From 62f7cce1847f01116609ce19cb21f1f2bcea0f17 Mon Sep 17 00:00:00 2001
From: WilliButz <willibutz@posteo.de>
Date: Wed, 28 Jun 2023 17:31:16 +0200
Subject: [PATCH] module: add basic ldap outpost service

---
 module.nix | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/module.nix b/module.nix
index b69245f..d261c14 100644
--- a/module.nix
+++ b/module.nix
@@ -20,6 +20,7 @@ let
 in
 {
   options.services = {
+    # authentik server
     authentik = {
       enable = mkEnableOption "authentik";
 
@@ -45,6 +46,11 @@ in
         default = true;
       };
     };
+
+    # LDAP oupost
+    authentik-ldap = {
+      enable = mkEnableOption "authentik LDAP outpost";
+    };
   };
 
   config = mkMerge [
@@ -138,5 +144,31 @@ in
         };
       };
     }))
+
+    # LDAP outpost
+    (mkIf config.services.authentik-ldap.enable (let
+      cfg = config.services.authentik-ldap;
+    in
+    {
+      systemd.services.authentik-ldap = {
+        wantedBy = [ "multi-user.target" ];
+        after = [
+          "network-online.target"
+          "authentik.service"
+        ];
+        restartTriggers = [ config.environment.etc."authentik/config.yml".source ];
+        serviceConfig = {
+          Environment = [
+            "AUTHENTIK_HOST=https://localhost:9443"
+            "AUTHENTIK_INSECURE=true"
+          ];
+          RuntimeDirectory = "authentik-ldap";
+          UMask = "0027";
+          WorkingDirectory = "%t/authentik-ldap";
+          DynamicUser = true;
+          ExecStart = "${config.services.authentik.authentikComponents.gopkgs}/bin/ldap";
+        };
+      };
+    }))
   ];
 }