reformatting ldap.nix

modules/ldap.nix

@@ -31,7 +31,7 @@ in
     user = "${portunusUser}";
     group = "${portunusGroup}";
     domain = "${domain}";
-    port = 8081;
+    port = 8681;
     userRegex = "[a-z_][a-z0-9_.-]*\$?";
     dex = {
       enable = true;
@@ -45,11 +45,29 @@ in
 
       # disables port 389, use 636 with tls
       # `portunus.domain` resolves to localhost
-      tls = true;
+      # tls = true;
     };
 
     seedPath = ../config/portunus_seeds.json;
   };
+
+
+  services = {
+    dex.settings.oauth2.skipApprovalScreen = true;
+
+    nginx = {
+      enable = true;
+      virtualHosts."${config.services.portunus.domain}" = {
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
+          "/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}";
+        };
+      };
+    };
+  };
+
   systemd.services.dex.serviceConfig = {
     DynamicUser = lib.mkForce false;
     EnvironmentFile = config.sops.secrets."dex/environment".path;
@@ -135,16 +153,6 @@ in
 
   '';
 
-  services.nginx = {
-    enable = true;
-    virtualHosts."${config.services.portunus.domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations = {
-        "/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
-      };
-    };
-  };
   nixpkgs.overlays = [
     (self: super:
       {
@@ -153,7 +161,7 @@ in
             owner = "revol-xut";
             repo = "portunus";
             rev = "c95528e21782b3477203bc29fc85515f2cb8c8cb";
-      sha256 = "";
+            sha256 = "sha256-CmH0HKr+pNDnw0qfDucQrCixFg7Yh8r7Rt7v9+6pNXc=";
           };
         });
       })