Adding kanidm

hosts/zora/default.nix

@@ -8,11 +8,13 @@
       ./hardware.nix
       ./networking.nix
       # ./disko-config.nix
+      ./reverse-proxy.nix
 
       ../../users/lyes
 
       ../../modules
       ../../modules/server
+      ../../modules/server/idm
 
       # disko.nixosModules.disko
       agenix.nixosModules.default

hosts/zora/hardware-configuration.nix

@@ -42,6 +42,12 @@
       options = [ "subvol=root" ];
     };
 
+  fileSystems."/var/data" =
+    { device = "/dev/md127";
+      fsType = "btrfs";
+      options = [ ];
+    };
+
   swapDevices = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

hosts/zora/reverse-proxy.nix

@@ -0,0 +1,24 @@
+{ config, ... }:
+
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "security@lyes.eu";
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = {
+      "auth.lyes.eu" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "https://${config.services.kanidm.serverSettings.bindaddress}";
+        };
+      };
+    };
+  };
+}