+2

lily/config.nix

Reviewed

··· 27 27 ../modules/services/caddy/bsky-sieve.nix 28 28 ../modules/services/caddy/cp-certs.nix 29 29 ../modules/services/caddy/jellyfin.nix 30 30 + ../modules/services/caddy/kanidm.nix 30 31 # ../modules/services/caddy/mumble.nix 31 32 ../modules/services/caddy/nextcloud.nix 32 33 ../modules/services/caddy/pds.nix ··· 45 46 46 47 ../modules/services/arr.nix 47 48 ../modules/services/jellyfin.nix 49 49 + ../modules/services/kanidm.nix 48 50 # ../modules/services/murmur.nix 49 51 ../modules/services/nextcloud.nix 50 52 ../modules/services/openssh.nix

+1 -1

modules/services/caddy/cp-certs.nix

Reviewed

··· 8 8 certs_dir="/var/ssl" 9 9 10 10 case $1 in 11 11 - "mumble.butwho.org" ) 11 11 + "idm.biota.cafe" ) 12 12 caddy_path="/var/lib/caddy/.local/share/caddy" 13 13 printf '%s\n' "$prog_name: Copying certs for '$1' to $certs_dir/$1" 14 14

+10

modules/services/caddy/kanidm.nix

Reviewed

··· 1 1 + { ... }: { 2 2 + services.caddy.virtualHosts."idm.biota.cafe".extraConfig = '' 3 3 + encode 4 4 + reverse_proxy https://[::1]:8443 { 5 5 + transport http { 6 6 + tls_server_name idm.biota.cafe 7 7 + } 8 8 + } 9 9 + ''; 10 10 + }

+29

modules/services/kanidm.nix

Reviewed

··· 1 1 + { pkgs, ... }: { 2 2 + environment.persistence."/data/persistent".directories = [ 3 3 + { 4 4 + directory = "/var/lib/kanidm"; 5 5 + mode = "0700"; 6 6 + user = "kanidm"; 7 7 + group = "kanidm"; 8 8 + } 9 9 + ]; 10 10 + 11 11 + services.kanidm = { 12 12 + package = pkgs.kanidm_1_10; 13 13 + server = { 14 14 + enable = true; 15 15 + settings = { 16 16 + bindaddress = "[::1]:8443"; 17 17 + domain = "idm.biota.cafe"; 18 18 + origin = "https://idm.biota.cafe"; 19 19 + tls_chain = "/var/ssl/idm.biota.cafe/idm.biota.cafe.crt"; 20 20 + tls_key = "/var/ssl/idm.biota.cafe/idm.biota.cafe.key"; 21 21 + online_backup.versions = 7; 22 22 + http_client_address_info.x-forward-for = [ 23 23 + "::1" 24 24 + "127.0.0.1" 25 25 + ]; 26 26 + }; 27 27 + }; 28 28 + }; 29 29 + }