ops/nixos/tvl-sso/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

# Configures an Apereo CAS instance for TVL SSO
{ config, ... }:

let
  inherit (config.depot.third_party) apereo-cas;
in {
  config = {
    environment.systemPackages = [ apereo-cas ];
    systemd.services.apereo-cas = {
      description = "Apereo CAS Single Sign On server";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
      serviceConfig = {
        User = "apereo-cas";
        Group = "apereo-cas";
        ExecStart = "${apereo-cas}/bin/cas";
        EnvironmentFile = "/etc/cas/secrets";
        Restart = "always";
      };
    };
    users.users.apereo-cas = {};
    users.groups.apereo-cas = {};
  };
}