feat: Allow services to communicate with Kanidm even when there is no DNS record yet

2025-03-28 17:08:37 +03:00
parent b571449efe
commit e79af804f1
1 changed files with 6 additions and 0 deletions
--- a/auth/auth.nix
+++ b/auth/auth.nix
@@ -100,6 +100,12 @@ lib.mkIf config.selfprivacy.sso.enable {
    )
  ];

+  networking.hosts = {
+    # Allow the services to communicate with kanidm even if
+    # there is no DNS record yet
+    "127.0.0.1" = [ auth-fqdn ];
+  };
+

  # kanidm uses TLS in internal connection with nginx too
  # FIXME revise this: maybe kanidm must not have access to a public TLS