jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Add kanidm
Some checks failed
Check flake / build-amd64-linux (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Jordan Holt
2024-08-12 20:56:11 +01:00
parent 0cb2740a86
commit 413869266e
2 changed files with 48 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
hosts/vps1/default.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }:
{ config, lib, ... }:
{
imports = [
@ -37,10 +37,45 @@
groups = {
jellyfin = { };
};
extraGroups.acme.members = [ "kanidm" "nginx" ];
};
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
security.acme.certs."auth.vimium.com" = {
postRun = "systemctl restart kanidm.service";
group = "acme";
};
services.kanidm = let
baseDomain = "vimium.com";
domain = "auth.${baseDomain}";
uri = "https://${domain}";
in {
enableClient = true;
enableServer = true;
clientSettings = {
inherit uri;
};
serverSettings = {
bindaddress = "[::1]:3013";
domain = baseDomain;
origin = uri;
tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem";
};
};
services.nginx.virtualHosts = {
"auth.vimium.com" = {
useACMEHost = "auth.vimium.com";
forceSSL = true;
locations."/" = {
proxyPass = "https://[::1]:3013";
};
};
};
modules = rec {
databases.postgresql.enable = true;
services = {