all repos — nixfiles @ 74fd4225f6814bf55a827eea120bf0d8b88c2730

System and user configuration, managed by nix and home-manager

linde: use sqlite3 for dex storage instead of etcd

Alan Pearce
commit

74fd4225f6814bf55a827eea120bf0d8b88c2730

parent

b1f32ed3ab06f524eceb6126e98e581b82b30534

1 file changed, 18 insertions(+), 17 deletions(-)

jump to
M system/linde.nixsystem/linde.nix
@@ -972,15 +972,13 @@ system.stateVersion = "24.11";
}; }; - services.etcd = { - enable = true; - initialClusterState = "existing"; - dataDir = "/var/lib/etcd"; # TODO backup - extraConf = { - AUTO_COMPACTION_RETENTION = "1h"; - }; + users.users.dex = { + home = "/var/lib/dex"; + createHome = true; + isSystemUser = true; + group = "dex"; }; - + users.groups.dex = { }; services.dex = let issuer = "https://id.alanpearce.eu/";
@@ -991,11 +989,8 @@ environmentFile = config.age.secrets.dex.path;
settings = { inherit issuer; storage = { - type = "etcd"; - config = { - endpoints = config.services.etcd.listenClientUrls; - namespace = "dex/"; - }; + type = "sqlite3"; + config.file = "/var/lib/dex/storage.sqlite"; }; web.http = "127.0.0.1:5556"; connectors = [{
@@ -1023,10 +1018,16 @@ }
]; }; }; - systemd.services.dex.unitConfig = { - After = [ "etcd.service" ]; - Requires = [ "etcd.service" ]; - }; + systemd.services.dex.serviceConfig = + let + user = config.users.users.dex; + in + { + ReadWritePaths = [ user.home ]; + DynamicUser = lib.mkForce false; + User = user.name; + Group = user.group; + }; services.redis = { servers = {