From eafd0289a0ab36e215b49cafe446e644cafcd649 Mon Sep 17 00:00:00 2001
From: mc-fucker <dev@mc-fucker.cool>
Date: Thu, 22 Jun 2023 08:33:05 +0200
Subject: [PATCH] lldap module init

---
 modules/lldap.nix | 49 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 modules/lldap.nix

diff --git a/modules/lldap.nix b/modules/lldap.nix
new file mode 100644
index 0000000..9e9fd0f
--- /dev/null
+++ b/modules/lldap.nix
@@ -0,0 +1,49 @@
+{ config, ... }:
+let
+  cfg = import ./vars.nix;
+  #web_port = "17170";
+  domain = cfg.lldap.domain;
+in
+{
+  sops.secrets."lldap/admin" = { owner = "lldap";};
+  sops.secrets."lldap/jwt" = { owner = "lldap";};
+
+  users.groups.lldap = {
+    gid = 389;
+  };
+  users.users.lldap = {
+    isSystemUser = true;
+    group = "lldap";
+    uid = 389;
+  };
+
+  virtualisation.oci-containers.containers.lldap = {
+    image = "docker.io/nitnelave/lldap:stable";
+    environment = {
+      TZ = "Europe/Berlin";
+      UID = "389";
+      LLDAP_VERBOSE = "true";
+      LLDAP_LDAP_BASE_DN = "dc=mc-fucker,cd=cool";
+      LLDAP_LDAP_USER_DN = "ldapadmin";
+      LLDAP_HTTP_URL = "https://${domain}";
+      LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt".path;
+      LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets."lldap/admin".path;
+      LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET = "true";
+      LLDAP_SMTP_OPTIONS__SERVER = cfg.mail.host;
+      LLDAP_SMTP_OPTIONS__PORT = cfg.mail.port;
+      LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION = "STARTTLS";
+      LLDAP_SMTP_OPTIONS__FROM = "LLDAP Admin <lldap@mc-fucker.cool>";
+    };
+    ports = [
+      "389:3890"
+      "17170:17170"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    volumes = [
+      "${config.sops.secrets."lldap/jwt".path}:${config.sops.secrets."lldap/jwt".path}:ro"
+      "${config.sops.secrets."lldap/admin".path}:${config.sops.secrets."lldap/admin".path}:ro"
+    ];
+  };
+
+}
+# vim: set et ts=2 sw=2 ai: