sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: configure kanidm provisioning passwords

Browse source
This commit is contained in:
oddlama 2023-08-27 16:46:49 +02:00
parent 8ad13ec0bf
commit 7f2315fc1d
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
3 changed files with 35 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

17
hosts/ward/microvms/kanidm.nix
View file

@ -24,6 +24,18 @@ in {
group = "kanidm"; group = "kanidm";
}; };
age.secrets.kanidm-admin-password = {
generator.script = "alnum";
mode = "440";
group = "kanidm";
};
age.secrets.kanidm-idm-admin-password = {
generator.script = "alnum";
mode = "440";
group = "kanidm";
};
age.secrets.kanidm-oauth2-grafana = { age.secrets.kanidm-oauth2-grafana = {
generator.script = "alnum"; generator.script = "alnum";
generator.tags = ["oauth2"]; generator.tags = ["oauth2"];
@ -89,6 +101,9 @@ in {
provision = { provision = {
enable = true; enable = true;
adminPasswordFile = config.age.secrets.kanidm-admin-password.path;
idmAdminPasswordFile = config.age.secrets.kanidm-idm-admin-password.path;
inherit (config.repo.secrets.global.kanidm) persons; inherit (config.repo.secrets.global.kanidm) persons;
# Grafana # Grafana
@ -118,8 +133,6 @@ in {
scopeMaps.forgejo = ["openid" "email" "profile"]; scopeMaps.forgejo = ["openid" "email" "profile"];
supplementaryScopeMaps = { supplementaryScopeMaps = {
"forgejo.admins" = ["admin"]; "forgejo.admins" = ["admin"];
"forgejo.editors" = ["editor"];
"forgejo.server-admins" = ["server_admin"];
}; };
}; };

10
secrets/generated/ward-kanidm/kanidm-admin-password.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> X25519 Pa1maG/sVPFgPgYoY9mYlSlgF+LpxMPtVBaZjspGnmI
GjxSVHYk00fe4fAMRI3ExouOIxY8LhO47UdyaaJMRdY
-> piv-p256 xqSe8Q AqZGyc/hxOLcXlvfnNv06XKQ7wr1VFek4m4gLRcvFovu
Zbi7RmxtAAhScnDvvHIpGYK/L4NJiJtRL//sWexTxCI
-> _l-grease WJ^vd2 SdlP# q:5_( L?
HczWfqUi9D6ffAgaJk6M4xC3C6sxh7sl4KSdUNrAjwK+G7KIJ8us0q7QDzPZABYl
vhq0nDCtc9ORwhD3wYChZYVN0tvIXDVB/93s9DKVnKfEsMaVtO8WFJSMtfCN1Q
--- XCTs/Ut+/yqc8nt99hO6XgkAbhmG8Z2QRTr6qv3PTDg
{M�šéÆžE§�~'Ã-ºr…èý~YŽóQ~w8Þ_P¼#Ú!'T†Ã=ápËÂár‘æb>;ÀYgù‡�4ê!ó D—!GO&aW

10
secrets/generated/ward-kanidm/kanidm-idm-admin-password.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> X25519 RY9Ye6G9jctqyZE1RprOtWUjyDr6tTNGmkr/Y/kB2lg
SX5CaRve3o3dnqb8YhCYjZ2xLfoDHzmoItL8TS7D2c0
-> piv-p256 xqSe8Q A5FvsOyQY1LMBQ2Zpvx3Ji1VdY1BjnzlBgVzW59J/cHQ
Yjlk27rJdGRKu3gy9UUhX/cD4/3a2xzo1gVSXWOxq5Q
-> ~qYtwg-grease yxf&b" ){+ 0=h&BHx
M914CxJc1173PdoPCyfxO6WhskKW4NIZeqqwYUcVkqM4SUBIpX2E5A+wdMvYSM37
Utlel4OCoAQ5/g
--- 7j5sDr9MMiQhq/q9zhOjsI/ETsUlYOZF8LWgTU0gJZM
¸YCð!êVŸ0C¦!ê‚«¸cììÁ Wc?ähC¦­FþÕ±süŸFt‰D=MÞ1æЩ�†œR‰Ã„e„R,}‰˜�^ò+.ñ©ºò£¥öä3Ÿ¡²