Changed lldap to kanidm configuration

2025-04-26 14:09:34 +02:00
parent af39ac1be4
commit 4788bd8cd4
5 changed files with 45 additions and 38 deletions
--- a/modules/home/containers/kanidm.nix
+++ b/modules/home/containers/kanidm.nix
@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.nginx;
+in {
+  options = {
+    settings.containers.kanidm.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable kanidm container
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.containers.kanidm = {
+      image = "kanidm/server:latest";
+      network = "proxy";
+      networkAlias = [
+        "auth.tbmrs.nl"
+      ];
+      volumes = [
+        "%h/containers/kanidm/data:/data"
+        "%h/containers/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.tbmrs.nl:/data/keys"
+      ];
+      environment = {
+        KANIDM_VERSION = "2";
+        KANIDM_BINDADDRESS = "[::]:8443";
+        KANIDM_DB_PATH = "/data/kanidm.db";
+        KANIDM_TLS_CHAIN = "/data/keys/wildcard_.tbmrs.nl.crt";
+        KANIDM_TLS_KEY = "/data/keys/wildcard_.tbmrs.nl.key";
+        KANIDM_DOMAIN = "auth.tbmrs.nl";
+        KANIDM_ORIGIN = "https://auth.tbmrs.nl";
+      };
+    };
+  };
+}