diff options
author | Kerstin <kerstin@erictapen.name> | 2024-02-29 15:19:34 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-29 15:19:34 +0100 |
commit | 51363e5c0d9fc457f5ceb2df210be855e410ddb6 (patch) | |
tree | 745be432b03fa6cbbcea5e35b82f5dcfe0b7dd30 /nixos/modules | |
parent | 33eb16320b37da4f69b95c476379a41a27d10771 (diff) | |
parent | d167743c728545a4b63ac669e79eaefe3b0df623 (diff) |
Merge pull request #280628 from h7x4/nixos-module-update-kanidm-add-backup-dir-to-bindpaths
nixos/kanidm: declare `online_backup` options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/security/kanidm.nix | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix index c659d93b40872..9d074c3027d02 100644 --- a/nixos/modules/services/security/kanidm.nix +++ b/nixos/modules/services/security/kanidm.nix @@ -132,6 +132,28 @@ in default = "WriteReplica"; type = lib.types.enum [ "WriteReplica" "WriteReplicaNoUI" "ReadOnlyReplica" ]; }; + online_backup = { + path = lib.mkOption { + description = lib.mdDoc "Path to the output directory for backups."; + type = lib.types.path; + default = "/var/lib/kanidm/backups"; + }; + schedule = lib.mkOption { + description = lib.mdDoc "The schedule for backups in cron format."; + type = lib.types.str; + default = "00 22 * * *"; + }; + versions = lib.mkOption { + description = lib.mdDoc '' + Number of backups to keep. + + The default is set to `0`, in order to disable backups by default. + ''; + type = lib.types.ints.unsigned; + default = 0; + example = 7; + }; + }; }; }; default = { }; @@ -233,6 +255,14 @@ in environment.systemPackages = lib.mkIf cfg.enableClient [ cfg.package ]; + systemd.tmpfiles.settings."10-kanidm" = { + ${cfg.serverSettings.online_backup.path}.d = { + mode = "0700"; + user = "kanidm"; + group = "kanidm"; + }; + }; + systemd.services.kanidm = lib.mkIf cfg.enableServer { description = "kanidm identity management daemon"; wantedBy = [ "multi-user.target" ]; @@ -253,6 +283,8 @@ in BindPaths = [ # To create the socket "/run/kanidmd:/run/kanidmd" + # To store backups + cfg.serverSettings.online_backup.path ]; AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; |