1
0
Fork 0

make local network ip range optional for LDAP

This commit is contained in:
ibizaman 2023-11-17 22:52:29 -08:00 committed by Pierre Penninckx
parent 50798a0f91
commit 8728df8732

View file

@ -46,9 +46,10 @@ in
}; };
localNetworkIPRange = lib.mkOption { localNetworkIPRange = lib.mkOption {
type = lib.types.str; type = lib.types.nullOr lib.types.str;
description = "Local network range, to restrict access to the UI to only those IPs."; description = "Local network range, to restrict access to the UI to only those IPs.";
example = "192.168.1.1/24"; example = "192.168.1.1/24";
default = null;
}; };
}; };
@ -79,9 +80,10 @@ in
locations."/" = { locations."/" = {
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
'' + (if isNull cfg.localNetworkIPRange then "" else ''
allow ${cfg.localNetworkIPRange}; allow ${cfg.localNetworkIPRange};
deny all; deny all;
''; '');
proxyPass = "http://${toString config.services.lldap.settings.http_host}:${toString config.services.lldap.settings.http_port}/"; proxyPass = "http://${toString config.services.lldap.settings.http_host}:${toString config.services.lldap.settings.http_port}/";
}; };
}; };