fix authentik-ldap port bindings

author: Max Audron <audron@cocaine.farm> 2025-07-31 22:46:18 +0200
committer: Max Audron <audron@cocaine.farm> 2025-07-31 22:46:18 +0200
commit: c90eda3a993f580739000f443ef30a708caf4bc4 (patch)
tree: deac7cb344e3e83447e3b1f88cd4ed355c8e8a19
parent: update to nixos 25.05 (diff)
2 files changed, 5 insertions, 0 deletions
diff --git a/modules/authentik/default.nix b/modules/authentik/default.nix
index dc87336..9cc3a3f 100644
--- a/modules/authentik/default.nix
+++ b/modules/authentik/default.nix
@@ -32,6 +32,11 @@ in
     environmentFile = "/etc/secrets/authentik/ldap.env";
   };
 
+  systemd.services.authentik-ldap.serviceConfig = {
+    AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+    CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
+  };
+
   services.authentik-proxy = {
     enable = true;
     environmentFile = "/etc/secrets/authentik/proxy.env";
diff --git a/secrets b/secrets
-Subproject 421236f500d491540f6ef112f47baaaed9f6b7c
+Subproject 25b1d46edbbd5c9faad93c40ddfad9696b9e3cc
author	Max Audron <audron@cocaine.farm>	2025-07-31 22:46:18 +0200
committer	Max Audron <audron@cocaine.farm>	2025-07-31 22:46:18 +0200
commit	c90eda3a993f580739000f443ef30a708caf4bc4 (patch)
tree	deac7cb344e3e83447e3b1f88cd4ed355c8e8a19
parent	update to nixos 25.05 (diff)