make local network ip range optional for LDAP
This commit is contained in:
parent
50798a0f91
commit
8728df8732
1 changed files with 4 additions and 2 deletions
|
@ -46,9 +46,10 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
localNetworkIPRange = lib.mkOption {
|
localNetworkIPRange = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.nullOr lib.types.str;
|
||||||
description = "Local network range, to restrict access to the UI to only those IPs.";
|
description = "Local network range, to restrict access to the UI to only those IPs.";
|
||||||
example = "192.168.1.1/24";
|
example = "192.168.1.1/24";
|
||||||
|
default = null;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -79,9 +80,10 @@ in
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
'' + (if isNull cfg.localNetworkIPRange then "" else ''
|
||||||
allow ${cfg.localNetworkIPRange};
|
allow ${cfg.localNetworkIPRange};
|
||||||
deny all;
|
deny all;
|
||||||
'';
|
'');
|
||||||
proxyPass = "http://${toString config.services.lldap.settings.http_host}:${toString config.services.lldap.settings.http_port}/";
|
proxyPass = "http://${toString config.services.lldap.settings.http_host}:${toString config.services.lldap.settings.http_port}/";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue