work in progrss, dovecot ldap not working

This commit is contained in:
Bereich Administration Rechentechnik 2025-01-24 16:51:13 +01:00
parent bcae120ce1
commit 336d26ff3b
4 changed files with 161 additions and 42 deletions

View file

@ -20,11 +20,11 @@
networking.hostName = "authentik";
networking.interfaces.ens18.ipv4.addresses = [
{
address = "10.0.0.3";
address = "141.56.51.18";
prefixLength = 24;
}
];
networking.defaultGateway.address = "10.0.0.1";
networking.defaultGateway.address = "141.56.51.254";
networking.nameservers = [ "141.56.1.1" "141.56.1.2" ];
time.timeZone = "Europe/Berlin";
@ -36,9 +36,15 @@
useXkbConfig = true; # use xkb.options in tty.
};
users.groups.authentik = { };
users.users.authentik = {
isSystemUser = true;
extraGroups = [ "docker" ];
group = "authentik";
};
users.users.administration = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
extraGroups = [ "wheel" "docker" ]; # Enable sudo for the user.
packages = with pkgs; [
];
};
@ -68,37 +74,53 @@
disable_startup_analytics = true;
avatars = "initials";
};
nginx = {
enable = true;
enableACME = true;
host = "auth.htw.stura-dresden.de";
};
};
services.dovecot2 = {
extraConfig = ''
auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
'';
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 389 9000 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
services.nginx.virtualHosts."auth.htw.stura-dresden.de".locations."/".extraConfig = ''
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
mailserver = {
enable = true;
fqdn = "mail.htw.stura-dresden.de";
domains = [ "htw.stura-dresden.de" ];
ldap = {
enable = true;
bind = {
dn = "cn=dovecot,ou=users,dc=auth,dc=htw,dc=stura-dresden,dc=de";
passwordFile = "/var/lib/dovecot_ldap_passwd";
};
dovecot = { };
searchBase = "dc=auth,dc=htw,dc=stura-dresden,dc=de";
searchScope = "sub";
uris = [
"ldap://localhost:389"
];
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
certificateScheme = "acme-nginx";
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
virtualisation.docker.enable = true;
security.acme.acceptTerms = true;
security.acme.defaults.email = "cert@stura.htw-dresden.de";
networking.firewall.allowedTCPPorts = [ 80 443 389 9000 ];
system.stateVersion = "24.11";
}