mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

chore: configure kanidm provisioning passwords

Browse source
This commit is contained in:
oddlama 2023-08-27 16:46:49 +02:00
parent 8ad13ec0bf
commit 7f2315fc1d
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
3 changed files with 35 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

17
hosts/ward/microvms/kanidm.nix
View file

@ -24,6 +24,18 @@ in {
group = "kanidm";
};
age.secrets.kanidm-admin-password = {
generator.script = "alnum";
mode = "440";
group = "kanidm";
};
age.secrets.kanidm-idm-admin-password = {
generator.script = "alnum";
mode = "440";
group = "kanidm";
};
age.secrets.kanidm-oauth2-grafana = {
generator.script = "alnum";
generator.tags = ["oauth2"];
@ -89,6 +101,9 @@ in {
provision = {
enable = true;
adminPasswordFile = config.age.secrets.kanidm-admin-password.path;
idmAdminPasswordFile = config.age.secrets.kanidm-idm-admin-password.path;
inherit (config.repo.secrets.global.kanidm) persons;
# Grafana
@ -118,8 +133,6 @@ in {
scopeMaps.forgejo = ["openid" "email" "profile"];
supplementaryScopeMaps = {
"forgejo.admins" = ["admin"];
"forgejo.editors" = ["editor"];
"forgejo.server-admins" = ["server_admin"];
};
};