xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

modules/auth: use pinned kanidm version

Browse source
This commit is contained in:
xinyangli 2025-05-04 23:16:24 +08:00
parent 81b13fc485
commit 7db179090e
No known key found for this signature in database
3 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/nixos/common-settings/auth.nix
View file

@ -22,6 +22,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.kanidm = { services.kanidm = {
package = pkgs.kanidm_1_5;
enableClient = true; enableClient = true;
clientSettings = { clientSettings = {
uri = "https://${idpUrl}"; uri = "https://${idpUrl}";
@ -37,6 +38,7 @@ in
enable = true; enable = true;
authorizedKeysCommand = "/etc/ssh/auth %u"; authorizedKeysCommand = "/etc/ssh/auth %u";
authorizedKeysCommandUser = "kanidm-ssh-runner"; authorizedKeysCommandUser = "kanidm-ssh-runner";
openFirewall = true;
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;

1
modules/nixos/kanidm-client.nix
View file

@ -38,6 +38,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.kanidm = mkMerge [ services.kanidm = mkMerge [
(mkIf cfg.enable { (mkIf cfg.enable {
package = pkgs.kanidm_1_5;
enableClient = true; enableClient = true;
clientSettings = { clientSettings = {
uri = cfg.uri; uri = cfg.uri;

7
modules/nixos/monitor/default.nix
View file

@ -119,12 +119,9 @@ in
name = "ntfy"; name = "ntfy";
webhook_configs = [ webhook_configs = [
{ {
url = "${ntfyUrl}/prometheus-alerts?tpl=yes&m=${lib.escapeURL '' url = "${ntfyUrl}/prometheus-alerts?tpl=yes&m=%7B%7Brange%20.alerts%7D%7D%7B%7B%20if%20eq%20.status%20%22resolved%22%20%7D%7D%E2%9C%85%7B%7B%20else%20%7D%7D%7B%7B%20if%20eq%20.status%20%22firing%22%20%7D%7D%F0%9F%94%A5%7B%7Bend%7D%7D%7B%7Bend%7D%7D%7B%7B.labels.alertname%7D%7D%0A%7B%7B.annotations.summary%7D%7D%0A%7B%7Bend%7D%7D";
{{range .alerts}}{{ if eq .status "resolved" }}{{ else }}{{ if eq .status "firing" }}🔥{{end}}{{end}}{{.labels.alertname}}
{{.annotations.summary}}
{{end}}''}";
send_resolved = true; send_resolved = true;
max_alerts = 5; max_alerts = 10;
} }
]; ];
} }