Kanidm
services.kanidm.clientSettings
Configure Kanidm clients, needed for the PAM daemon. See the documentation and example configuration for possible values.
Type: TOML value
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.clientSettings.uri
Address of the Kanidm server.
Type: string
Example
"http://127.0.0.1:8080"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.enableClient
Whether to enable the Kanidm client.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.enablePam
Whether to enable the Kanidm PAM and NSS integration.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.enableServer
Whether to enable the Kanidm server.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.package
The kanidm package to use.
Type: package
Default
pkgs.kanidm
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings
Settings for Kanidm, see the documentation and example configuration for possible values.
Type: TOML value
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.bindaddress
Address/port combination the webserver binds to.
Type: string
Example
"[::1]:8443"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.db_path
Path to Kanidm database.
Type: path
Default
"/var/lib/kanidm/kanidm.db"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.domain
The domain that Kanidm manages. Must be below or equal to the domain
specified in serverSettings.origin.
This can be left at null, only if your instance has the role ReadOnlyReplica.
While it is possible to change the domain later on, it requires extra steps!
Please consider the warnings and execute the steps described
in the documentation.
Type: null or string
Default
null
Example
"example.org"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.ldapbindaddress
Address and port the LDAP server is bound to. Setting this to null disables the LDAP interface.
Type: null or string
Default
null
Example
"[::1]:636"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.log_level
Log level of the server.
Type: one of "info", "debug", "trace"
Default
"info"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.online_backup.path
Path to the output directory for backups.
Type: path
Default
"/var/lib/kanidm/backups"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.online_backup.schedule
The schedule for backups in cron format.
Type: string
Default
"00 22 * * *"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.online_backup.versions
Number of backups to keep.
The default is set to 0, in order to disable backups by default.
Type: unsigned integer, meaning >=0
Default
0
Example
7
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.origin
The origin of your Kanidm instance. Must have https as protocol.
Type: string matching the pattern ^https://.*
Example
"https://idm.example.org"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.role
The role of this server. This affects the replication relationship and thereby available features.
Type: one of "WriteReplica", "WriteReplicaNoUI", "ReadOnlyReplica"
Default
"WriteReplica"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.tls_chain
TLS chain in pem format.
Type: path
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.serverSettings.tls_key
TLS key in pem format.
Type: path
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.unixSettings
Configure Kanidm unix daemon. See the documentation and example configuration for possible values.
Type: TOML value
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.unixSettings.hsm_pin_path
Path to a HSM pin.
Type: path
Default
"/var/cache/kanidm-unixd/hsm-pin"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix
services.kanidm.unixSettings.pam_allowed_login_groups
Kanidm groups that are allowed to login using PAM.
Type: list of string
Example
"my_pam_group"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/kanidm.nix