mirror of
https://github.com/JulienMalka/snowfield.git
synced 2025-03-25 21:30:52 +01:00
31 lines
743 B
Nix
31 lines
743 B
Nix
{ pkgs, config, ... }:
|
|
let
|
|
certificate = config.security.acme.certs."auth.luj.fr";
|
|
in
|
|
{
|
|
services.kanidm = {
|
|
enableServer = true;
|
|
package = pkgs.kanidm_1_4;
|
|
serverSettings = rec {
|
|
domain = "auth.luj.fr";
|
|
origin = "https://${domain}";
|
|
bindaddress = "127.0.0.1:8443";
|
|
trust_x_forward_for = true;
|
|
tls_chain = "${certificate.directory}/fullchain.pem";
|
|
tls_key = "${certificate.directory}/key.pem";
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = [ pkgs.kanidm_1_4 ];
|
|
|
|
users.users.kanidm.extraGroups = [ certificate.group ];
|
|
|
|
services.nginx.virtualHosts."auth.luj.fr" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "https://127.0.0.1:8443";
|
|
};
|
|
};
|
|
|
|
}
|