hedgedoc: add
This commit is contained in:
parent
81927acfec
commit
1024d82a53
|
@ -0,0 +1,28 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.hedgedoc;
|
||||||
|
inherit (config.security) ldap;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
services.hedgedoc.ldap = {
|
||||||
|
enable = lib.mkEnableOption (lib.mdDoc ''
|
||||||
|
login only via LDAP.
|
||||||
|
Use `service.hedgedoc.environmentFile` in format `bindCredentials=password` to set the credentials used by the search user
|
||||||
|
'');
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.ldap.enable {
|
||||||
|
services.hedgedoc.settings.ldap = {
|
||||||
|
url = "ldaps://${ldap.domainName}:${toString ldap.port}";
|
||||||
|
bindDn = ldap.bindDN;
|
||||||
|
bindCredentials = "$bindCredentials";
|
||||||
|
searchBase = ldap.userBaseDN;
|
||||||
|
searchFilter = ldap.userFilter "{{username}}";
|
||||||
|
tlsca = "/etc/ssl/certs/ca-certificates.crt";
|
||||||
|
useridField = ldap.userField;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue