msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wip(lldap): Test LDAP

Browse Source
This commit is contained in:
Madeleine Sydney Slaga
2025-02-19 00:16:44 -07:00
committed by Madeleine Sydney
parent 9e334d9291
commit 7f03bec221
2 changed files with 43 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
modules/nixos/deertopia/lldap.nix
View File

@@ -58,5 +58,44 @@ in {
in "http://localhost:${port}";
};
};
services.nginx.proxyCachePath."cache/" = {
enable = true;
keysZoneName = "auth_cache";
};
sydnix.deertopia.nginx.vhosts."ldap".vhost =
let consultant = "http://localhost:9090";
port = builtins.toString config.services.lldap.settings.http_port;
base-dn = config.services.lldap.settings.ldap_base_dn;
nginx-bind-user = "nginx-bind-user";
in {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
auth_request /auth-proxy;
error_page 401 =200 /login;
proxy_pass ${consultant};
'';
locations."/login".extraConfig = ''
proxy_pass ${consultant}/login;
proxy_set_header X-Target $request_uri;
'';
locations."= /auth-proxy".extraConfig = ''
internal;
proxy_pass ${consultant};
proxy_pass_request_body off;
proxy_pass_request_headers off;
proxy_set_header Content-Length "";
proxy_cache auth_cache;
proxy_cache_valid 200 10m;
proxy_cache_key "$http_authorization$cookie_nginxauth";
proxy_set_header X-Ldap-URL "ldap://localhost:${port}";
proxy_set_header X-Ldap-BaseDN "cn=people,${base-dn}";
proxy_set_header X-Ldap-BindDN "cn=${nginx-bind-user},${base-dn}";
proxy_set_header X-Ldap-BindPass "secret123";
proxy_set_header X-CookieName "nginxauth";
proxy_set_header Cookie nginxauth=$cookie_nginxauth;
'';
};
};
}