beagle: kanidm: configure clan states

2025-12-06 13:14:46 +01:00 · 2025-12-06 13:14:46 +01:00 · 6da5d909f0
commit 6da5d909f0
parent 877bf6e204
1 changed files with 46 additions and 3 deletions
--- a/machines/beagle/modules/kanidm.nix
+++ b/machines/beagle/modules/kanidm.nix
@ -1,4 +1,10 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
  services.kanidm = {
    enableServer = true;
    enableClient = true;
@ -29,4 +35,41 @@
    '';
    reloadServices = [ "kanidm.service" ];
  };
+
+  clan.core.state.kanidm = {
+    folders = [ "/var/backup/kanidm" ];
+
+    preBackupScript = ''
+      export PATH=${
+        lib.makeBinPath [
+          pkgs.coreutils
+          config.services.kanidm.package
+        ]
+      }
+
+      mkdir -p /var/backup/kanidm
+
+      kanidmd database backup /var/backup/kanidm/backup.json
+    '';
+
+    postRestoreScript = ''
+      export PATH=${
+        lib.makeBinPath [
+          config.systemd.package
+          pkgs.coreutils
+          config.services.kanidm.package
+        ]
+      }
+
+      service_status="$(systemctl is-active kanidm)"
+
+      systemctl stop kanidm
+
+      kanidmd database restore /var/backup/kanidm/backup.json
+
+      if [ "$service_status" = "active" ]; then
+        systemctl start kanidm
+      fi
+    '';
+  };
 }