.lldap = {
group = "lldap";
isSystemUser = true;
};
sops.secrets.jwt = { owner = "lldap"; group = "lldap";};
services.lldap.enable = true;
services.lldap.environment = {
LLDAP_JWT_SECRET_FILE = config.sops.secrets.jwt.path;
};
services.lldap.settings = {
ldap_base_dn = "dc=podkos,dc=pl";
database_url = "sqlite://${config.waffentragerService.elements.lldapDir}/users.db?mode=rwc";
http_url = "http://mamba.podkos.pl";
ldap_user_dn = "master";
ldap_user_email = "materus@podkos.pl";
key_seed = materusArg.waffentrager.lldap.seed;
};
};
}