work in progrss, dovecot ldap not working

configuration.nix

@@ -20,11 +20,11 @@
   networking.hostName = "authentik";
   networking.interfaces.ens18.ipv4.addresses = [
     {
-      address = "10.0.0.3";
+      address = "141.56.51.18";
       prefixLength = 24;
     }
   ];
-  networking.defaultGateway.address = "10.0.0.1";
+  networking.defaultGateway.address = "141.56.51.254";
   networking.nameservers = [ "141.56.1.1" "141.56.1.2" ];
 
   time.timeZone = "Europe/Berlin";
@@ -36,9 +36,15 @@
     useXkbConfig = true; # use xkb.options in tty.
   };
 
+  users.groups.authentik = { };
+  users.users.authentik = {
+    isSystemUser = true;
+    extraGroups = [ "docker" ];
+    group = "authentik";
+  };
   users.users.administration = {
     isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    extraGroups = [ "wheel" "docker" ]; # Enable ‘sudo’ for the user.
     packages = with pkgs; [
     ];
   };
@@ -68,37 +74,53 @@
       disable_startup_analytics = true;
       avatars = "initials";
     };
+
+    nginx = {
+      enable = true;
+      enableACME = true;
+      host = "auth.htw.stura-dresden.de";
+    };
+  };
+  services.dovecot2 = {
+    extraConfig = ''
+      auth_verbose = yes
+      auth_debug = yes
+      auth_debug_passwords = yes
+    '';
   };
 
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 389 9000 ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
+  services.nginx.virtualHosts."auth.htw.stura-dresden.de".locations."/".extraConfig = ''
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  '';
+  mailserver = {
+    enable = true;
+    fqdn = "mail.htw.stura-dresden.de";
+    domains = [ "htw.stura-dresden.de" ];
+    ldap = {
+      enable = true;
+      bind = {
+        dn = "cn=dovecot,ou=users,dc=auth,dc=htw,dc=stura-dresden,dc=de";
+        passwordFile = "/var/lib/dovecot_ldap_passwd";
+      };
+      dovecot = { };
+      searchBase = "dc=auth,dc=htw,dc=stura-dresden,dc=de";
+      searchScope = "sub";
+      uris = [
+        "ldap://localhost:389"
+      ];
+    };
 
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
+    certificateScheme = "acme-nginx";
+  };
 
-  # This option defines the first version of NixOS you have installed on this particular machine,
-  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
-  #
-  # Most users should NEVER change this value after the initial install, for any reason,
-  # even if you've upgraded your system to a new NixOS release.
-  #
-  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
-  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
-  # to actually do that.
-  #
-  # This value being lower than the current NixOS release does NOT mean your system is
-  # out of date, out of support, or vulnerable.
-  #
-  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
-  # and migrated your data accordingly.
-  #
-  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
-  system.stateVersion = "24.11"; # Did you read the comment?
+  virtualisation.docker.enable = true;
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "cert@stura.htw-dresden.de";
+
+  networking.firewall.allowedTCPPorts = [ 80 443 389 9000 ];
+
+  system.stateVersion = "24.11";
 
 }