Changed lldap to kanidm configuration

hosts/v-th-ctr-01/home.nix

@@ -40,6 +40,7 @@
 
         nginx.enable = true;
         caddy.enable = true;
+        kanidm.enable = true;
       };
     };
 

modules/home/containers/auth.nix

@@ -1,34 +0,0 @@
-{ config, lib, ... }:
-
-with lib;
-
-let
-  cfg = config.settings.containers.nginx;
-in {
-  options = {
-    settings.containers.auth.enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = ''
-        Enable authelia and lldap container
-      '';
-    };
-  };
-
-  config = mkIf cfg.enable {
-    services.podman.containers.lldap = {
-      image = "lldap/lldap:stable";
-      network = "proxy";
-      volumes = [
-        "%h/containers/lldap/data:/data"
-      ];
-      environment = {
-        TZ = "Europe/Amsterdam";
-        LLDAP_JWT_SECRET = "";
-        LLDAP_KEY_SEED = "";
-        LLDAP_LDAP_BASE_DN = "dc=tbmrs,dc=nl";
-        LLDAP_LDAP_USER_PASS= "changeme!";
-      };
-    };
-  };
-}

modules/home/containers/caddy.nix

@@ -42,9 +42,9 @@ in {
           respond "Hello there"
         }
 
-        @lldap host ldap.tbmrs.nl
+        @kanidm host auth.tbmrs.nl
-        handle @lldap {
+        handle @kanidm {
-          reverse_proxy lldap:17170
+          reverse_proxy https://auth.tbmrs.nl:8443
         }
       }
     '';

modules/home/containers/kanidm.nix

@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.nginx;
+in {
+  options = {
+    settings.containers.kanidm.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable kanidm container
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.containers.kanidm = {
+      image = "kanidm/server:latest";
+      network = "proxy";
+      networkAlias = [
+        "auth.tbmrs.nl"
+      ];
+      volumes = [
+        "%h/containers/kanidm/data:/data"
+        "%h/containers/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.tbmrs.nl:/data/keys"
+      ];
+      environment = {
+        KANIDM_VERSION = "2";
+        KANIDM_BINDADDRESS = "[::]:8443";
+        KANIDM_DB_PATH = "/data/kanidm.db";
+        KANIDM_TLS_CHAIN = "/data/keys/wildcard_.tbmrs.nl.crt";
+        KANIDM_TLS_KEY = "/data/keys/wildcard_.tbmrs.nl.key";
+        KANIDM_DOMAIN = "auth.tbmrs.nl";
+        KANIDM_ORIGIN = "https://auth.tbmrs.nl";
+      };
+    };
+  };
+}

modules/home/default.nix

@@ -24,8 +24,8 @@
 
     ./containers/network.nix
 
-    ./containers/auth.nix
     ./containers/caddy.nix
+    ./containers/kanidm.nix
     ./containers/nginx.nix
   ];
 }