padlist: configure ldap authentication

This commit is contained in:
Rouven Seifert 2023-08-22 15:37:42 +02:00
parent 6887bae0a3
commit 5c1af65721
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
2 changed files with 10 additions and 0 deletions

View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
services.nginx = { services.nginx = {
additionalModules = [ pkgs.nginxModules.pam ];
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@ -30,4 +32,8 @@
email = "root@ifsr.de"; email = "root@ifsr.de";
}; };
}; };
security.pam.services.nginx.text = ''
auth required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
account required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
'';
} }

View file

@ -27,6 +27,10 @@ in
root = pkgs.callPackage ../pkgs/padlist { }; root = pkgs.callPackage ../pkgs/padlist { };
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
extraConfig = ''
auth_pam "LDAP Authentication Required";
auth_pam_service_name "nginx";
'';
locations = { locations = {
"= /" = { "= /" = {
extraConfig = '' extraConfig = ''