Wait actively on ldap being ready (#286)

Looks like this is needed in the end, other we get into some flaky
situations

CHANGELOG.md

@@ -13,6 +13,7 @@
   - `shb.authelia.oidcClients.id` -> `shb.authelia.oidcClients.client_id`
   - `shb.authelia.oidcClients.description` -> `shb.authelia.oidcClients.client_name`
   - `shb.authelia.oidcClients.secret` -> `shb.authelia.oidcClients.client_secret`
+  - `shb.authelia.ldapEndpoint` -> `shb.authelia.ldapHostname` and `shb.authelia.ldapPort`
 
 ## User Facing Backwards Compatible Changes
 

modules/blocks/authelia.nix

@@ -39,10 +39,16 @@ in
       default = null;
     };
 
-    ldapEndpoint = lib.mkOption {
+    ldapHostname = lib.mkOption {
       type = lib.types.str;
-      description = "Endpoint of the LDAP authentication backend.";
-      example = "ldap://ldap.example.com:389";
+      description = "Hostname of the LDAP authentication backend.";
+      example = "ldap.example.com";
+    };
+
+    ldapPort = lib.mkOption {
+      type = lib.types.port;
+      description = "Port of the LDAP authentication backend.";
+      example = "389";
     };
 
     dcdomain = lib.mkOption {
@@ -301,7 +307,7 @@ in
           };
           ldap = {
             implementation = "custom";
-            address = cfg.ldapEndpoint;
+            address = "ldap://${cfg.ldapHostname}:${toString cfg.ldapPort}";
             timeout = "5s";
             start_tls = "false";
             base_dn = cfg.dcdomain;
@@ -406,7 +412,9 @@ in
             generator = shblib.replaceSecretsGeneratorAdapter (lib.generators.toYAML {});
           };
       in
-        lib.mkBefore (mkCfg cfg.oidcClients);
+        lib.mkBefore (mkCfg cfg.oidcClients + ''
+        ${pkgs.bash}/bin/bash -c '(while ! ${pkgs.netcat-openbsd}/bin/nc -z -v -w1 ${cfg.ldapHostname} ${toString cfg.ldapPort}; do echo "Waiting for port ${cfg.ldapHostname}:${toString cfg.ldapPort} to open..."; sleep 2; done); sleep 2'
+          '');
 
     services.nginx.virtualHosts.${fqdn} = {
       forceSSL = !(isNull cfg.ssl);

modules/services/nextcloud-server/docs/default.md

@@ -196,7 +196,8 @@ shb.authelia = {
   subdomain = "auth";
   ssl = config.shb.certs.certs.selfsigned.auth;
 
-  ldapEndpoint = "ldap://127.0.0.1:${builtins.toString config.shb.ldap.ldapPort}";
+  ldapHostname = "127.0.0.1";
+  ldapPort = config.shb.ldap.ldapPort;
   dcdomain = config.shb.ldap.dcdomain;
 
   secrets = {

test/blocks/authelia.nix

@@ -40,7 +40,8 @@ in
         enable = true;
         subdomain = "authelia";
         domain = "machine.com";
-        ldapEndpoint = "ldap://${config.shb.ldap.subdomain}.${config.shb.ldap.domain}:${toString config.shb.ldap.ldapPort}";
+        ldapHostname = "${config.shb.ldap.subdomain}.${config.shb.ldap.domain}";
+        ldapPort = config.shb.ldap.ldapPort;
         dcdomain = config.shb.ldap.dcdomain;
         secrets = {
           jwtSecretFile = pkgs.writeText "jwtSecretFile" "jwtSecretFile";

test/common.nix

@@ -174,7 +174,8 @@ in
       subdomain = "auth";
       ssl = config.shb.certs.certs.selfsigned.n;
 
-      ldapEndpoint = "ldap://127.0.0.1:${builtins.toString config.shb.ldap.ldapPort}";
+      ldapHostname = "127.0.0.1";
+      ldapPort = config.shb.ldap.ldapPort;
       dcdomain = config.shb.ldap.dcdomain;
 
       secrets = {

test/services/vaultwarden.nix

@@ -78,7 +78,8 @@ let
   # Not yet supported
   # ldap = { config, ... }: {
   #   # shb.vaultwarden = {
-  #   #   ldapEndpoint = "http://127.0.0.1:${builtins.toString config.shb.ldap.webUIListenPort}";
+  #   #   ldapHostname = "127.0.0.1";
+  #   #   ldapPort = config.shb.ldap.webUIListenPort;
   #   # };
   # };