mirror of
https://github.com/materusPL/nixos-config
synced 2026-07-02 12:46:42 +00:00
waffentrager: lldap use postgresql
This commit is contained in:
@@ -7,6 +7,30 @@
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
waffentragerService.elements.enable = true;
|
||||
waffentragerService.nginx.enable = true;
|
||||
services.nginx.virtualHosts."mamba.podkos.pl" = {
|
||||
forceSSL = true;
|
||||
http3 = true;
|
||||
sslTrustedCertificate = "/var/lib/mnt_acme/mamba.podkos.pl/chain.pem";
|
||||
sslCertificateKey = "/var/lib/mnt_acme/mamba.podkos.pl/key.pem";
|
||||
sslCertificate = "/var/lib/mnt_acme/mamba.podkos.pl/fullchain.pem";
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:17170";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
|
||||
allow ${materusArg.ip-masks.wireguard.private};
|
||||
allow 192.168.100.0/24;
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.lldap = {
|
||||
partOf = [ "elements-mount.service" ];
|
||||
requires = [ "elements-mount.service" ];
|
||||
@@ -21,15 +45,23 @@
|
||||
group = "lldap";
|
||||
isSystemUser = true;
|
||||
};
|
||||
sops.secrets.jwt = { owner = "lldap"; group = "lldap";};
|
||||
sops.secrets.jwt = { owner = "lldap"; group = "lldap"; };
|
||||
sops.secrets."lldap-database" = { owner = "lldap"; group = "lldap"; };
|
||||
services.lldap.enable = true;
|
||||
services.lldap.environment = {
|
||||
LLDAP_JWT_SECRET_FILE = config.sops.secrets.jwt.path;
|
||||
services.lldap.environmentFile = config.sops.templates."lldap.env".file;
|
||||
sops.templates."lldap.env" = {
|
||||
content = ''
|
||||
LLDAP_JWT_SECRET_FILE="${config.sops.secrets.jwt.path}"
|
||||
LLDAP_DATABASE_URL="postgres://lldap:${config.sops.placeholder."lldap-database"}@%2Fvar%2Frun%2Fpostgresql/lldap"
|
||||
'';
|
||||
owner = "lldap";
|
||||
group = "lldap";
|
||||
};
|
||||
|
||||
services.lldap.settings = {
|
||||
ldap_base_dn = "dc=podkos,dc=pl";
|
||||
database_url = "sqlite://${config.waffentragerService.elements.lldapDir}/users.db?mode=rwc";
|
||||
http_url = "http://mamba.podkos.pl";
|
||||
#database_url = "sqlite://${config.waffentragerService.elements.lldapDir}/users.db?mode=rwc";
|
||||
http_url = "https://mamba.podkos.pl";
|
||||
ldap_user_dn = "master";
|
||||
ldap_user_email = "materus@podkos.pl";
|
||||
key_seed = materusArg.waffentrager.lldap.seed;
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
services.postgresql.authentication = pkgs.lib.mkOverride 10 ''
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 scram-sha-256
|
||||
host all all ::1/128 scram-sha-256
|
||||
'';
|
||||
systemd.services.postgresql = {
|
||||
partOf = [ "elements-mount.service" ];
|
||||
|
||||
Reference in New Issue
Block a user