From 1e24392601206d325a7c6747a7980d723a75c486 Mon Sep 17 00:00:00 2001
From: mc-fucker <dev@mc-fucker.cool>
Date: Thu, 22 Jun 2023 16:05:36 +0200
Subject: [PATCH] lldap nginx config

---
 modules/lldap.nix | 20 +++++++++++++++++---
 modules/vars.nix  |  3 ++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/modules/lldap.nix b/modules/lldap.nix
index 9e9fd0f..34c06fb 100644
--- a/modules/lldap.nix
+++ b/modules/lldap.nix
@@ -1,7 +1,7 @@
 { config, ... }:
 let
   cfg = import ./vars.nix;
-  #web_port = "17170";
+  port = cfg.lldap.webPort;
   domain = cfg.lldap.domain;
 in
 {
@@ -22,8 +22,9 @@ in
     environment = {
       TZ = "Europe/Berlin";
       UID = "389";
+      GID = "389";
       LLDAP_VERBOSE = "true";
-      LLDAP_LDAP_BASE_DN = "dc=mc-fucker,cd=cool";
+      LLDAP_LDAP_BASE_DN = "dc=mc-fucker,dc=cool";
       LLDAP_LDAP_USER_DN = "ldapadmin";
       LLDAP_HTTP_URL = "https://${domain}";
       LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt".path;
@@ -36,14 +37,27 @@ in
     };
     ports = [
       "389:3890"
-      "17170:17170"
+      "${port}:${port}"
     ];
     extraOptions = cfg.podman.extraOptions;
     volumes = [
       "${config.sops.secrets."lldap/jwt".path}:${config.sops.secrets."lldap/jwt".path}:ro"
       "${config.sops.secrets."lldap/admin".path}:${config.sops.secrets."lldap/admin".path}:ro"
+      "/var/lib/lldap:/data"
     ];
   };
 
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${port}";
+    };
+    extraConfig = ''
+      access_log  /var/log/nginx/${domain}_access.log;
+      error_log   /var/log/nginx/${domain}_error.log;
+    '';
+  };
+
 }
 # vim: set et ts=2 sw=2 ai:
diff --git a/modules/vars.nix b/modules/vars.nix
index 7f09d72..da3c1c3 100644
--- a/modules/vars.nix
+++ b/modules/vars.nix
@@ -41,7 +41,8 @@
   };
 
   lldap = {
-    domain = "lldap.mc-fucker.cool";
+    domain = "user.mc-fucker.cool";
+    webPort = "17170";
   };
 
   mail = {