diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9e187a5..92690b6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@
- `shb.authelia.oidcClients.id` -> `shb.authelia.oidcClients.client_id`
- `shb.authelia.oidcClients.description` -> `shb.authelia.oidcClients.client_name`
- `shb.authelia.oidcClients.secret` -> `shb.authelia.oidcClients.client_secret`
+ - `shb.authelia.ldapEndpoint` -> `shb.authelia.ldapHostname` and `shb.authelia.ldapPort`
## User Facing Backwards Compatible Changes
diff --git a/modules/blocks/authelia.nix b/modules/blocks/authelia.nix
index 4f9acf5..d27db34 100644
--- a/modules/blocks/authelia.nix
+++ b/modules/blocks/authelia.nix
@@ -39,10 +39,16 @@ in
default = null;
};
- ldapEndpoint = lib.mkOption {
+ ldapHostname = lib.mkOption {
type = lib.types.str;
- description = "Endpoint of the LDAP authentication backend.";
- example = "ldap://ldap.example.com:389";
+ description = "Hostname of the LDAP authentication backend.";
+ example = "ldap.example.com";
+ };
+
+ ldapPort = lib.mkOption {
+ type = lib.types.port;
+ description = "Port of the LDAP authentication backend.";
+ example = "389";
};
dcdomain = lib.mkOption {
@@ -301,7 +307,7 @@ in
};
ldap = {
implementation = "custom";
- address = cfg.ldapEndpoint;
+ address = "ldap://${cfg.ldapHostname}:${toString cfg.ldapPort}";
timeout = "5s";
start_tls = "false";
base_dn = cfg.dcdomain;
@@ -406,7 +412,9 @@ in
generator = shblib.replaceSecretsGeneratorAdapter (lib.generators.toYAML {});
};
in
- lib.mkBefore (mkCfg cfg.oidcClients);
+ lib.mkBefore (mkCfg cfg.oidcClients + ''
+ ${pkgs.bash}/bin/bash -c '(while ! ${pkgs.netcat-openbsd}/bin/nc -z -v -w1 ${cfg.ldapHostname} ${toString cfg.ldapPort}; do echo "Waiting for port ${cfg.ldapHostname}:${toString cfg.ldapPort} to open..."; sleep 2; done); sleep 2'
+ '');
services.nginx.virtualHosts.${fqdn} = {
forceSSL = !(isNull cfg.ssl);
diff --git a/modules/services/nextcloud-server/docs/default.md b/modules/services/nextcloud-server/docs/default.md
index 4d69464..a89a84d 100644
--- a/modules/services/nextcloud-server/docs/default.md
+++ b/modules/services/nextcloud-server/docs/default.md
@@ -196,7 +196,8 @@ shb.authelia = {
subdomain = "auth";
ssl = config.shb.certs.certs.selfsigned.auth;
- ldapEndpoint = "ldap://127.0.0.1:${builtins.toString config.shb.ldap.ldapPort}";
+ ldapHostname = "127.0.0.1";
+ ldapPort = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
secrets = {
diff --git a/test/blocks/authelia.nix b/test/blocks/authelia.nix
index 07b6928..6b01f31 100644
--- a/test/blocks/authelia.nix
+++ b/test/blocks/authelia.nix
@@ -40,7 +40,8 @@ in
enable = true;
subdomain = "authelia";
domain = "machine.com";
- ldapEndpoint = "ldap://${config.shb.ldap.subdomain}.${config.shb.ldap.domain}:${toString config.shb.ldap.ldapPort}";
+ ldapHostname = "${config.shb.ldap.subdomain}.${config.shb.ldap.domain}";
+ ldapPort = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
secrets = {
jwtSecretFile = pkgs.writeText "jwtSecretFile" "jwtSecretFile";
diff --git a/test/common.nix b/test/common.nix
index 3533b26..b626bd0 100644
--- a/test/common.nix
+++ b/test/common.nix
@@ -174,7 +174,8 @@ in
subdomain = "auth";
ssl = config.shb.certs.certs.selfsigned.n;
- ldapEndpoint = "ldap://127.0.0.1:${builtins.toString config.shb.ldap.ldapPort}";
+ ldapHostname = "127.0.0.1";
+ ldapPort = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
secrets = {
diff --git a/test/services/vaultwarden.nix b/test/services/vaultwarden.nix
index f79d2df..0439054 100644
--- a/test/services/vaultwarden.nix
+++ b/test/services/vaultwarden.nix
@@ -78,7 +78,8 @@ let
# Not yet supported
# ldap = { config, ... }: {
# # shb.vaultwarden = {
- # # ldapEndpoint = "http://127.0.0.1:${builtins.toString config.shb.ldap.webUIListenPort}";
+ # # ldapHostname = "127.0.0.1";
+ # # ldapPort = config.shb.ldap.webUIListenPort;
# # };
# };