hedgedoc: add

2023-06-05 19:53:21 +02:00 · 2023-06-05 19:53:21 +02:00 · 1024d82a53
parent 81927acfec
commit 1024d82a53
1 changed files with 28 additions and 0 deletions
--- a/modules/hedgedoc.nix
+++ b/modules/hedgedoc.nix
@ -0,0 +1,28 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.services.hedgedoc;
+  inherit (config.security) ldap;
+in
+{
+  options = {
+    services.hedgedoc.ldap = {
+      enable = lib.mkEnableOption (lib.mdDoc ''
+        login only via LDAP.
+        Use `service.hedgedoc.environmentFile` in format `bindCredentials=password` to set the credentials used by the search user
+      '');
+    };
+  };
+
+  config = lib.mkIf cfg.ldap.enable {
+    services.hedgedoc.settings.ldap = {
+      url = "ldaps://${ldap.domainName}:${toString ldap.port}";
+      bindDn = ldap.bindDN;
+      bindCredentials = "$bindCredentials";
+      searchBase = ldap.userBaseDN;
+      searchFilter = ldap.userFilter "{{username}}";
+      tlsca = "/etc/ssl/certs/ca-certificates.crt";
+      useridField = ldap.userField;
+    };
+  };
+}