DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Kanidm with nginx

Browse Source
This commit is contained in:
DerGrumpf
2026-05-15 10:47:39 +02:00
parent 8201bc4bf5
commit 94ddd0c3b6
2 changed files with 23 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixos/roles/kanidm.nix
+22 -16
View File
@@ -1,11 +1,7 @@
# FIRST TIME SETUP (after nixos-rebuild switch on cyper-controller):
# $ sudo kanidmd recover-account admin
# $ sudo kanidmd recover-account idm_admin
#
{ pkgs, ... }:
let
domain = "auth.cyperpunk.de";
port = 8443;
port = 8444;
certDir = "/var/lib/kanidm/tls";
in
{
@@ -35,23 +31,33 @@ in
};
services.kanidm = {
enableServer = true;
package = pkgs.kanidm_1_10;
serverSettings = {
inherit domain;
origin = "https://${domain}";
server = {
enable = true;
settings = {
inherit domain;
origin = "https://${domain}";
tls_chain = "${certDir}/cert.pem";
tls_key = "${certDir}/key.pem";
tls_chain = "${certDir}/cert.pem";
tls_key = "${certDir}/key.pem";
bindaddress = "0.0.0.0:${toString port}";
bindaddress = "0.0.0.0:${toString port}";
db_path = "/var/lib/kanidm/kanidm.db";
log_level = "info";
log_level = "info";
online_backup = {
versions = 7;
path = "/var/lib/kanidm/backups";
schedule = "00 22 * * *";
};
};
};
enableClient = true;
clientSettings.uri = "https://${domain}";
client = {
enable = true;
settings.uri = "https://${domain}";
};
};
networking.firewall.allowedTCPPorts = [ port ];
nixos/roles/nginx.nix
+1 -1
View File
@@ -59,7 +59,7 @@ in
"ngx.cyperpunk.de" = mkWsProxy 28101;
"vault.cyperpunk.de" = mkWsProxy 8222;
"calvin.cyperpunk.de" = mkWsProxy 15006;
"auth.cyperpunk.de" = mkHttpsProxy 8443;
"auth.cyperpunk.de" = mkHttpsProxy 8444;
"www.cyperpunk.de" = {
forceSSL = true;