Added boilerplate for lldap and handle wildcard certificates for tbmrs.nl

2025-04-26 12:23:41 +02:00 · 2025-04-26 12:23:41 +02:00 · af39ac1be4
commit af39ac1be4
parent 8dbddaf62d
5 changed files with 79 additions and 10 deletions
--- a/hosts/v-th-ctr-01/home.nix
+++ b/hosts/v-th-ctr-01/home.nix
@ -36,6 +36,8 @@
      desktop-environments.hyprland.enable = false;

      containers = {
+        network.enable = true;
+
        nginx.enable = true;
        caddy.enable = true;
      };
--- a/modules/home/containers/auth.nix
+++ b/modules/home/containers/auth.nix
@ -0,0 +1,34 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.nginx;
+in {
+  options = {
+    settings.containers.auth.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable authelia and lldap container
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.containers.lldap = {
+      image = "lldap/lldap:stable";
+      network = "proxy";
+      volumes = [
+        "%h/containers/lldap/data:/data"
+      ];
+      environment = {
+        TZ = "Europe/Amsterdam";
+        LLDAP_JWT_SECRET = "";
+        LLDAP_KEY_SEED = "";
+        LLDAP_LDAP_BASE_DN = "dc=tbmrs,dc=nl";
+        LLDAP_LDAP_USER_PASS= "changeme!";
+      };
+    };
+  };
+}
--- a/modules/home/containers/caddy.nix
+++ b/modules/home/containers/caddy.nix
@ -18,6 +18,7 @@ in {
  config = mkIf cfg.enable {
    services.podman.containers.caddy = {
      image = "localhost/tboomers/caddy-custom:latest";
+      network = "proxy";
      ports = [
        "1080:80"
        "1443:443"
@ -30,16 +31,21 @@ in {
    };

    home.file."containers/caddy/Caddyfile".text = ''
-      {
-        acme_dns transip xeovalyte /etc/caddy/acme_key
-      }
+      *.tbmrs.nl, tbmrs.nl {
+        tls {
+          dns transip xeovalyte /etc/caddy/acme_key
+          resolvers 1.1.1.1
+        }

-      tbmrs.nl {
-        respond "Hello there"
-      }
+        @root host tbmrs.nl
+        handle @root {
+          respond "Hello there"
+        }

-      http://tbmrs.nl {
-        respond "Hello there"
+        @lldap host ldap.tbmrs.nl
+        handle @lldap {
+          reverse_proxy lldap:17170
+        }
      }
    '';
  };
--- a/modules/home/containers/network.nix
+++ b/modules/home/containers/network.nix
@ -0,0 +1,24 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.nginx;
+in {
+  options = {
+    settings.containers.network.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable network
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.networks.proxy = {
+      description = "Container network for the proxy";
+      autoStart = true;
+    };
+  };
+}
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@ -22,7 +22,10 @@

    ./desktop-environments/hyprland/default.nix

-    ./containers/nginx.nix
+    ./containers/network.nix
+
+    ./containers/auth.nix
    ./containers/caddy.nix
+    ./containers/nginx.nix
  ];
 }