diff --git a/modules/nixos/deertopia/lldap.nix b/modules/nixos/deertopia/lldap.nix index 65620f3..e85fd2c 100644 --- a/modules/nixos/deertopia/lldap.nix +++ b/modules/nixos/deertopia/lldap.nix @@ -58,5 +58,44 @@ in { in "http://localhost:${port}"; }; }; + + services.nginx.proxyCachePath."cache/" = { + enable = true; + keysZoneName = "auth_cache"; + }; + sydnix.deertopia.nginx.vhosts."ldap".vhost = + let consultant = "http://localhost:9090"; + port = builtins.toString config.services.lldap.settings.http_port; + base-dn = config.services.lldap.settings.ldap_base_dn; + nginx-bind-user = "nginx-bind-user"; + in { + forceSSL = true; + enableACME = true; + locations."/".extraConfig = '' + auth_request /auth-proxy; + error_page 401 =200 /login; + proxy_pass ${consultant}; + ''; + locations."/login".extraConfig = '' + proxy_pass ${consultant}/login; + proxy_set_header X-Target $request_uri; + ''; + locations."= /auth-proxy".extraConfig = '' + internal; + proxy_pass ${consultant}; + proxy_pass_request_body off; + proxy_pass_request_headers off; + proxy_set_header Content-Length ""; + proxy_cache auth_cache; + proxy_cache_valid 200 10m; + proxy_cache_key "$http_authorization$cookie_nginxauth"; + proxy_set_header X-Ldap-URL "ldap://localhost:${port}"; + proxy_set_header X-Ldap-BaseDN "cn=people,${base-dn}"; + proxy_set_header X-Ldap-BindDN "cn=${nginx-bind-user},${base-dn}"; + proxy_set_header X-Ldap-BindPass "secret123"; + proxy_set_header X-CookieName "nginxauth"; + proxy_set_header Cookie nginxauth=$cookie_nginxauth; + ''; + }; }; } diff --git a/users/lain/default.nix b/users/lain/default.nix index 1531a5e..6b48a35 100755 --- a/users/lain/default.nix +++ b/users/lain/default.nix @@ -28,6 +28,7 @@ homeConfiguration = { config, lib, pkgs, ... }: { imports = [ ../crumb/programs/nvim.nix + ../crumb/programs/git.nix ./files.nix ]; @@ -38,7 +39,9 @@ "VISUAL" = "nvim"; }; - home.packages = [ pkgs.btop ]; + home.packages = [ + pkgs.btop + ]; sydnix = { impermanence = {