cluster/services/idm: enable LDAP

2023-06-11 21:33:53 +02:00 · 2023-06-11 21:33:53 +02:00 · af6259a8e4
commit af6259a8e4
parent e34287cd05
2 changed files with 16 additions and 5 deletions
--- a/cluster/services/idm/default.nix
+++ b/cluster/services/idm/default.nix
@ -1,10 +1,18 @@
-{ tools, ... }:
+{ config, tools, ... }:

 {
-  links.idm = {
-    ipv4 = "idm.${tools.meta.domain}";
-    port = 443;
-    protocol = "https";
+  links = {
+    idm = {
+      ipv4 = "idm.${tools.meta.domain}";
+      port = 443;
+      protocol = "https";
+    };
+    ldap = {
+      hostname = "idm-ldap.internal.${tools.meta.domain}";
+      ipv4 = config.vars.mesh.VEGAS.meshIp;
+      port = 636;
+      protocol = "ldaps";
+    };
  };

  services.idm = {
--- a/cluster/services/idm/server.nix
+++ b/cluster/services/idm/server.nix
@ -7,6 +7,8 @@ let

  backendLink = config.links.idmBackend;

+  ldapLink = cluster.config.links.ldap;
+
  certDir = config.security.acme.certs."internal.${domain}".directory;
 in

@ -28,6 +30,7 @@ in
      tls_key = "${certDir}/key.pem";
      role = "WriteReplicaNoUI";
      bindaddress = backendLink.tuple;
+      ldapbindaddress = "${ldapLink.ipv4}:${ldapLink.portStr}";
      origin = frontendLink.url;
      inherit domain;
    };