padlist: configure ldap authentication
This commit is contained in:
parent
6887bae0a3
commit
5c1af65721
|
@ -1,6 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
|
||||||
|
additionalModules = [ pkgs.nginxModules.pam ];
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
|
@ -30,4 +32,8 @@
|
||||||
email = "root@ifsr.de";
|
email = "root@ifsr.de";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
security.pam.services.nginx.text = ''
|
||||||
|
auth required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
|
||||||
|
account required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,6 +27,10 @@ in
|
||||||
root = pkgs.callPackage ../pkgs/padlist { };
|
root = pkgs.callPackage ../pkgs/padlist { };
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
extraConfig = ''
|
||||||
|
auth_pam "LDAP Authentication Required";
|
||||||
|
auth_pam_service_name "nginx";
|
||||||
|
'';
|
||||||
locations = {
|
locations = {
|
||||||
"= /" = {
|
"= /" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
|
Loading…
Reference in a new issue