lldap: update deprecated option
This commit is contained in:
parent
c0ab22eebd
commit
771e9758b0
3 changed files with 8 additions and 8 deletions
|
|
@ -22,8 +22,8 @@ shb.lldap = {
|
|||
jwtSecret.result = config.shb.sops.secret."lldap/jwt_secret".result;
|
||||
ldapUserPassword.result = config.shb.sops.secret."lldap/user_password".result;
|
||||
};
|
||||
shb.sops.secret."lldap/jwt_secret".request = config.shb.ldap.jwtSecret.request;
|
||||
shb.sops.secret."lldap/user_password".request = config.shb.ldap.ldapUserPassword.request;
|
||||
shb.sops.secret."lldap/jwt_secret".request = config.shb.lldap.jwtSecret.request;
|
||||
shb.sops.secret."lldap/user_password".request = config.shb.lldap.ldapUserPassword.request;
|
||||
```
|
||||
|
||||
This assumes secrets are setup with SOPS
|
||||
|
|
@ -41,7 +41,7 @@ shb.certs.certs.letsencrypt.${domain}.extraDomains = [
|
|||
"${config.shb.lldap.subdomain}.${config.shb.lldap.domain}"
|
||||
];
|
||||
|
||||
shb.ldap.ssl = config.shb.certs.certs.letsencrypt.${config.shb.lldap.domain};
|
||||
shb.lldap.ssl = config.shb.certs.certs.letsencrypt.${config.shb.lldap.domain};
|
||||
```
|
||||
|
||||
## Restrict Access By IP {#blocks-lldap-restrict-access-by-ip}
|
||||
|
|
@ -142,7 +142,7 @@ set [`shb.lldap.enforceUserMemberships`](#blocks-lldap-options-shb.lldap.enforce
|
|||
};
|
||||
|
||||
shb.sops.secret."dad".request =
|
||||
shb.ldap.ensureUsers.dad.password.request;
|
||||
shb.lldap.ensureUsers.dad.password.request;
|
||||
}
|
||||
```
|
||||
|
||||
|
|
|
|||
|
|
@ -92,8 +92,8 @@ Assuming it [has been set already][LLDAP block setup], add the following configu
|
|||
shb.jellyfin.ldap
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = config.shb.ldap.ldapPort;
|
||||
dcdomain = config.shb.ldap.dcdomain;
|
||||
port = config.shb.lldap.ldapPort;
|
||||
dcdomain = config.shb.lldap.dcdomain;
|
||||
adminPassword.result = config.shb.sops.secrets."jellyfin/ldap/adminPassword".result
|
||||
};
|
||||
|
||||
|
|
@ -104,7 +104,7 @@ shb.sops.secrets."jellyfin/ldap/adminPassword" = {
|
|||
```
|
||||
|
||||
The `shb.jellyfin.ldap.adminPasswordFile` must be the same
|
||||
as the `shb.ldap.ldapUserPasswordFile` which is achieved
|
||||
as the `shb.lldap.ldapUserPasswordFile` which is achieved
|
||||
with the `key` option.
|
||||
The other secrets can be randomly generated with
|
||||
`nix run nixpkgs#openssl -- rand -hex 64`.
|
||||
|
|
|
|||
|
|
@ -138,7 +138,7 @@ in
|
|||
};
|
||||
|
||||
# This should be using a contract instead of setting the option directly.
|
||||
shb.lldap = lib.mkIf config.shb.ldap.enable {
|
||||
shb.lldap = lib.mkIf config.shb.lldap.enable {
|
||||
ensureGroups = { ${cfg.ldap.userGroup} = {}; };
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue