From 8728df8732aafb86d80ff0c321766f5397d18bb5 Mon Sep 17 00:00:00 2001
From: ibizaman <ibizapeanut@gmail.com>
Date: Fri, 17 Nov 2023 22:52:29 -0800
Subject: [PATCH] make local network ip range optional for LDAP

---
 modules/ldap.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/ldap.nix b/modules/ldap.nix
index bc29800..fa1d704 100644
--- a/modules/ldap.nix
+++ b/modules/ldap.nix
@@ -46,9 +46,10 @@ in
     };
 
     localNetworkIPRange = lib.mkOption {
-      type = lib.types.str;
+      type = lib.types.nullOr lib.types.str;
       description = "Local network range, to restrict access to the UI to only those IPs.";
       example = "192.168.1.1/24";
+      default = null;
     };
   };
 
@@ -79,9 +80,10 @@ in
         locations."/" = {
           extraConfig = ''
             proxy_set_header Host $host;
+          '' + (if isNull cfg.localNetworkIPRange then "" else ''
             allow ${cfg.localNetworkIPRange};
             deny all;
-          '';
+          '');
           proxyPass = "http://${toString config.services.lldap.settings.http_host}:${toString config.services.lldap.settings.http_port}/";
         };
       };