lldap: update deprecated option

This commit is contained in:
ibizaman 2025-09-24 21:23:20 +02:00 committed by Pierre Penninckx
parent c0ab22eebd
commit 771e9758b0
3 changed files with 8 additions and 8 deletions

View file

@ -22,8 +22,8 @@ shb.lldap = {
jwtSecret.result = config.shb.sops.secret."lldap/jwt_secret".result;
ldapUserPassword.result = config.shb.sops.secret."lldap/user_password".result;
};
shb.sops.secret."lldap/jwt_secret".request = config.shb.ldap.jwtSecret.request;
shb.sops.secret."lldap/user_password".request = config.shb.ldap.ldapUserPassword.request;
shb.sops.secret."lldap/jwt_secret".request = config.shb.lldap.jwtSecret.request;
shb.sops.secret."lldap/user_password".request = config.shb.lldap.ldapUserPassword.request;
```
This assumes secrets are setup with SOPS
@ -41,7 +41,7 @@ shb.certs.certs.letsencrypt.${domain}.extraDomains = [
"${config.shb.lldap.subdomain}.${config.shb.lldap.domain}"
];
shb.ldap.ssl = config.shb.certs.certs.letsencrypt.${config.shb.lldap.domain};
shb.lldap.ssl = config.shb.certs.certs.letsencrypt.${config.shb.lldap.domain};
```
## Restrict Access By IP {#blocks-lldap-restrict-access-by-ip}
@ -142,7 +142,7 @@ set [`shb.lldap.enforceUserMemberships`](#blocks-lldap-options-shb.lldap.enforce
};
shb.sops.secret."dad".request =
shb.ldap.ensureUsers.dad.password.request;
shb.lldap.ensureUsers.dad.password.request;
}
```

View file

@ -92,8 +92,8 @@ Assuming it [has been set already][LLDAP block setup], add the following configu
shb.jellyfin.ldap
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminPassword.result = config.shb.sops.secrets."jellyfin/ldap/adminPassword".result
};
@ -104,7 +104,7 @@ shb.sops.secrets."jellyfin/ldap/adminPassword" = {
```
The `shb.jellyfin.ldap.adminPasswordFile` must be the same
as the `shb.ldap.ldapUserPasswordFile` which is achieved
as the `shb.lldap.ldapUserPasswordFile` which is achieved
with the `key` option.
The other secrets can be randomly generated with
`nix run nixpkgs#openssl -- rand -hex 64`.

View file

@ -138,7 +138,7 @@ in
};
# This should be using a contract instead of setting the option directly.
shb.lldap = lib.mkIf config.shb.ldap.enable {
shb.lldap = lib.mkIf config.shb.lldap.enable {
ensureGroups = { ${cfg.ldap.userGroup} = {}; };
};