{ config, lib, pkgs, ... }:
with lib;

let
  cfg = config.services.authentik-ldap;
  conf = import ./vars.nix;
in
{
  options = {
    services.authentik-ldap = {
      token = mkOption {
        type = types.str;
        description = "The authentik_token as displayed in authentik.";
      };
    };
  };

  config = {
    virtualisation.oci-containers.containers."authentik-ldap" = {
      image = "ghcr.io/goauthentik/ldap";
      ports = [
        "389:3389"
        "636:6636"
      ];
      environment = {
        AUTHENTIK_HOST = "https://${conf.authentik.domain}";
        AUTHENTIK_INSECURE = "false";
        AUTHENTIK_DEBUG = "true";
        AUTHENTIK_TOKEN = cfg.token;
      };
      extraOptions = conf.podman.extraOptions;
    };
  };

}
# vim: set et ts=2 sw=2 ai: