fix authentik-ldap port bindings

author: Max Audron <audron@cocaine.farm> 2025-07-31 22:46:18 +0200
committer: Max Audron <audron@cocaine.farm> 2025-07-31 22:46:18 +0200
commit: c90eda3a993f580739000f443ef30a708caf4bc4 (patch)
tree: deac7cb344e3e83447e3b1f88cd4ed355c8e8a19 /modules/authentik
parent: update to nixos 25.05 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/authentik/default.nix b/modules/authentik/default.nix
index dc87336..9cc3a3f 100644
--- a/modules/authentik/default.nix
+++ b/modules/authentik/default.nix
@@ -32,6 +32,11 @@ in
     environmentFile = "/etc/secrets/authentik/ldap.env";
   };
 
+  systemd.services.authentik-ldap.serviceConfig = {
+    AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+    CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
+  };
+
   services.authentik-proxy = {
     enable = true;
     environmentFile = "/etc/secrets/authentik/proxy.env";
author	Max Audron <audron@cocaine.farm>	2025-07-31 22:46:18 +0200
committer	Max Audron <audron@cocaine.farm>	2025-07-31 22:46:18 +0200
commit	c90eda3a993f580739000f443ef30a708caf4bc4 (patch)
tree	deac7cb344e3e83447e3b1f88cd4ed355c8e8a19 /modules/authentik
parent	update to nixos 25.05 (diff)