+ </Proxy>
+ '' ];
+ };
+
+ secrets.keys = [
+ {
+ dest = "webapps/surfer";
+ permissions = "0400";
+ user = "wwwrun";
+ group = "wwwrun";
+ text = ''
+ CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
+ CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+ TOKENSTORE_FILE=/var/lib/surfer/tokens.json
+ CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
+ CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
+ CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+ CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
+ LISTEN=/run/surfer/listen.sock
+ '';
+ }
+ ];
+
+ systemd.services.surfer = {
+ description = "Surfer";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];