From 01c9d1b488268d6967db11de1b88b477434c4e3f Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Thu, 13 Feb 2025 15:01:04 +0000
Subject: [PATCH] kanidm: bind LDAP to VPN

---
 hosts/library/default.nix | 3 +++
 hosts/vps1/default.nix    | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/hosts/library/default.nix b/hosts/library/default.nix
index 04e6053..09faf2c 100644
--- a/hosts/library/default.nix
+++ b/hosts/library/default.nix
@@ -16,6 +16,9 @@
 
   networking = {
     hostId = "d24ae953";
+    hosts = {
+      "100.64.0.1" = [ "auth.vimium.com" ];
+    };
     firewall = {
       enable = true;
       allowedTCPPorts = [
diff --git a/hosts/vps1/default.nix b/hosts/vps1/default.nix
index 930d6e9..830aad4 100644
--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@@ -69,8 +69,8 @@
         inherit uri;
       };
       serverSettings = {
-        bindaddress = "[::1]:3013";
-        ldapbindaddress = "[::1]:636";
+        bindaddress = "127.0.0.1:3013";
+        ldapbindaddress = "100.64.0.1:636";
         domain = baseDomain;
         origin = uri;
         tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
@@ -83,7 +83,7 @@
       useACMEHost = "auth.vimium.com";
       forceSSL = true;
       locations."/" = {
-        proxyPass = "https://[::1]:3013";
+        proxyPass = "https://127.0.0.1:3013";
       };
     };
   };