luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-06-08 10:09:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(core-security): init kanidm

Browse source
This commit is contained in:
Luj 2024-12-21 10:38:58 +01:00
parent 7fad180d17
commit 932d147110
Signed by: luj
GPG key ID: 6FC74C847011FD83
3 changed files with 35 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
machines/core-security/default.nix
View file

@ -11,6 +11,7 @@
imports = [
./hardware.nix
./home-julien.nix
./kanidm.nix
];
machine.meta = {

31
machines/core-security/kanidm.nix Normal file
View file

@ -0,0 +1,31 @@
{ pkgs, config, ... }:
let
certificate = config.security.acme.certs."auth.luj.fr";
in
{
services.kanidm = {
enableServer = true;
package = pkgs.kanidm_1_4;
serverSettings = rec {
domain = "auth.luj.fr";
origin = "https://${domain}";
bindaddress = "127.0.0.1:8443";
trust_x_forward_for = true;
tls_chain = "${certificate.directory}/fullchain.pem";
tls_key = "${certificate.directory}/key.pem";
};
};
environment.systemPackages = [ pkgs.kanidm_1_4 ];
users.users.kanidm.extraGroups = [ certificate.group ];
services.nginx.virtualHosts."auth.luj.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "https://127.0.0.1:8443";
};
};
}