diff --git a/flake.lock b/flake.lock index 36c62c7..ea43246 100644 --- a/flake.lock +++ b/flake.lock @@ -188,11 +188,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1752817886, - "narHash": "sha256-ixiHcBqWAubQYbXEXeEnqhwEj9Bz7GoLL904bZ+Autc=", + "lastModified": 1752731184, + "narHash": "sha256-gxXbkDyWNqXH0M2HLmNhP51yY7PSZkXoshXSCh+DVIk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3ee71bd9a139787964bc89c67989fda8ccc599e6", + "rev": "558243f9250d98ab34959cff321fa3bfd58ca6dd", "type": "github" }, "original": { diff --git a/machines/auth/lldap.nix b/machines/auth/lldap.nix index c37c5dd..bea3d14 100644 --- a/machines/auth/lldap.nix +++ b/machines/auth/lldap.nix @@ -15,10 +15,6 @@ in { "lldap/admin_password".owner = "lldap"; }; - sops.templates."lldap_config.toml".content = '' - LLDAP_SMTP_OPTIONS__PASSWORD=${config.sops.placeholder."lldap/admin_password"} - ''; - networking.firewall.allowedTCPPorts = [ cfg.settings.http_port cfg.settings.ldap_port @@ -29,11 +25,8 @@ in { services.lldap = { enable = true; settings = { - verbose = true; ldap_base_dn = "dc=procopius,dc=dk"; ldap_user_email = "admin@procopius.dk"; - http_url = "https://lldap.procopius.dk"; - enable_password_reset = true; database_url = "postgresql://lldap@localhost/lldap?host=/run/postgresql"; }; @@ -41,16 +34,7 @@ in { LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt_secret".path; LLDAP_KEY_SEED_FILE = config.sops.secrets."lldap/key_seed".path; LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets."lldap/admin_password".path; - - LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET = "true"; - LLDAP_SMTP_OPTIONS__SERVER = "mail.procopius.dk"; - LLDAP_SMTP_OPTIONS__PORT = "465"; - LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION = "TLS"; - LLDAP_SMTP_OPTIONS__USER = "admin@procopius.dk"; - LLDAP_SMTP_OPTIONS__FROM = "LLDAP Admin "; - LLDAP_SMTP_OPTIONS__REPLY_TO = "Do not reply "; }; - environmentFile = config.sops.templates."lldap_config.toml".path; }; systemd.services.lldap = let