kanidm client working
This commit is contained in:
parent
078f29bcbe
commit
2a14742b5a
2 changed files with 37 additions and 0 deletions
|
@ -103,6 +103,7 @@
|
||||||
|
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
# tools I use when editing nix code
|
# tools I use when editing nix code
|
||||||
|
kanidm
|
||||||
nil
|
nil
|
||||||
alejandra
|
alejandra
|
||||||
gnupg
|
gnupg
|
||||||
|
|
|
@ -927,6 +927,42 @@
|
||||||
root
|
root
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.kanidm = {
|
||||||
|
enableClient = true;
|
||||||
|
enablePam = true;
|
||||||
|
package = pkgs.kanidm;
|
||||||
|
|
||||||
|
clientSettings.uri = "https://idm.h.lyte.dev";
|
||||||
|
unixSettings = {
|
||||||
|
# hsm_pin_path = "/somewhere/else";
|
||||||
|
pam_allowed_login_groups = [];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /etc/kanidm 1755 nobody users -"
|
||||||
|
];
|
||||||
|
|
||||||
|
# module has the incorrect file permissions out of the box
|
||||||
|
environment.etc = {
|
||||||
|
# "kanidm" = {
|
||||||
|
# enable = true;
|
||||||
|
# user = "nobody";
|
||||||
|
# group = "users";
|
||||||
|
# mode = "0755";
|
||||||
|
# };
|
||||||
|
"kanidm/unixd" = {
|
||||||
|
user = "kanidm-unixd";
|
||||||
|
group = "kanidm-unixd";
|
||||||
|
mode = "0700";
|
||||||
|
};
|
||||||
|
"kanidm/config" = {
|
||||||
|
user = "nobody";
|
||||||
|
group = "users";
|
||||||
|
mode = "0755";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
programs.gnupg.agent = {
|
programs.gnupg.agent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
pinentryPackage = lib.mkDefault pkgs.pinentry-tty;
|
pinentryPackage = lib.mkDefault pkgs.pinentry-tty;
|
||||||
|
|
Loading…
Reference in a new issue