Identity/AD/LDAP server using NixOs

What is the preferred identity service for NixOS and can it be run on NixOS?

I have migrated all the client machines at my home to NixOS. I like that I can make sure that my family’s computers stay configured and up to date, keep the configuration on my shared drive, and then deploy that configuration to any computer on the network from any other computer.

All of these computers are currently running as clients to the Synology Directory Server. I am beginning to see the problems with Synology’s server and I want to move away from it. I am also having problems with Synology’s container server so I want to move away from that as well.

My first thought was to install a proxmox server to host a FreeIPA server, a container server, and then whatever else I feel I need in the future. After starting down this path I realized I could find no documentation on how to install FreeIPA on NixOS. Based on the amount of custom config it required to make my clients work with the Synology Directory Server, I am guessing freeipa is not currently on its way to NixOS.

If I use Centos for my FreeIPA server then I have another system to keep up that I can’t remote deploy with NixOPS. I would prefer to avoid that. I started to wonder if I should just go straight LDAP rather than AD since I am only maintaining Linux clients.

Does anyone have a configuration for running an all-NixOS identity,container and perhaps even NAS server? What is everyone else using?

I could just use mutable users and just push the users that way, but that doesn’t give me the ability to authenticate non-Nix systems or devices.

1 Like

For very small LDAP setups which don’t need to be very flexible and just serve a handful of people LDAP login, portunus is a good solution.

1 Like

Thanks! Portunus may be exactly what I need. In the unlikely event I need to upgrade, do you know if it is possible to export the database out of Portunus and into a more fully featured LDAP?

1 Like

I am not sure how compatible the database is with a standard openldap but it uses the standard openldap in the back, so I imagine any tool to query everything and export it, should just work. Worst case you could also convert the json file at /var/lib/portunus/database.json into a format that you can import somewhere else.