Changed lldap to kanidm configuration

2025-04-26 14:09:34 +02:00 · 2025-04-26 14:09:34 +02:00 · 4788bd8cd4
commit 4788bd8cd4
parent af39ac1be4
5 changed files with 45 additions and 38 deletions
--- a/hosts/v-th-ctr-01/home.nix
+++ b/hosts/v-th-ctr-01/home.nix
@ -40,6 +40,7 @@

        nginx.enable = true;
        caddy.enable = true;
+        kanidm.enable = true;
      };
    };

--- a/modules/home/containers/auth.nix
+++ b/modules/home/containers/auth.nix
@ -1,34 +0,0 @@
-{ config, lib, ... }:
-
-with lib;
-
-let
-  cfg = config.settings.containers.nginx;
-in {
-  options = {
-    settings.containers.auth.enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = ''
-        Enable authelia and lldap container
-      '';
-    };
-  };
-
-  config = mkIf cfg.enable {
-    services.podman.containers.lldap = {
-      image = "lldap/lldap:stable";
-      network = "proxy";
-      volumes = [
-        "%h/containers/lldap/data:/data"
-      ];
-      environment = {
-        TZ = "Europe/Amsterdam";
-        LLDAP_JWT_SECRET = "";
-        LLDAP_KEY_SEED = "";
-        LLDAP_LDAP_BASE_DN = "dc=tbmrs,dc=nl";
-        LLDAP_LDAP_USER_PASS= "changeme!";
-      };
-    };
-  };
-}
--- a/modules/home/containers/caddy.nix
+++ b/modules/home/containers/caddy.nix
@ -42,9 +42,9 @@ in {
          respond "Hello there"
        }

-        @lldap host ldap.tbmrs.nl
-        handle @lldap {
-          reverse_proxy lldap:17170
+        @kanidm host auth.tbmrs.nl
+        handle @kanidm {
+          reverse_proxy https://auth.tbmrs.nl:8443
        }
      }
    '';
--- a/modules/home/containers/kanidm.nix
+++ b/modules/home/containers/kanidm.nix
@ -0,0 +1,40 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.nginx;
+in {
+  options = {
+    settings.containers.kanidm.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable kanidm container
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.containers.kanidm = {
+      image = "kanidm/server:latest";
+      network = "proxy";
+      networkAlias = [
+        "auth.tbmrs.nl"
+      ];
+      volumes = [
+        "%h/containers/kanidm/data:/data"
+        "%h/containers/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.tbmrs.nl:/data/keys"
+      ];
+      environment = {
+        KANIDM_VERSION = "2";
+        KANIDM_BINDADDRESS = "[::]:8443";
+        KANIDM_DB_PATH = "/data/kanidm.db";
+        KANIDM_TLS_CHAIN = "/data/keys/wildcard_.tbmrs.nl.crt";
+        KANIDM_TLS_KEY = "/data/keys/wildcard_.tbmrs.nl.key";
+        KANIDM_DOMAIN = "auth.tbmrs.nl";
+        KANIDM_ORIGIN = "https://auth.tbmrs.nl";
+      };
+    };
+  };
+}
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@ -24,8 +24,8 @@

    ./containers/network.nix

-    ./containers/auth.nix
    ./containers/caddy.nix
+    ./containers/kanidm.nix
    ./containers/nginx.nix
  ];
 }