wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

fixing the ldap user and temp disabling tls

Browse source
This commit is contained in:
Rouven Seifert 2023-02-15 11:29:47 +01:00
parent 85c6a97651
commit bb23a7f67a
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
1 changed files with 23 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
modules/ldap.nix
View file

@ -9,6 +9,12 @@ let
ldapGroup = "openldap";
in
{
sops.secrets.unix_ldap_search = {
key = "portunus_search";
owner = config.systemd.services.nslcd.serviceConfig.User;
};
users.users."${portunusUser}" = {
isSystemUser = true;
group = "${portunusGroup}";
@ -56,17 +62,31 @@ in
# disables port 389, use 636 with tls
# `portunus.domain` resolves to localhost
tls = true;
#tls = true;
};
seedPath = ../config/portunus_seeds.json;
};
users.ldap = {
#users.ldap = {
#enable = true;
#server = "ldap://localhost";
#base = "${config.services.portunus.ldap.suffix}";
#};
users.ldap = let
portunus = config.services.portunus;
base = "ou=users,${portunus.ldap.suffix}";
in {
enable = true;
server = "ldap://localhost";
base = "${config.services.portunus.ldap.suffix}";
base = base;
bind = {
distinguishedName = "uid=${portunus.ldap.searchUserName},${base}";
passwordFile = config.sops.secrets.unix_ldap_search.path;
};
daemon.enable = true;
};
services.nginx = {
enable = true;