From c90eda3a993f580739000f443ef30a708caf4bc4 Mon Sep 17 00:00:00 2001
From: Max Audron <audron@cocaine.farm>
Date: Thu, 31 Jul 2025 22:46:18 +0200
Subject: fix authentik-ldap port bindings

---
 modules/authentik/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'modules/authentik')

diff --git a/modules/authentik/default.nix b/modules/authentik/default.nix
index dc87336..9cc3a3f 100644
--- a/modules/authentik/default.nix
+++ b/modules/authentik/default.nix
@@ -32,6 +32,11 @@ in
     environmentFile = "/etc/secrets/authentik/ldap.env";
   };
 
+  systemd.services.authentik-ldap.serviceConfig = {
+    AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+    CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
+  };
+
   services.authentik-proxy = {
     enable = true;
     environmentFile = "/etc/secrets/authentik/proxy.env";
-- 
cgit v1.2.3