From 94ddd0c3b652285971015103d7368ab9bcc09776 Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Fri, 15 May 2026 10:47:39 +0200 Subject: [PATCH] Added Kanidm with nginx --- nixos/roles/kanidm.nix | 38 ++++++++++++++++++++++---------------- nixos/roles/nginx.nix | 2 +- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/nixos/roles/kanidm.nix b/nixos/roles/kanidm.nix index 57868d7..a4b73c4 100644 --- a/nixos/roles/kanidm.nix +++ b/nixos/roles/kanidm.nix @@ -1,11 +1,7 @@ -# FIRST TIME SETUP (after nixos-rebuild switch on cyper-controller): -# $ sudo kanidmd recover-account admin -# $ sudo kanidmd recover-account idm_admin -# { pkgs, ... }: let domain = "auth.cyperpunk.de"; - port = 8443; + port = 8444; certDir = "/var/lib/kanidm/tls"; in { @@ -35,23 +31,33 @@ in }; services.kanidm = { - enableServer = true; + package = pkgs.kanidm_1_10; - serverSettings = { - inherit domain; - origin = "https://${domain}"; + server = { + enable = true; + settings = { + inherit domain; + origin = "https://${domain}"; - tls_chain = "${certDir}/cert.pem"; - tls_key = "${certDir}/key.pem"; + tls_chain = "${certDir}/cert.pem"; + tls_key = "${certDir}/key.pem"; - bindaddress = "0.0.0.0:${toString port}"; + bindaddress = "0.0.0.0:${toString port}"; - db_path = "/var/lib/kanidm/kanidm.db"; - log_level = "info"; + log_level = "info"; + + online_backup = { + versions = 7; + path = "/var/lib/kanidm/backups"; + schedule = "00 22 * * *"; + }; + }; }; - enableClient = true; - clientSettings.uri = "https://${domain}"; + client = { + enable = true; + settings.uri = "https://${domain}"; + }; }; networking.firewall.allowedTCPPorts = [ port ]; diff --git a/nixos/roles/nginx.nix b/nixos/roles/nginx.nix index 68e8343..ff8e765 100644 --- a/nixos/roles/nginx.nix +++ b/nixos/roles/nginx.nix @@ -59,7 +59,7 @@ in "ngx.cyperpunk.de" = mkWsProxy 28101; "vault.cyperpunk.de" = mkWsProxy 8222; "calvin.cyperpunk.de" = mkWsProxy 15006; - "auth.cyperpunk.de" = mkHttpsProxy 8443; + "auth.cyperpunk.de" = mkHttpsProxy 8444; "www.cyperpunk.de" = { forceSSL = true;