Migrated from multi repos to monorepo architecture.

2026-05-02 12:52:08 +02:00
parent 72668492f5
commit 73adb395c0
218 changed files with 9639 additions and 57 deletions
@@ -0,0 +1,84 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  # Container config
+  name = "lldap";
+  # Version tagging
+  lldapVersion = "v0.6.2";
+  # Helper
+  helper = import ../service-helper.nix { inherit config pkgs lib; };
+  cfg = config.numbus-server.services.lldap;
+  # Derive Base DN from domain (e.g., example.com -> dc=example,dc=com)
+  domainParts = splitString "." config.numbus-server.services.domain;
+  baseDN = concatStringsSep "," (map (p: "dc=${p}") domainParts);
+in
+
+helper.mkPodmanService {
+  inherit name;
+  pod = "false";
+  description = "LLDAP, unified user management";
+  defaultPort = "17170";
+  dependencies = [
+    "sops-install-secrets.service"
+    "network-online.target"
+  ];
+  middlewares = [
+    "secureHeaders"
+  ];
+  dirPermissions = [
+    "100999:100 ${cfg.configDir}"
+  ];
+  secrets = [
+    "lldap/jwt_secret"
+    "lldap/key_seed"
+    "lldap/admin_password"
+  ];
+
+  composeText = ''
+    services:
+      lldap:
+        image: lldap/lldap:${lldapVersion}
+        container_name: lldap
+        hostname: lldap
+        user: '1000:1000'
+        networks:
+          lldap:
+            ipv4_address: 10.89.185.253
+        ports:
+          - "3890:3890"
+          - "${cfg.port}:17170"
+        volumes:
+          - ${cfg.configDir}:/data
+        environment:
+          - UID=1000
+          - GID=1000
+          - TZ=${config.time.timeZone}
+          - LLDAP_LDAP_BASE_DN=${baseDN}
+          - LLDAP_JWT_SECRET="${config.sops.placeholder."lldap/jwt_secret"}"
+          - LLDAP_KEY_SEED="${config.sops.placeholder."lldap/key_seed"}"
+          - LLDAP_LDAP_USER_PASS="${config.sops.placeholder."lldap/admin_password"}"
+          - LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=true
+          - LLDAP_SMTP_OPTIONS__SERVER=${config.numbus-server.mail.smtpServer}
+          - LLDAP_SMTP_OPTIONS__PORT=${config.numbus-server.mail.smtpPort}
+          - LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${config.numbus-server.mail.smtpEncryption}
+          - LLDAP_SMTP_OPTIONS__USER=${config.numbus-server.mail.smtpUsername}
+          - LLDAP_SMTP_OPTIONS__PASSWORD=${config.sops.placeholder."mail/smtpPassword"}
+          - LLDAP_SMTP_OPTIONS__FROM=no-reply <${config.numbus-server.mail.fromAddress}>
+        security_opt:
+          - no-new-privileges:true
+        cap_drop:
+          - NET_RAW
+        restart: unless-stopped
+
+    networks:
+      lldap:
+        driver: bridge
+        name: lldap
+        ipam:
+          config:
+            - subnet: "10.89.185.0/24"
+              gateway: "10.89.185.254"
+  '';
+}