william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add Kanidm identity provider to alexandria

Browse source 
Added Kanidm server configuration to serve as central identity provider for
all services. Configuration includes:
- Server on auth.baduhai.dev with HTTPS
- LDAP support on port 636 for legacy integrations
- Nginx reverse proxy with SSL termination
- Added to shared services for DNS resolution

Kanidm will provide OAuth2/OIDC authentication for Nextcloud, Vaultwarden,
Forgejo, and other services.
This commit is contained in:
William 2025-11-08 21:57:27 -03:00
parent 73db534269
commit 952a55f03d
2 changed files with 87 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
shared/services.nix
View file

@ -1,9 +1,17 @@
# Shared service definitions for cross-host configuration
# Used by:
# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin)
# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin, kanidm)
# - trantor: DNS server (Tailnet) + service hosting (forgejo)
{
services = [
{
name = "kanidm";
domain = "auth.baduhai.dev";
host = "alexandria";
lanIP = "192.168.15.142";
tailscaleIP = "100.76.19.50";
port = 8443;
}
{
name = "vaultwarden";
domain = "pass.baduhai.dev";