Add lldap service.

Add LDAP service, to allow me to more easily add users to authelia, and
other SSO solutions.

machines/lebesgue/config/configuration.nix

@@ -33,6 +33,14 @@
       storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption.path;
     };
 
+    services.lldap = {
+      enable = true;
+      url = "https://lldap.foehammer.me";
+      base_dn = "dc=foehammer,dc=me";
+
+      adminUserPasswordFile = config.sops.secrets.lldap-admin-password.path;
+    };
+
     services.vaultwarden = {
       enable = true;
       domain = "https://passwords.foehammer.me";

machines/lebesgue/config/secrets.nix

@@ -18,6 +18,8 @@
       restic-password = {owner = "restic";};
       restic-repository = {owner = "restic";};
 
+      lldap-admin-password.owner = "lldap";
+
       authelia-jwtsecret = autheliaSecret;
       authelia-oidc-privkey = autheliaSecret;
       authelia-oidc-hmac = autheliaSecret;

machines/lebesgue/config/state.nix

@@ -13,6 +13,8 @@
       "/var/lib/authelia-main"
       "/var/lib/caddy/.local/share/caddy"
       "/var/lib/vaultwarden"
+
+      { directory = "/var/lib/private/lldap"; user = "lldap"; group = "lldap"; mode = "0700"; }
     ];
 
     files = [