mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 21:09:00 +02:00
d54d70f166
Suppose you want to provide a LDAP-based directory search to your homeserver via a service-user with a bind-password. To make sure that this doesn't end up in the Nix store, it's now possible to set a substitute for the bindPassword like services.mxisd.extraConfig.ldap.connection = { # host, bindDn etc. bindPassword = "$LDAP_BIND_PW"; }; and write the actual secret into an environment file that's readable for `mxisd.service` containing LDAP_BIND_PW=<your secret bind pw> and the following setting in the Nix expression: services.mxisd.environmentFile = "/runs/ecrets/mxisd"; (cherry picked from commit aa25ce7aa1a89618e4257fd46c7d20879f54c728) |
||
---|---|---|
.. | ||
config | ||
hardware | ||
i18n/input-method | ||
installer | ||
misc | ||
profiles | ||
programs | ||
security | ||
services | ||
system | ||
tasks | ||
testing | ||
virtualisation | ||
module-list.nix | ||
rename.nix |