Adding kanidm

2025-10-12 23:42:31 +02:00 · 2025-10-12 23:42:31 +02:00 · b25c686151
commit b25c686151
parent 630f7f6d68
9 changed files with 95 additions and 8 deletions
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@ -6,6 +6,7 @@
  boot.swraid = {
    enable = true;
    mdadmConf = ''
+      MAILADDR root@lyes.eu
      DEVICE partitions
    '';
  };
--- a/modules/server/link/default.nix
+++ b/modules/server/link/default.nix
@ -0,0 +1,40 @@
+{ config, pkgs }:
+
+let
+  hostname = "auth.${config.networking.domain}";
+  port = "44300";
+in
+{
+  services.kanidm = {
+    package = pkgs.kanidmWithSecretProvisioning_1_7;
+
+    enableServer = true;
+    serverSettings = {
+      bindaddress = "127.0.0.1:${port}";
+      ldapbindaddress = "0.0.0.0:636";
+      domain = hostname;
+      origin = "https://${hostname}";
+      tls_chain = "/var/lib/acme/${hostname}/cert.pem";
+      tls_key = "/var/lib/acme/${hostname}/key.pem";
+
+      online_backup = {
+        path = "/var/data/backups/kanidm";
+        schedule = "00 06 * * *";
+        versions = 5;
+      };
+    };
+
+    enableClient = true;
+
+    clientSettings = {
+      uri = "https://127.0.0.1:${port}";
+      verify_ca = false;
+    };
+
+    provision = {
+      enable = true;
+      adminPasswordFile = config.age.secrets.kanidm-admin-password.path;
+      idmAdminPasswordFile = config.age.secrets.kanidm-idm-admin-password.path;
+    };
+  };
+}