numbus/Numbus
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
Files
73adb395c05f227c498ecf5aad994d92c6c3d8fe
Numbus/modules/backup/services/applications/lldap.nix
T
Raphaël Numbus 73adb395c0 Migrated from multi repos to monorepo architecture.
2026-05-02 12:52:08 +02:00

84 lines
2.4 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
with lib;
let
# Container config
name = "lldap";
# Version tagging
lldapVersion = "v0.6.2";
# Helper
helper = import ../service-helper.nix { inherit config pkgs lib; };
cfg = config.numbus-server.services.lldap;
# Derive Base DN from domain (e.g., example.com -> dc=example,dc=com)
domainParts = splitString "." config.numbus-server.services.domain;
baseDN = concatStringsSep "," (map (p: "dc=${p}") domainParts);
in
helper.mkPodmanService {
inherit name;
pod = "false";
description = "LLDAP, unified user management";
defaultPort = "17170";
dependencies = [
"sops-install-secrets.service"
"network-online.target"
];
middlewares = [
"secureHeaders"
];
dirPermissions = [
"100999:100 ${cfg.configDir}"
];
secrets = [
"lldap/jwt_secret"
"lldap/key_seed"
"lldap/admin_password"
];
composeText = ''
services:
lldap:
image: lldap/lldap:${lldapVersion}
container_name: lldap
hostname: lldap
user: '1000:1000'
networks:
lldap:
ipv4_address: 10.89.185.253
ports:
- "3890:3890"
- "${cfg.port}:17170"
volumes:
- ${cfg.configDir}:/data
environment:
- UID=1000
- GID=1000
- TZ=${config.time.timeZone}
- LLDAP_LDAP_BASE_DN=${baseDN}
- LLDAP_JWT_SECRET="${config.sops.placeholder."lldap/jwt_secret"}"
- LLDAP_KEY_SEED="${config.sops.placeholder."lldap/key_seed"}"
- LLDAP_LDAP_USER_PASS="${config.sops.placeholder."lldap/admin_password"}"
- LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=true
- LLDAP_SMTP_OPTIONS__SERVER=${config.numbus-server.mail.smtpServer}
- LLDAP_SMTP_OPTIONS__PORT=${config.numbus-server.mail.smtpPort}
- LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${config.numbus-server.mail.smtpEncryption}
- LLDAP_SMTP_OPTIONS__USER=${config.numbus-server.mail.smtpUsername}
- LLDAP_SMTP_OPTIONS__PASSWORD=${config.sops.placeholder."mail/smtpPassword"}
- LLDAP_SMTP_OPTIONS__FROM=no-reply <${config.numbus-server.mail.fromAddress}>
security_opt:
- no-new-privileges:true
cap_drop:
- NET_RAW
restart: unless-stopped
networks:
lldap:
driver: bridge
name: lldap
ipam:
config:
- subnet: "10.89.185.0/24"
gateway: "10.89.185.254"
'';
}
Reference in New Issue View Git Blame Copy Permalink