You might be interested in checking out my project SelfHostBlocks which allows you to declaratively setup quite a few services with declarative LDAP and SSO integration with LLDAP and Authelia. Even if you don’t end up using it, it might inspire you. Also, all integrations are tested with NixOS VM tests using playwright to ensure no breakage.
>>ibizam+(OP)
Cool, I'll definitely take a look! I do have a preference for container-oriented setups and do have an elaborate set of plumbing on kuberenetes at the moment.
That being said, I procrastinated on getting postgres backups working and ended up causing self-inflicted corruption, so it is nice to see you've got that setup and have thought of pretty much everything!