peprolinbot/frues-clan
1
0
Fork 0
Code Issues Pull requests 1 Wiki Activity Actions

beagle: kanidm: configure clan states

Browse source
This commit is contained in:
Pedro Rey Anca 2025-12-06 13:14:46 +01:00
parent 877bf6e204
commit 6da5d909f0
Signed by: peprolinbot
GPG key ID: 053EA6E00116533A
1 changed files with 46 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

49
machines/beagle/modules/kanidm.nix
View file

@ -1,4 +1,10 @@
{pkgs, ...}: { {
pkgs,
lib,
config,
...
}:
{
services.kanidm = { services.kanidm = {
enableServer = true; enableServer = true;
enableClient = true; enableClient = true;
@ -11,7 +17,7 @@
domain = "idm.peprolinbot.com"; domain = "idm.peprolinbot.com";
bindaddress = "[::1]:8443"; bindaddress = "[::1]:8443";
ldapbindaddress = "[::]:636"; ldapbindaddress = "[::]:636";
http_client_address_info.x-forward-for = ["::1"]; http_client_address_info.x-forward-for = [ "::1" ];
tls_chain = "/var/lib/kanidm/cert.pem"; tls_chain = "/var/lib/kanidm/cert.pem";
tls_key = "/var/lib/kanidm/key.pem"; tls_key = "/var/lib/kanidm/key.pem";
}; };
@ -27,6 +33,43 @@
chown kanidm:kanidm /var/lib/kanidm/{cert,key,chain}.pem chown kanidm:kanidm /var/lib/kanidm/{cert,key,chain}.pem
chmod 400 /var/lib/kanidm/{cert,key,chain}.pem chmod 400 /var/lib/kanidm/{cert,key,chain}.pem
''; '';
reloadServices = ["kanidm.service"]; reloadServices = [ "kanidm.service" ];
};
clan.core.state.kanidm = {
folders = [ "/var/backup/kanidm" ];
preBackupScript = ''
export PATH=${
lib.makeBinPath [
pkgs.coreutils
config.services.kanidm.package
]
}
mkdir -p /var/backup/kanidm
kanidmd database backup /var/backup/kanidm/backup.json
'';
postRestoreScript = ''
export PATH=${
lib.makeBinPath [
config.systemd.package
pkgs.coreutils
config.services.kanidm.package
]
}
service_status="$(systemctl is-active kanidm)"
systemctl stop kanidm
kanidmd database restore /var/backup/kanidm/backup.json
if [ "$service_status" = "active" ]; then
systemctl start kanidm
fi
'';
}; };
} }