41 lines
1.0 KiB
Nix
41 lines
1.0 KiB
Nix
{ config, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.settings.containers.nginx;
|
|
in {
|
|
options = {
|
|
settings.containers.kanidm.enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = ''
|
|
Enable kanidm container
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.podman.containers.kanidm = {
|
|
image = "kanidm/server:latest";
|
|
network = "proxy";
|
|
networkAlias = [
|
|
"auth.tbmrs.nl"
|
|
];
|
|
volumes = [
|
|
"%h/containers/kanidm/data:/data"
|
|
"%h/containers/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.tbmrs.nl:/data/keys"
|
|
];
|
|
environment = {
|
|
KANIDM_VERSION = "2";
|
|
KANIDM_BINDADDRESS = "[::]:443";
|
|
KANIDM_DB_PATH = "/data/kanidm.db";
|
|
KANIDM_TLS_CHAIN = "/data/keys/wildcard_.tbmrs.nl.crt";
|
|
KANIDM_TLS_KEY = "/data/keys/wildcard_.tbmrs.nl.key";
|
|
KANIDM_DOMAIN = "auth.tbmrs.nl";
|
|
KANIDM_ORIGIN = "https://auth.tbmrs.nl";
|
|
};
|
|
};
|
|
};
|
|
}
|