fixing the ldap user and temp disabling tls

This commit is contained in:
Rouven Seifert 2023-02-15 11:29:47 +01:00
parent 85c6a97651
commit bb23a7f67a
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09

View file

@ -9,6 +9,12 @@ let
ldapGroup = "openldap"; ldapGroup = "openldap";
in in
{ {
sops.secrets.unix_ldap_search = {
key = "portunus_search";
owner = config.systemd.services.nslcd.serviceConfig.User;
};
users.users."${portunusUser}" = { users.users."${portunusUser}" = {
isSystemUser = true; isSystemUser = true;
group = "${portunusGroup}"; group = "${portunusGroup}";
@ -56,17 +62,31 @@ in
# disables port 389, use 636 with tls # disables port 389, use 636 with tls
# `portunus.domain` resolves to localhost # `portunus.domain` resolves to localhost
tls = true; #tls = true;
}; };
seedPath = ../config/portunus_seeds.json; seedPath = ../config/portunus_seeds.json;
}; };
users.ldap = { #users.ldap = {
#enable = true;
#server = "ldap://localhost";
#base = "${config.services.portunus.ldap.suffix}";
#};
users.ldap = let
portunus = config.services.portunus;
base = "ou=users,${portunus.ldap.suffix}";
in {
enable = true; enable = true;
server = "ldap://localhost"; server = "ldap://localhost";
base = "${config.services.portunus.ldap.suffix}"; base = base;
bind = {
distinguishedName = "uid=${portunus.ldap.searchUserName},${base}";
passwordFile = config.sops.secrets.unix_ldap_search.path;
}; };
daemon.enable = true;
};
services.nginx = { services.nginx = {
enable = true; enable = true;