Suggested NixOS LDAP server configuration for Lookout. Nix, NixOS, OpenLDAP, LDAP. Basic (common sense) SSH/PAM/sudo settings too.

ldapserver.nix

{ pkgs, config, ... }:
{
  imports = [
    <nixpkgs/nixos/modules/profiles/headless.nix>
  ];
  
  # Enable sudo logins if the user's SSH agent provides a key
  # present in <filename>~/.ssh/authorized_keys</filename>.
  # This allows machines to exclusively use SSH keys instead of
  # passwords.
  security.pam.enableSSHAgentAuth = true;
  # Basic security settings
  security.sudo.enable = true;
  # Only ok beause of enableSSHAgentAuth
  security.sudo.wheelNeedsPassword = false;
  
  # Reasonable OpenSSH settings
  services.openssh.enable = true;
  services.openssh.permitRootLogin = "no";

  # Here's the inside joke...although perhaps not so inside any more.
  services.openldap.enable = true;
  services.openldap.extraConfig = ''
    include ${pkgs.openldap.out}/etc/openldap/schema/core.schema
    include ${pkgs.openldap.out}/etc/openldap/schema/cosine.schema
    include ${pkgs.openldap.out}/etc/openldap/schema/inetorgperson.schema
    include ${pkgs.openldap.out}/etc/openldap/schema/nis.schema
    
    database bdb 
    suffix dc=lookout,dc=com 
    rootdn cn=shitlords,dc=lookout,dc=com 
    # NOTE: change after first start or don't because nobody takes security seriously *shrug*
    # You create your own adventure...
    rootpw lookoutislookout
  '';
}