oysteikt
/
nix-dotfiles
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nix-dotfiles/hosts/tsuki/services/kanidm.nix

45 lines
1.2 KiB
Nix
Raw Blame History

{ pkgs, config, ... }: let
cfg = config.services.kanidm;
in {
systemd.services.kanidm = let
certName = config.services.nginx.virtualHosts.${cfg.serverSettings.domain}.useACMEHost;
in {
requires = [ "acme-finished-${certName}.target" ];
serviceConfig.LoadCredential = let
certDir = config.security.acme.certs.${certName}.directory;
in [
"fullchain.pem:${certDir}/fullchain.pem"
"key.pem:${certDir}/key.pem"
];
serviceConfig.BindPaths = [
cfg.serverSettings.online_backup.path
];
};
services.kanidm = {
enableServer = true;
# enablePAM = true;
serverSettings = let
credsDir = "/run/credentials/kanidm.service";
in {
origin = "https://${cfg.serverSettings.domain}";
domain = "auth.nani.wtf";
tls_chain = "${credsDir}/fullchain.pem";
tls_key = "${credsDir}/key.pem";
bindaddress = "127.0.0.1:8300";
online_backup = {
path = "/data/backup/kanidm";
schedule = "00 22 * * *";
versions = 10;
};
};
};
environment = {
systemPackages = [ pkgs.kanidm ];
etc."kanidm/config".text = ''
uri="https://auth.nani.wtf"
'';
};
}
Reference in New Issue View Git Blame Copy Permalink