Add LDAP port (and firewall ports)

2024-05-28 11:09:29 -07:00 · 2024-05-28 11:09:29 -07:00 · da49d47bca
parent f25509454c
commit da49d47bca
1 changed files with 14 additions and 2 deletions
--- a/paris-container.nix
+++ b/paris-container.nix
@ -19,6 +19,12 @@ in {
      description = "Directory at which to store server state.";
    };

+    ports = mkOption {
+      type = listOf port;
+      description = "List of ports to open to the public internet.";
+      default = [ ];
+    };
+
    ldap = {
      image = mkOption {
        type = str;
@ -26,6 +32,12 @@ in {
        default = "ghcr.io/goauthentik/ldap:latest";
      };

+      port = mkOption {
+        type = port;
+        description = "Port on which to listen for LDAP requests.";
+        default = 4389;
+      };
+
      domain = mkOption {
        type = str;
        description =
@ -137,7 +149,7 @@ in {
    virtualisation.oci-containers.paris-ldap-proxy = {
      image = cfg.ldap.image;
      autoStart = true;
-      ports = [ "${cfg.ldap.port}:389" ];
+      ports = [ "${toString cfg.ldap.port}:389" ];
      environmentFiles = [ hostSecrets.parisLdapEnv.target-file ];
    };

@ -184,7 +196,7 @@ in {
              auth_provider = "ldap";
              access_provider = "ldap";

-              ldap_uri = "ldap://localhost:${cfg.ldap.port}";
+              ldap_uri = "ldap://localhost:${toString cfg.ldap.port}";
              ldap_schema = "rfc2307bis";

              ldap_search_base = cfg.ldap.base;