Connect Authelia to LDAP with LLDAP

machines/lebesgue/config/configuration.nix

@@ -31,12 +31,19 @@
       # oidcHmacSecretFile = config.sops.secrets.authelia-oidc-hmac.path;
       sessionSecretFile = config.sops.secrets.authelia-session-secret.path;
       storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption.path;
+
+      ldap = {
+        addr = "ldap://localhost:${toString config.foehammer.services.lldap.ldap_port}";
+        baseDN = config.foehammer.services.lldap.base_dn;
+        user = "UID=authelia,OU=people,${config.foehammer.services.lldap.base_dn}";
+        passwordFile = config.sops.secrets.authelia-lldap-password.path;
+      };
     };
 
     services.lldap = {
       enable = true;
       url = "https://lldap.foehammer.me";
-      base_dn = "dc=foehammer,dc=me";
+      base_dn = "DC=foehammer,DC=me";
 
       adminUserPasswordFile = config.sops.secrets.lldap-admin-password.path;
     };

machines/lebesgue/config/secrets.nix

@@ -25,6 +25,7 @@
       authelia-oidc-hmac = autheliaSecret;
       authelia-session-secret = autheliaSecret;
       authelia-storage-encryption = autheliaSecret;
+      authelia-lldap-password = autheliaSecret;
       authelia-users = {
         owner = "authelia-main";
         sopsFile = ../secrets/authelia/users.yaml;

machines/lebesgue/config/state.nix

@@ -14,7 +14,7 @@
       "/var/lib/caddy/.local/share/caddy"
       "/var/lib/vaultwarden"
 
-      { directory = "/var/lib/private/lldap"; user = "lldap"; group = "lldap"; mode = "0700"; }
+      { directory = "/var/lib/lldap"; user = "lldap"; group = "lldap"; mode = "0700"; }
     ];
 
     files = [