nix/lib/modules/nixos/kanidm.nix

{
  # this is not ready for primetime yet
  # services.kanidm = {
  #   enableClient = true;
  #   enablePam = true;
  #   package = pkgs.kanidm;

  #   clientSettings.uri = "https://idm.h.lyte.dev";
  #   unixSettings = {
  #     # hsm_pin_path = "/somewhere/else";
  #     pam_allowed_login_groups = [];
  #   };
  # };
  # systemd.tmpfiles.rules = [
  #   "d /etc/kanidm 1755 nobody users -"
  # ];

  # module has the incorrect file permissions out of the box
  # environment.etc = {
  /*
    "kanidm" = {
    enable = true;
      user = "nobody";
      group = "users";
      mode = "0755";
    };
  */
  #   "kanidm/unixd" = {
  #     user = "kanidm-unixd";
  #     group = "kanidm-unixd";
  #     mode = "0700";
  #   };
  #   "kanidm/config" = {
  #     user = "nobody";
  #     group = "users";
  #     mode = "0755";
  #   };
  # };
}
Flake checks 2025-02-14 15:40:53 -06:00			`{`
			`# this is not ready for primetime yet`
			`# services.kanidm = {`
			`# enableClient = true;`
			`# enablePam = true;`
			`# package = pkgs.kanidm;`

			`# clientSettings.uri = "https://idm.h.lyte.dev";`
			`# unixSettings = {`
			`# # hsm_pin_path = "/somewhere/else";`
			`# pam_allowed_login_groups = [];`
			`# };`
			`# };`
			`# systemd.tmpfiles.rules = [`
			`# "d /etc/kanidm 1755 nobody users -"`
			`# ];`

			`# module has the incorrect file permissions out of the box`
			`# environment.etc = {`
			`/*`
			`"kanidm" = {`
			`enable = true;`
			`user = "nobody";`
			`group = "users";`
			`mode = "0755";`
			`};`
			`*/`
			`# "kanidm/unixd" = {`
			`# user = "kanidm-unixd";`
			`# group = "kanidm-unixd";`
			`# mode = "0700";`
			`# };`
			`# "kanidm/config" = {`
			`# user = "nobody";`
			`# group = "users";`
			`# mode = "0755";`
			`# };`
			`# };`
			`}`