chore(idp): rename ipa web access

2026-02-09 12:29:19 -08:00 · 2024-04-15 13:34:17 -07:00 · 2024-04-15 13:34:17 -07:00 · 1fed0eb15f
commit 1fed0eb15f
parent f776a268fb
6 changed files with 11 additions and 8 deletions
--- a/modules/extern/nixos/krb5.nix
+++ b/modules/extern/nixos/krb5.nix
@ -152,7 +152,7 @@
        enable = mkEnableOption "IPA";
        httpHost = mkOption {
          type = str;
-          default = "freeipa.${config.domain}";
+          default = "ipa.${config.domain}";
        };
        host = mkOption {
          type = str;
@ -246,8 +246,8 @@
          servers = optional access.local.enable "idp.local.${config.domain}"
            ++ [ "_srv" ];
          backups = mkMerge [
-            (mkIf access.tail.enabled (mkAlmostOptionDefault [ "freeipa.tail.${config.domain}" ]))
-            (mkIf access.local.enable (mkAlmostOptionDefault [ "freeipa.local.${config.domain}" ]))
+            (mkIf access.tail.enabled (mkAlmostOptionDefault [ "ipa.tail.${config.domain}" ]))
+            (mkIf access.local.enable (mkAlmostOptionDefault [ "ipa.local.${config.domain}" ]))
          ];
        in mkIf config.sssd.enable {
          enable = mkAlmostOptionDefault true;
--- a/modules/system/exports/freeipa.nix
+++ b/modules/system/exports/freeipa.nix
@ -3,7 +3,7 @@
  inherit (lib.attrsets) mapAttrs;
 in {
  config.exports.services.freeipa = {
-    id = mkAlmostOptionDefault "freeipa";
+    id = mkAlmostOptionDefault "ipa";
    ports = mapAttrs (_: mapAlmostOptionDefaults) {
      default = {
        port = 443;
--- a/nixos/access/freeipa.nix
+++ b/nixos/access/freeipa.nix
@ -243,7 +243,7 @@ in {
        '';
      in mkIf access.preread.enable preread;
      virtualHosts = let
-        name.shortServer = mkDefault "freeipa";
+        name.shortServer = mkDefault "ipa";
      in {
        freeipa = {
          name.shortServer = mkDefault "idp";
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@ -63,6 +63,7 @@ in {
      ingress = {
        ${virtualHosts.prox.serverName}.service = localNginx;
        ${virtualHosts.gensokyoZone.serverName}.service = localNginx;
+        ${virtualHosts.freeipa'web.serverName}.service = localNginx;
      };
    };
  };
@ -224,6 +225,7 @@ in {
      freeipa = {
        ssl.cert.enable = true;
      };
+      freeipa'web.proxied.enable = "cloudflared";
      keycloak = {
        # we're not the real sso record-holder, so don't respond globally..
        local.denyGlobal = true;
--- a/tf/cloudflare_records.tf
+++ b/tf/cloudflare_records.tf
@ -12,11 +12,11 @@ module "hakurei_system_records" {
  net_data  = local.systems.hakurei.network
  local_subdomains = [
    "prox",
-    "id",
    "login",
    "sso",
    "ldap",
-    "freeipa",
+    "krb5",
+    "ipa",
    "unifi",
    "pbx",
    "smb",
@ -31,8 +31,8 @@ module "hakurei_system_records" {
  global_subdomains = [
    "plex",
    "idp",
-    "freeipa",
    "ldap",
+    "krb5",
    "pbx",
    "smb",
    "mqtt",
--- a/tf/cloudflare_tunnels.tf
+++ b/tf/cloudflare_tunnels.tf
@ -12,6 +12,7 @@ module "hakurei" {
  subdomains = [
    "@",
    "prox",
+    "ipa",
  ]
 }