diff --git a/nix/devShells.nix b/nix/devShells.nix index f55f056..aa4eda5 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -83,7 +83,7 @@ screen - inputs'.nixpkgs-kanidm.legacyPackages.kanidm + inputs'.nixpkgs-unstable.legacyPackages.kanidm ]; # Set Environment Variables diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index b20fa28..10bc091 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -23,6 +23,12 @@ in system, ... }: + let + nixpkgs-kanidm = + # nodeFlake.inputs.nixpkgs-kanidm + nodeFlake.inputs.nixpkgs-unstable + ; + in { system.stateVersion = "22.05"; # Did you read the comment? @@ -33,7 +39,7 @@ in imports = [ "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/misc/forgejo.nix" - "${repoFlake.inputs.nixpkgs-kanidm}/nixos/modules/services/security/kanidm.nix" + "${nixpkgs-kanidm}/nixos/modules/services/security/kanidm.nix" ../profiles/containers/configuration.nix @@ -313,6 +319,7 @@ in systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false; # combine a path watcher with a service that transfers the certs by caddy to kanidm + # TODO: had an issue where the certificate in kanidm was expired, despite caddy having a refreshed certificate systemd.paths.kanidm-tls-watch = { enable = true; requiredBy = [ "kanidm.service" ]; @@ -389,7 +396,7 @@ in dataDir = "/var/lib/kanidm"; in { - package = repoFlake.inputs.nixpkgs-kanidm.legacyPackages.${pkgs.system}.kanidm; + package = nixpkgs-kanidm.legacyPackages.${pkgs.system}.kanidm; enablePam = false; enableClient = false; @@ -402,7 +409,6 @@ in domain = "kanidm.${domain}"; origin = "https://kanidm.${domain}"; - db_path = "${dataDir}/db/kanidm.db"; bindaddress = "127.0.0.1:8444";