How to Install Pomerium on NixOS Latest

Pomerium is an open-source identity-aware access proxy that provides secure access to internal applications and services no matter where an individual is located. It provides authorization policies that the owner can use to grant or deny access depending on a user’s identity.

This tutorial will cover how to install Pomerium on NixOS Latest, a unique operating system with a functional package manager called Nix.

Step 1 - Prerequisites

Before you move further, ensure that you have the following prerequisites:

  • Access to a terminal shell with sudo privileges.
  • A running instance of NixOS Latest.

Step 2 - Update the System Packages

Use the following command to update your Nix system packages:

sudo nix-channel --update && sudo nixos-rebuild switch

Step 3 - Install Pomerium on NixOS

To install Pomerium on NixOS, follow the below steps:

Step 3.1 - Add Pomerium Channel

Add the Pomerium channel using the following command:

sudo nix-shell -p curl --run "curl -L https://nixos.org/channels/nixos-unstable/pkgs/development/go-modules/pomerium/channel.nix > pomerium-channel.nix"

Step 3.2 - Import the Pomerium Channel

After installing curl, import Pomerium channel with the below command:

sudo nix-env -iA nixos.pomerium -f ./pomerium-channel.nix

Step 4 - Configure Pomerium on NixOS

Follow the below steps to configure Pomerium on NixOS:

Step 4.1 - Add Custom Policy

Access the system configuration file and add custom policies depending on the application access needs:

sudo vi /etc/nixos/configuration.nix

services.pomerium = {
  enable = true;
  extraConfig = ''
    policies:
      - from: https://dashboard.example.com
        to: https://dashboard.example.com:80
        allowed_users:
          - email: [email protected]
            groups:
              - admins
  '';
};

Step 4.2 - Reload the Configuration

Save and close the configuration file, then run the below command to reload the configuration:

sudo nixos-rebuild switch

The above command will generate a new Pomerium configuration based on your customized policy.

Step 5 - Verify Pomerium on NixOS

Navigate to your specified application URL, and Pomerium will redirect to the identity provider for authentication before granting access. If authentication succeeds, Pomerium allows access to the protected resource.

Open a web browser and enter localhost:3000 or IP:3000 on the address bar. If you are redirected to the authentication page, that means Pomerium is working correctly.

Conclusion

This guideline has explained how to install Pomerium and configure it on NixOS. You can start securing your applications and services by customizing the policies defined.