gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(hakurei): access

Browse source
This commit is contained in:
arcnmx 2024-01-20 15:33:51 -08:00
parent 7ded53ccc1
commit e95cec051f
5 changed files with 62 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/nixos/kanidm.nix
View file

@ -56,18 +56,10 @@ in {
services.kanidm = {
server.unencrypted.package = let
cert = pkgs.runCommand "kanidm-cert" {
cert = pkgs.mkSnakeOil {
name = "kanidm-cert";
inherit (cfg.server.unencrypted) domain;
nativeBuildInputs = [ pkgs.buildPackages.minica ];
} ''
install -d $out
cd $out
minica \
--ca-key ca.key.pem \
--ca-cert ca.cert.pem \
--domains $domain
cat $domain/cert.pem ca.cert.pem > $domain.pem
'';
};
in mkOptionDefault cert;
clientSettings = mkIf cfg.enableServer {
uri = mkDefault cfg.serverSettings.origin;
@ -82,8 +74,8 @@ in {
);
}
(mkIf cfg.server.unencrypted.enable {
tls_chain = "${cfg.server.unencrypted.package}/${cfg.server.unencrypted.domain}.pem";
tls_key = "${cfg.server.unencrypted.package}/${cfg.server.unencrypted.domain}/key.pem";
tls_chain = "${cfg.server.unencrypted.package}/fullchain.pem";
tls_key = "${cfg.server.unencrypted.package.key}/key.pem";
})
];
};