lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

WIP kanidm

Browse source
This commit is contained in:
Daniel Flanagan 2024-08-06 10:33:09 -05:00
parent ab03e929d4
commit e356a7ccba
5 changed files with 14 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/nixos/kanidm/client.toml
View file

@ -1,2 +0,0 @@
uri = "https://idm.foxtrot.hare-cod.ts.net:8443"
ca_path = "/tmp/cert.pem"

BIN
modules/nixos/kanidm/kanidm.db
View file

Binary file not shown.

10
modules/nixos/kanidm/server.toml
View file

@ -1,10 +0,0 @@
bindaddress = "[::]:8443"
db_path = "/home/daniel/code/nix/modules/nixos/kanidm/kanidm.db"
tls_chain = "/tmp/cert.pem"
tls_key = "/tmp/key.pem"
domain = "idm.foxtrot.hare-cod.ts.net"
origin = "https://idm.foxtrot.hare-cod.ts.net:8443"
[online_backup]
path = "/tmp/kanidm/backups/"
schedule = "00 22 * * *"

16
nixos/beefcake.nix
View file

@ -447,7 +447,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
users.groups.daniel.members = ["daniel"]; users.groups.daniel.members = ["daniel"];
users.groups.nixadmin.members = ["daniel"]; users.groups.nixadmin.members = ["daniel"];
users.users.daniel = { users.users.daniel = {
packages = [pkgs.weechat];
extraGroups = [ extraGroups = [
"nixadmin" # write access to /etc/nixos/ files "nixadmin" # write access to /etc/nixos/ files
"wheel" # sudo access "wheel" # sudo access
@ -778,6 +777,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
gitMinimal gitMinimal
gnused gnused
nodejs nodejs
gnutar # needed for cache action
wget wget
]; ];
}; };
@ -1008,19 +1008,27 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
serverSettings = { serverSettings = {
bindaddress = "[::]:8443"; bindaddress = "[::]:8443";
db_path = "/storage/kanidm/data/kanidm.db"; # ldapbindaddress
# TODO: these will need permissions? # TODO: these will need permissions?
tls_chain = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev.crt"; tls_chain = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev.crt";
tls_key = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev.key"; tls_key = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev.key";
domain = "idm.foxtrot.hare-cod.ts.net"; domain = "idm.h.lyte.dev";
origin = "https://idm.h.lyte.dev:8443"; origin = "https://idm.h.lyte.dev";
# log_level
online_backup = { online_backup = {
path = "/storage/kanidm/backups/"; path = "/storage/kanidm/backups/";
schedule = "00 22 * * *"; schedule = "00 22 * * *";
# versions = 7;
}; };
}; };
unixSettings = {
uri = "https://idm.h.lyte.dev";
pam_allowed_login_groups = [];
# ca_path = "/path/to/ca.pem";
};
clientSettings = { clientSettings = {
uri = "https://idm.h.lyte.dev"; uri = "https://idm.h.lyte.dev";
# ca_path = "/tmp/cert.pem"; # ca_path = "/tmp/cert.pem";

4
safe-remote-upgrade.bash
View file

@ -30,9 +30,9 @@ git add -A
ssh "root@$target_host" "bash -c ' ssh "root@$target_host" "bash -c '
set -m set -m
# sleep 5 mins # sleep 15 mins
echo \"Starting background reboot job...\" echo \"Starting background reboot job...\"
(sleep 300; reboot;) & (sleep 900; reboot;) &
jobs -p jobs -p
disown disown
'" & '" &