steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat: use kanidm from nixpkgs-unstable

Browse source
This commit is contained in:
steveej 2025-03-29 15:27:14 +01:00
parent d7ba491388
commit f251fa81a1
2 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nix/devShells.nix
View file

@ -83,7 +83,7 @@
screen screen
inputs'.nixpkgs-kanidm.legacyPackages.kanidm inputs'.nixpkgs-unstable.legacyPackages.kanidm
]; ];
# Set Environment Variables # Set Environment Variables

12
nix/os/containers/webserver.nix
View file

@ -23,6 +23,12 @@ in
system, system,
... ...
}: }:
let
nixpkgs-kanidm =
# nodeFlake.inputs.nixpkgs-kanidm
nodeFlake.inputs.nixpkgs-unstable
;
in
{ {
system.stateVersion = "22.05"; # Did you read the comment? system.stateVersion = "22.05"; # Did you read the comment?
@ -33,7 +39,7 @@ in
imports = [ imports = [
"${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/misc/forgejo.nix" "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/misc/forgejo.nix"
"${repoFlake.inputs.nixpkgs-kanidm}/nixos/modules/services/security/kanidm.nix" "${nixpkgs-kanidm}/nixos/modules/services/security/kanidm.nix"
../profiles/containers/configuration.nix ../profiles/containers/configuration.nix
@ -313,6 +319,7 @@ in
systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false; systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false;
# combine a path watcher with a service that transfers the certs by caddy to kanidm # combine a path watcher with a service that transfers the certs by caddy to kanidm
# TODO: had an issue where the certificate in kanidm was expired, despite caddy having a refreshed certificate
systemd.paths.kanidm-tls-watch = { systemd.paths.kanidm-tls-watch = {
enable = true; enable = true;
requiredBy = [ "kanidm.service" ]; requiredBy = [ "kanidm.service" ];
@ -389,7 +396,7 @@ in
dataDir = "/var/lib/kanidm"; dataDir = "/var/lib/kanidm";
in in
{ {
package = repoFlake.inputs.nixpkgs-kanidm.legacyPackages.${pkgs.system}.kanidm; package = nixpkgs-kanidm.legacyPackages.${pkgs.system}.kanidm;
enablePam = false; enablePam = false;
enableClient = false; enableClient = false;
@ -402,7 +409,6 @@ in
domain = "kanidm.${domain}"; domain = "kanidm.${domain}";
origin = "https://kanidm.${domain}"; origin = "https://kanidm.${domain}";
db_path = "${dataDir}/db/kanidm.db";
bindaddress = "127.0.0.1:8444"; bindaddress = "127.0.0.1:8444";