tsuki: set up kanidm
This commit is contained in:
parent
72ec7c3f2c
commit
d5ae85092c
@ -11,6 +11,7 @@
|
||||
./services/hydra.nix
|
||||
# ./services/jitsi.nix
|
||||
./services/jupyter.nix
|
||||
./services/kanidm.nix
|
||||
# ./services/keycloak.nix
|
||||
./services/matrix
|
||||
./services/minecraft
|
||||
|
34
hosts/tsuki/services/kanidm.nix
Normal file
34
hosts/tsuki/services/kanidm.nix
Normal file
@ -0,0 +1,34 @@
|
||||
{ pkgs, config, ... }: let
|
||||
cfg = config.services.kanidm;
|
||||
in {
|
||||
systemd.services.kanidm = {
|
||||
requires = [ "acme-finished-${cfg.serverSettings.domain}.target" ];
|
||||
serviceConfig.LoadCredential = let
|
||||
certDir = config.security.acme.certs.${cfg.serverSettings.domain}.directory;
|
||||
in [
|
||||
"fullchain.pem:${certDir}/fullchain.pem"
|
||||
"key.pem:${certDir}/key.pem"
|
||||
];
|
||||
};
|
||||
|
||||
services.kanidm = {
|
||||
enableServer = true;
|
||||
# enablePAM = true;
|
||||
serverSettings = let
|
||||
credsDir = "/run/credentials/kanidm.service";
|
||||
in {
|
||||
origin = "https://${cfg.serverSettings.domain}";
|
||||
domain = "auth.nani.wtf";
|
||||
tls_chain = "${credsDir}/fullchain.pem";
|
||||
tls_key = "${credsDir}/key.pem";
|
||||
bindaddress = "localhost:8300";
|
||||
};
|
||||
};
|
||||
|
||||
environment = {
|
||||
systemPackages = [ pkgs.kanidm ];
|
||||
etc."kanidm/config".text = ''
|
||||
uri="https://auth.nani.wtf"
|
||||
'';
|
||||
};
|
||||
}
|
@ -109,7 +109,11 @@
|
||||
})
|
||||
(proxy ["dyn"] "http://localhost:${s ports.minecraft.dynmap}" {})
|
||||
(proxy ["osu"] "http://localhost:${s ports.osuchan}" {})
|
||||
(proxy ["vpn"] "http://localhost:${s ports.headscale}" {})
|
||||
(proxy ["auth"] "https://localhost:8300" {
|
||||
extraConfig = ''
|
||||
proxy_ssl_verify off;
|
||||
'';
|
||||
})
|
||||
(proxy ["hydra"] "http://localhost:${s ports.hydra}" {})
|
||||
] ++ (let
|
||||
stickerpickers = pkgs.callPackage ../matrix/maunium-stickerpicker.nix {
|
||||
|
Loading…
Reference in New Issue
Block a user