refactor: move services out of systems/tewi/

2026-02-09 12:29:19 -08:00 · 2024-01-09 13:12:55 -08:00 · 2024-01-09 13:12:55 -08:00 · 5a661e8809
commit 5a661e8809
parent 2f68968238
30 changed files with 992 additions and 638 deletions
--- a/nixos/kanidm.nix
+++ b/nixos/kanidm.nix
@ -0,0 +1,33 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkDefault;
+  cfg = config.services.kanidm;
+in {
+  services.kanidm = {
+    enableServer = true;
+    enableClient = true;
+    server = {
+      unencrypted.enable = mkDefault true;
+      openFirewall = mkDefault true;
+      frontend = {
+        domain = mkDefault "id.${cfg.serverSettings.domain}";
+        address = mkDefault "0.0.0.0";
+      };
+      ldap = {
+        enable = mkDefault true;
+        address = mkDefault "0.0.0.0";
+      };
+    };
+    clientSettings = {
+      verify_ca = mkDefault true;
+      verify_hostnames = mkDefault true;
+    };
+    serverSettings = {
+      role = mkDefault "WriteReplica";
+      log_level = mkDefault "info";
+    };
+  };
+}