Added boilerplate for lldap and handle wildcard certificates for tbmrs.nl

hosts/v-th-ctr-01/home.nix

@@ -36,6 +36,8 @@
       desktop-environments.hyprland.enable = false;
 
       containers = {
+        network.enable = true;
+
         nginx.enable = true;
         caddy.enable = true;
       };

modules/home/containers/auth.nix

@@ -0,0 +1,34 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.nginx;
+in {
+  options = {
+    settings.containers.auth.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable authelia and lldap container
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.containers.lldap = {
+      image = "lldap/lldap:stable";
+      network = "proxy";
+      volumes = [
+        "%h/containers/lldap/data:/data"
+      ];
+      environment = {
+        TZ = "Europe/Amsterdam";
+        LLDAP_JWT_SECRET = "";
+        LLDAP_KEY_SEED = "";
+        LLDAP_LDAP_BASE_DN = "dc=tbmrs,dc=nl";
+        LLDAP_LDAP_USER_PASS= "changeme!";
+      };
+    };
+  };
+}

modules/home/containers/caddy.nix

@@ -18,6 +18,7 @@ in {
   config = mkIf cfg.enable {
     services.podman.containers.caddy = {
       image = "localhost/tboomers/caddy-custom:latest";
+      network = "proxy";
       ports = [
         "1080:80"
         "1443:443"
@@ -30,16 +31,21 @@ in {
     };
 
     home.file."containers/caddy/Caddyfile".text = ''
-      {
+      *.tbmrs.nl, tbmrs.nl {
-        acme_dns transip xeovalyte /etc/caddy/acme_key
+        tls {
-      }
+          dns transip xeovalyte /etc/caddy/acme_key
-    
+          resolvers 1.1.1.1
-      tbmrs.nl {
+        }
-        respond "Hello there"
-      }
 
-      http://tbmrs.nl {
+        @root host tbmrs.nl
-        respond "Hello there"
+        handle @root {
+          respond "Hello there"
+        }
+
+        @lldap host ldap.tbmrs.nl
+        handle @lldap {
+          reverse_proxy lldap:17170
+        }
       }
     '';
   };

modules/home/containers/network.nix

@@ -0,0 +1,24 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.nginx;
+in {
+  options = {
+    settings.containers.network.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable network
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.networks.proxy = {
+      description = "Container network for the proxy";
+      autoStart = true;
+    };
+  };
+}

modules/home/default.nix

@@ -22,7 +22,10 @@
 
     ./desktop-environments/hyprland/default.nix
 
-    ./containers/nginx.nix
+    ./containers/network.nix
+
+    ./containers/auth.nix
     ./containers/caddy.nix
+    ./containers/nginx.nix
   ];
 }