voyager: remove kanidm
This commit is contained in:
parent
70959b5092
commit
99b6c6ac27
|
|
@ -31,7 +31,7 @@ Other installed packages and tools are described in the config files (like ./hos
|
|||
- [Hedgedoc](https://md.feal.no) ([source](./hosts/defiant/services/hedgedoc.nix)) - Collaborative markdown notes editor
|
||||
- HomeAssistant ([source](./hosts/defiant/services/home-assistant.nix))- Home automation / IOT controller
|
||||
- [VaultWarden](https://pw.feal.no) ([source](./hosts/defiant/services/vaultwarden.nix)) - BitWarden Password Manager backend
|
||||
- [Kanidm](https://auth.feal.no) ([source](./hosts/voyager/services/kanidm.nix)) - Authentication provider with support for OAuth2/OIDC, LDAPS, SSH, etc.
|
||||
- [KeyCloak](https://iam.feal.no) ([source](./hosts/defiant/services/nextcloud.nix)) - Authentication provider, giving SSO with OIDC or SAML
|
||||
- [Jellyfin](https://jf.feal.no) ([source](./hosts/voyager/services/jellyfin.nix)) - Local media streaming
|
||||
|
||||
## Networking
|
||||
|
|
|
|||
|
|
@ -55,7 +55,6 @@ in {
|
|||
systemd.services.hedgedoc = {
|
||||
requires = [
|
||||
"postgresql.service"
|
||||
# "kanidm.service"
|
||||
];
|
||||
serviceConfig = let
|
||||
workDir = "/var/lib/hedgedoc";
|
||||
|
|
|
|||
|
|
@ -54,14 +54,6 @@ in {
|
|||
'';
|
||||
} // overrides;
|
||||
in {
|
||||
"auth.feal.no" = publicProxy "" {
|
||||
locations."/" = {
|
||||
proxyPass = "https://voyager.home.feal.no:8300";
|
||||
extraConfig = ''
|
||||
proxy_ssl_verify off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
"cloud.feal.no" = publicProxy "" {
|
||||
locations."/" = {
|
||||
proxyPass = "http://voyager.home.feal.no";
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
# TODO: kanidm, timemachine, calibre(?), nextcloud
|
||||
# TODO: timemachine, nextcloud, komga, calibre
|
||||
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@
|
|||
./services/calibre.nix
|
||||
./services/fancontrol.nix
|
||||
./services/jellyfin.nix
|
||||
./services/kanidm.nix
|
||||
./services/komga.nix
|
||||
./services/nextcloud.nix
|
||||
./services/nginx
|
||||
|
|
|
|||
|
|
@ -1,36 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.services.kanidm;
|
||||
certPath = "/etc/ssl-snakeoil/auth_feal_no";
|
||||
ldapbindaddress = "0.0.0.0:636";
|
||||
in {
|
||||
# Kanidm - Identity management / auth provider
|
||||
services.kanidm = {
|
||||
enableServer = true;
|
||||
serverSettings = {
|
||||
origin = "https://${cfg.serverSettings.domain}";
|
||||
domain = "auth.feal.no";
|
||||
bindaddress = "0.0.0.0:8300";
|
||||
inherit ldapbindaddress;
|
||||
|
||||
tls_chain = "/run/credentials/kanidm.service/cert.crt";
|
||||
tls_key = "/run/credentials/kanidm.service/cert.key";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.kanidm = {
|
||||
serviceConfig.LoadCredential = [
|
||||
"cert.crt:${certPath}.crt"
|
||||
"cert.key:${certPath}.key"
|
||||
];
|
||||
};
|
||||
|
||||
environment = {
|
||||
systemPackages = [ pkgs.kanidm ];
|
||||
etc."kanidm/config".text = ''
|
||||
uri="${cfg.serverSettings.origin}"
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8300 ];
|
||||
}
|
||||
Loading…
Reference in New Issue