summaryrefslogtreecommitdiff
path: root/modules/nixos/mixins/kanidm.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/mixins/kanidm.nix')
-rw-r--r--modules/nixos/mixins/kanidm.nix37
1 files changed, 37 insertions, 0 deletions
diff --git a/modules/nixos/mixins/kanidm.nix b/modules/nixos/mixins/kanidm.nix
new file mode 100644
index 0000000..09730e0
--- /dev/null
+++ b/modules/nixos/mixins/kanidm.nix
@@ -0,0 +1,37 @@
+{ config, lib, ... }:
+
+let
+ kanidmCfg = config.services.kanidm;
+ certDirectory = config.security.acme.certs.${kanidmCfg.serverSettings.domain}.directory;
+in
+
+{
+ config = lib.mkMerge [
+ {
+ services.kanidm = {
+ clientSettings = {
+ uri = lib.mkDefault kanidmCfg.serverSettings.origin;
+ };
+
+ serverSettings = {
+ tls_chain = certDirectory + "/fullchain.pem";
+ tls_key = certDirectory + "/key.pem";
+ domain = lib.mkDefault ("auth." + config.networking.domain);
+ origin = lib.mkDefault ("https://" + config.services.kanidm.serverSettings.domain);
+
+ online_backups = {
+ versions = lib.mkDefault 7; # Keep a week's worth of backups
+ };
+ };
+ };
+ }
+
+ (lib.mkIf kanidmCfg.enableServer {
+ services.nginx.virtualHosts.${kanidmCfg.serverSettings.domain} = {
+ locations."/" = {
+ proxyPass = kanidmCfg.serverSettings.bindaddress;
+ };
+ };
+ })
+ ];
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 15:30:43 +0000