gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(kanidm): expose ldap

Browse source
This commit is contained in:
arcnmx 2024-01-21 16:35:30 -08:00
parent 24a8471427
commit 6ba09ac7ec
5 changed files with 122 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

22
modules/nixos/kanidm.nix
View file

@ -4,7 +4,7 @@
config,
...
}: let
inherit (lib) mkIf mkMerge mkDefault mkOptionDefault mkEnableOption mkOption;
inherit (lib) mkIf mkMerge mkBefore mkDefault mkOptionDefault mkEnableOption mkOption;
cfg = config.services.kanidm;
in {
options.services.kanidm = with lib.types; {
@ -13,8 +13,7 @@ in {
unencrypted = {
enable = mkEnableOption "snake oil certificate";
domain = mkOption {
type = str;
default = cfg.server.frontend.domain;
type = listOf str;
};
package = mkOption {
type = package;
@ -42,7 +41,7 @@ in {
};
port = mkOption {
type = port;
default = 636;
default = 3636;
};
};
};
@ -55,12 +54,15 @@ in {
];
services.kanidm = {
server.unencrypted.package = let
cert = pkgs.mkSnakeOil {
name = "kanidm-cert";
inherit (cfg.server.unencrypted) domain;
};
in mkOptionDefault cert;
server.unencrypted = {
domain = mkBefore [ cfg.server.frontend.domain ];
package = let
cert = pkgs.mkSnakeOil {
name = "kanidm-cert";
inherit (cfg.server.unencrypted) domain;
};
in mkOptionDefault cert;
};
clientSettings = mkIf cfg.enableServer {
uri = mkDefault cfg.serverSettings.origin;
};