c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity
nix-config/hosts/auth
History
Sandro - 318a6c630e
The big mail bang 		2024-04-13 20:54:20 +02:00
..
README.md The big mail bang 2024-04-13 20:54:20 +02:00
default.nix grafana: move to nixos-modules 2023-12-04 00:11:04 +01:00
secrets.yaml Bump session time, regen secrets 2023-12-03 15:58:01 +01:00

README.md

Design

We are using portunus to manage an OpenLDAP server and currently dex to offer OIDC. Dex might be replaced in the future with an equivalent solution that can remember sessions to have true SSO. New services should use OAuth/OIDC if possible to lay the groundwork for SSO. If the application only support LDAP, that is also fine to use.

How to use it

See the grafana configuration to see an example on how to use OAuth. To create a new application edit the dex configuration next to portunus. The aplication credentials are saved in sops.

For an exmaple ldap configuration see the gitea, hydra or mail. The ldap settings are documented in portunus in detail. To connect to auth.c3d2.de the nixos-modules option services.portunus.addToHosts should be set to true.