diff options
| -rw-r--r-- | system/linde.nix | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/system/linde.nix b/system/linde.nix index 56a7b1bd..fe9497e7 100644 --- a/system/linde.nix +++ b/system/linde.nix @@ -972,15 +972,13 @@ in }; }; - services.etcd = { - enable = true; - initialClusterState = "existing"; - dataDir = "/var/lib/etcd"; # TODO backup - extraConf = { - AUTO_COMPACTION_RETENTION = "1h"; - }; + users.users.dex = { + home = "/var/lib/dex"; + createHome = true; + isSystemUser = true; + group = "dex"; }; - + users.groups.dex = { }; services.dex = let issuer = "https://id.alanpearce.eu/"; @@ -991,11 +989,8 @@ in settings = { inherit issuer; storage = { - type = "etcd"; - config = { - endpoints = config.services.etcd.listenClientUrls; - namespace = "dex/"; - }; + type = "sqlite3"; + config.file = "/var/lib/dex/storage.sqlite"; }; web.http = "127.0.0.1:5556"; connectors = [{ @@ -1023,10 +1018,16 @@ in ]; }; }; - systemd.services.dex.unitConfig = { - After = [ "etcd.service" ]; - Requires = [ "etcd.service" ]; - }; + systemd.services.dex.serviceConfig = + let + user = config.users.users.dex; + in + { + ReadWritePaths = [ user.home ]; + DynamicUser = lib.mkForce false; + User = user.name; + Group = user.group; + }; services.redis = { servers = { |