From 5c1af6572144fa9b391b66e135c2aaf8deff83d0 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 22 Aug 2023 15:37:42 +0200
Subject: [PATCH] padlist: configure ldap authentication

---
 modules/nginx.nix   | 6 ++++++
 modules/padlist.nix | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/modules/nginx.nix b/modules/nginx.nix
index 76a34bc..f320fa9 100644
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@@ -1,6 +1,8 @@
 { config, pkgs, ... }:
 {
   services.nginx = {
+
+    additionalModules = [ pkgs.nginxModules.pam ];
     enable = true;
     recommendedProxySettings = true;
     recommendedGzipSettings = true;
@@ -30,4 +32,8 @@
       email = "root@ifsr.de";
     };
   };
+  security.pam.services.nginx.text = ''
+    auth required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
+    account required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
+  '';
 }
diff --git a/modules/padlist.nix b/modules/padlist.nix
index e283285..250dd59 100644
--- a/modules/padlist.nix
+++ b/modules/padlist.nix
@@ -27,6 +27,10 @@ in
       root = pkgs.callPackage ../pkgs/padlist { };
       enableACME = true;
       forceSSL = true;
+      extraConfig = ''
+        auth_pam "LDAP Authentication Required";
+        auth_pam_service_name "nginx";
+      '';
       locations = {
         "= /" = {
           extraConfig = ''