peprolinbot/frues-clan
1
0
Fork 0
Code Issues Pull requests 1 Wiki Activity Actions
frues-clan/machines/beagle/modules/kanidm.nix
Pedro Rey Anca 7fceb61b5e
Some checks failed
Flake check / check (push) Failing after 22m34s
Details
Update `flake.lock` / update_lockfile (push) Has been cancelled
Details
Set up kanidm
2025-10-17 22:40:32 +02:00

32 lines
868 B
Nix
Raw Blame History

{pkgs, ...}: {
services.kanidm = {
enableServer = true;
enableClient = true;
package = pkgs.kanidm_1_7;
serverSettings = {
version = "2"; # Configuration file version.
origin = "https://idm.peprolinbot.com";
domain = "idm.peprolinbot.com";
bindaddress = "[::1]:8443";
ldapbindaddress = "[::]:636";
http_client_address_info.x-forward-for = ["::1"];
tls_chain = "/var/lib/kanidm/cert.pem";
tls_key = "/var/lib/kanidm/key.pem";
};
clientSettings = {
uri = "https://idm.peprolinbot.com";
};
};
security.acme.certs."idm.peprolinbot.com" = {
postRun = ''
cp -Lv {cert,key,chain}.pem /var/lib/kanidm/
chown kanidm:kanidm /var/lib/kanidm/{cert,key,chain}.pem
chmod 400 /var/lib/kanidm/{cert,key,chain}.pem
'';
reloadServices = ["kanidm.service"];
};
}
Reference in a new issue View git blame Copy permalink