mirror of
https://github.com/SuperSandro2000/nixos-modules.git
synced 2024-06-02 06:19:22 +02:00
hedgedoc: add userFilterGroup option
This commit is contained in:
parent
0000000ae7
commit
9001816c4c
|
@ -1,7 +1,7 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.hedgedoc;
|
||||
cfg = config.services.hedgedoc.ldap;
|
||||
inherit (config.security) ldap;
|
||||
in
|
||||
{
|
||||
|
@ -11,16 +11,22 @@ in
|
|||
login only via LDAP.
|
||||
Use `service.hedgedoc.environmentFile` in format `bindCredentials=password` to set the credentials used by the search user
|
||||
'');
|
||||
|
||||
userFilterGroup = lib.mkOption {
|
||||
type = with lib.types; nullOr str;
|
||||
default = null;
|
||||
description = lib.mdDoc "Restrict logins to users in this group";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.ldap.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.hedgedoc.settings.ldap = {
|
||||
url = "ldaps://${ldap.domainName}:${toString ldap.port}";
|
||||
bindDn = ldap.bindDN;
|
||||
bindCredentials = "$bindCredentials";
|
||||
searchBase = ldap.userBaseDN;
|
||||
searchFilter = ldap.userFilter "{{username}}";
|
||||
searchFilter = "(&(${ldap.groupFilter cfg.userFilterGroup})(${ldap.userFilter "{{username}}"}))";
|
||||
tlsca = "/etc/ssl/certs/ca-certificates.crt";
|
||||
useridField = ldap.userField;
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue
Block a user