module: add basic ldap outpost service
This commit is contained in:
WilliButz
parent
360f4c7321
commit
62f7cce184
1 changed files with 32 additions and 0 deletions
32
module.nix
32
module.nix
|
|
@ -20,6 +20,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.services = {
|
options.services = {
|
||||||
|
# authentik server
|
||||||
authentik = {
|
authentik = {
|
||||||
enable = mkEnableOption "authentik";
|
enable = mkEnableOption "authentik";
|
||||||
|
|
||||||
|
|
@ -45,6 +46,11 @@ in
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# LDAP oupost
|
||||||
|
authentik-ldap = {
|
||||||
|
enable = mkEnableOption "authentik LDAP outpost";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
|
|
@ -138,5 +144,31 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}))
|
}))
|
||||||
|
|
||||||
|
# LDAP outpost
|
||||||
|
(mkIf config.services.authentik-ldap.enable (let
|
||||||
|
cfg = config.services.authentik-ldap;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
systemd.services.authentik-ldap = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [
|
||||||
|
"network-online.target"
|
||||||
|
"authentik.service"
|
||||||
|
];
|
||||||
|
restartTriggers = [ config.environment.etc."authentik/config.yml".source ];
|
||||||
|
serviceConfig = {
|
||||||
|
Environment = [
|
||||||
|
"AUTHENTIK_HOST=https://localhost:9443"
|
||||||
|
"AUTHENTIK_INSECURE=true"
|
||||||
|
];
|
||||||
|
RuntimeDirectory = "authentik-ldap";
|
||||||
|
UMask = "0027";
|
||||||
|
WorkingDirectory = "%t/authentik-ldap";
|
||||||
|
DynamicUser = true;
|
||||||
|
ExecStart = "${config.services.authentik.authentikComponents.gopkgs}/bin/ldap";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}))
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue