Lorenzo Good
07198a9b15
Add LDAP service, to allow me to more easily add users to authelia, and other SSO solutions.
75 lines
1.5 KiB
Nix
75 lines
1.5 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
inherit (lib) mkEnableOption types mkIf mkOption;
|
|
|
|
cfg = config.foehammer.services.lldap;
|
|
in {
|
|
options.foehammer.services.lldap = {
|
|
enable = mkEnableOption "Enable LLDAP Server";
|
|
|
|
url = mkOption {
|
|
type = types.str;
|
|
};
|
|
|
|
port = mkOption {
|
|
type = lib.types.port;
|
|
default = 8226;
|
|
description = ''
|
|
What external port to serve over.
|
|
'';
|
|
};
|
|
|
|
environmentFile = mkOption {
|
|
type = types.nullOr types.path;
|
|
default = null;
|
|
};
|
|
|
|
jwtSecretFile = mkOption {
|
|
type = types.nullOr types.path;
|
|
default = null;
|
|
description = ''
|
|
Path to your JWT secret used during identity verificaton.
|
|
'';
|
|
};
|
|
|
|
adminUserPasswordFile = mkOption {
|
|
type = types.nullOr types.path;
|
|
default = null;
|
|
};
|
|
|
|
base_dn = mkOption {
|
|
type = types.str;
|
|
example = "dc=example,dc=com";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.lldap = {
|
|
enable = true;
|
|
environmentFile = cfg.environmentFile;
|
|
|
|
settings = {
|
|
# Base setup.
|
|
http_port = cfg.port;
|
|
http_url = cfg.url;
|
|
ldap_base_dn = cfg.base_dn;
|
|
jwt_secret_file = cfg.jwtSecretFile;
|
|
|
|
# Reproducable admin password.
|
|
force_ldap_user_pass_reset = "always";
|
|
ldap_user_pass_file = cfg.adminUserPasswordFile;
|
|
};
|
|
};
|
|
|
|
users.users.lldap = {
|
|
isSystemUser = true;
|
|
createHome = true;
|
|
group = "lldap";
|
|
};
|
|
users.groups.lldap = {};
|
|
};
|
|
}
|