mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 21:09:00 +02:00
d54d70f166
Suppose you want to provide a LDAP-based directory search to your
homeserver via a service-user with a bind-password. To make sure that
this doesn't end up in the Nix store, it's now possible to set a
substitute for the bindPassword like
services.mxisd.extraConfig.ldap.connection = {
# host, bindDn etc.
bindPassword = "$LDAP_BIND_PW";
};
and write the actual secret into an environment file that's readable for
`mxisd.service` containing
LDAP_BIND_PW=<your secret bind pw>
and the following setting in the Nix expression:
services.mxisd.environmentFile = "/runs/ecrets/mxisd";
(cherry picked from commit aa25ce7aa1a89618e4257fd46c7d20879f54c728)
|
||
|---|---|---|
| .. | ||
| config | ||
| hardware | ||
| i18n/input-method | ||
| installer | ||
| misc | ||
| profiles | ||
| programs | ||
| security | ||
| services | ||
| system | ||
| tasks | ||
| testing | ||
| virtualisation | ||
| module-list.nix | ||
| rename.nix | ||