all repos — nixfiles @ 74fd4225f6814bf55a827eea120bf0d8b88c2730

System and user configuration, managed by nix and home-manager

linde: use sqlite3 for dex storage instead of etcd
Alan Pearce alan@alanpearce.eu
Mon, 30 Dec 2024 16:20:45 +0100
commit

74fd4225f6814bf55a827eea120bf0d8b88c2730

parent

b1f32ed3ab06f524eceb6126e98e581b82b30534

1 files changed, 18 insertions(+), 17 deletions(-)

jump to
M system/linde.nixsystem/linde.nix
@@ -972,15 +972,13 @@ system.stateVersion = "24.11";       };
     };
 
-  services.etcd = {
-    enable = true;
-    initialClusterState = "existing";
-    dataDir = "/var/lib/etcd"; # TODO backup
-    extraConf = {
-      AUTO_COMPACTION_RETENTION = "1h";
-    };
+  users.users.dex = {
+    home = "/var/lib/dex";
+    createHome = true;
+    isSystemUser = true;
+    group = "dex";
   };
-
+  users.groups.dex = { };
   services.dex =
     let
       issuer = "https://id.alanpearce.eu/";
@@ -991,11 +989,8 @@ environmentFile = config.age.secrets.dex.path;       settings = {
         inherit issuer;
         storage = {
-          type = "etcd";
-          config = {
-            endpoints = config.services.etcd.listenClientUrls;
-            namespace = "dex/";
-          };
+          type = "sqlite3";
+          config.file = "/var/lib/dex/storage.sqlite";
         };
         web.http = "127.0.0.1:5556";
         connectors = [{
@@ -1023,10 +1018,16 @@ }         ];
       };
     };
-  systemd.services.dex.unitConfig = {
-    After = [ "etcd.service" ];
-    Requires = [ "etcd.service" ];
-  };
+  systemd.services.dex.serviceConfig =
+    let
+      user = config.users.users.dex;
+    in
+    {
+      ReadWritePaths = [ user.home ];
+      DynamicUser = lib.mkForce false;
+      User = user.name;
+      Group = user.group;
+    };
 
   services.redis = {
     servers = {