mirror of
https://github.com/NuschtOS/nixos-modules.git
synced 2024-07-01 08:38:44 +02:00
36 lines
1.0 KiB
Nix
36 lines
1.0 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
cfg = config.services.mastodon.ldap;
|
|
inherit (config.security) ldap;
|
|
in
|
|
{
|
|
options = {
|
|
services.mastodon.ldap = {
|
|
enable = lib.mkEnableOption (lib.mdDoc "login only via LDAP");
|
|
|
|
userFilterGroup = lib.mkOption {
|
|
type = with lib.types; nullOr str;
|
|
default = null;
|
|
description = lib.mdDoc "Restrict logins to users in this group";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
services.mastodon.extraConfig = {
|
|
LDAP_ENABLED = "true";
|
|
LDAP_BASE = ldap.userBaseDN;
|
|
LDAP_BIND_DN = ldap.bindDN;
|
|
LDAP_HOST = ldap.domainName;
|
|
LDAP_METHOD = "simple_tls";
|
|
LDAP_PORT = toString ldap.port;
|
|
LDAP_UID = ldap.userField;
|
|
# convert .,- (space) in LDAP usernames to underscore, otherwise those users cannot log in
|
|
LDAP_UID_CONVERSION_ENABLED = "true";
|
|
} // lib.optionalAttrs (cfg.userFilterGroup != null) {
|
|
LDAP_SEARCH_FILTER = "(&${ldap.groupFilter cfg.userFilterGroup}(|(%{uid}=%{email})(%{mail}=%{email})))";
|
|
};
|
|
};
|
|
}
|