It's at most half done, and it's probably confusing to read.
It might be a good idea to come back later.
Alternatively, you can prod me to write it.
Setting Up kanidm with services.kanidm On NixOS (with Clan)
Let’s start with the basics:
There’s Williams’ walkthrough
But that’s all cli.
Let’s do better and use the services.kanidm.
That breaks immediately, cause wrong version.
Then there’s two versions: with provisioning and without.
That’s because will doesn’t like us to store passwords anywhere except for in kanidm, cause people are stupid.
But we aren’t, we’re on Nix, secret management is our thing.
(Could use sops-nix/agenix, whatever, or just vars from Clan)
So for now, let’s just assume we have any secret management solution, and insert the secret like this:
"${config....}"kanidm has a few non-obvious caveats in the beginning: There’s two admin users: admin@“domain.com”, and idm_admin@“domain.com”
We need to supply both.
Now that we have them, we need users.
(don’t want to to that via cli either, so we add them per config)
This works like this:
services.kanidm