From 1024d82a53ffe7d35d30d217bc6d5d24f15b2c3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Mon, 5 Jun 2023 19:53:21 +0200
Subject: [PATCH] hedgedoc: add

---
 modules/hedgedoc.nix | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 modules/hedgedoc.nix

diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix
new file mode 100644
index 00000000..9cf531b
--- /dev/null
+++ b/modules/hedgedoc.nix
@@ -0,0 +1,28 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.services.hedgedoc;
+  inherit (config.security) ldap;
+in
+{
+  options = {
+    services.hedgedoc.ldap = {
+      enable = lib.mkEnableOption (lib.mdDoc ''
+        login only via LDAP.
+        Use `service.hedgedoc.environmentFile` in format `bindCredentials=password` to set the credentials used by the search user
+      '');
+    };
+  };
+
+  config = lib.mkIf cfg.ldap.enable {
+    services.hedgedoc.settings.ldap = {
+      url = "ldaps://${ldap.domainName}:${toString ldap.port}";
+      bindDn = ldap.bindDN;
+      bindCredentials = "$bindCredentials";
+      searchBase = ldap.userBaseDN;
+      searchFilter = ldap.userFilter "{{username}}";
+      tlsca = "/etc/ssl/certs/ca-certificates.crt";
+      useridField = ldap.userField;
+    };
+  };
+}