gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(idp): enrolling more hosts

Browse source
This commit is contained in:
arcnmx 2024-03-22 16:47:20 -07:00
parent b8f5c4b457
commit 296d0fbd15
5 changed files with 15 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/ipa.nix
View file

@ -1,6 +1,6 @@
{ inputs, pkgs, config, lib, ... }: let
inherit (inputs.self.lib.lib) mkBaseDn;
inherit (lib.modules) mkIf mkBefore mkForce mkDefault;
inherit (lib.modules) mkIf mkBefore mkDefault;
inherit (lib.strings) toUpper;
inherit (config.networking) domain;
cfg = config.security.ipa;

1
systems/keycloak/nixos.nix
View file

@ -5,6 +5,7 @@
nixos.sops
nixos.base
nixos.reisen-ct
nixos.ipa
nixos.keycloak
nixos.cloudflared
nixos.vouch

5
systems/keycloak/secrets.yaml
View file

@ -1,4 +1,5 @@
cloudflared-tunnel-keycloak: ENC[AES256_GCM,data:nXqz6gys7c9UsOy1oiFGFIl/ra/Cf2hb+LLjXI4agEy9mXCAJlKKg7YzuNaHGAXkTKlrpp2lC0P7qNmI3zryTQKBa+LHTq5Lcj9ZSbSW9zhVVS6e155RcdDv/7j1lcZnVmynX+Dz5m8bz490IEuVme985+L9W/5/ksCnjNzUFiCkaxKwe/w2gGv6GdBVYqCFv1j4XBTNAA9D62uZLM5IATtbaam3yZvygWcDLZLpnI+D1Cd5UvOMpgEvdyvKxfaZEzbgkX6BP2mcw+jC9XM=,iv:1rJgyfj+0vIO9hi5U1IarWlaK/tlpAFHn/q7bhtqogg=,tag:fCCY9lxnFt/ImqDeBH0hvw==,type:str]
krb5-keytab: ENC[AES256_GCM,data:HzdY8lnFT89At4O/wb8cAIwtbhF0LpuOIGoYhJLMwI2BEg8oW5VvbbQZNkedIktro9eQUfKrFzwOcWZN+GO86xAWePbs/buj3TKXu9bcTFnIUiDQNT40dU8GKlfxFIDQszFhfZq7CuRzrj5MrccS2K/vMqeFTFL99MYShJuO2sxa7sl1DjF5FzgbJh2jyuMh1LEwWRE/HRUOHe+b448o2CBvZ7jop2/dKHHYGCqImeOuxg9q0rNSitkuA8JnX44h1/btYwc2Z707jmQcIqiACUsU2InOy9x7KGnKUfeSm0rIbRRPYugjosofrW+VAPQOvzxG4jGLfkvlCmYBldBeDxqg919eTCIwFOXKKRkI9USN7ozNzG7DccdTKEwSDbOwXvsH7d7CxEvWBHj/igr0srk9xH4jzZhvFynTnxOM+2lLl0VlD18R8wjVvQFuODDqxH9qT27bvSAzkPsUIJkEZDMMVtdij2dTmI/93BlzCZGjfg==,iv:xz+nWncNHB1brJcxc2IBl1mwyBIBeTjgwGmwPvaFqAk=,tag:+5AmPUoeCwcHvnDSrjEiQA==,type:str]
sops:
shamir_threshold: 1
kms: []
@ -15,8 +16,8 @@ sops:
WkhIeEh1amh5K0hIb2FKZ0ppSGpBZlEKjF9ysJCX40H5vH4UuZSXryAThk3ipdlP
RML2if3bz+uMXgw+zdEx8Ac6IcOM25K0gco6g/6r20WYbKz9og5JuA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-19T02:38:20Z"
mac: ENC[AES256_GCM,data:OqqsVE2xKsCpIZqszpdBWl9jEToImVW/Vdb5p0HyqjUOL1NSdyRThxx7fft7RlL9Iqd340WrQ/F4kmQHr+4pIEBsKkwrWUh0sbVNz1uLXFasr1nXuhB32zCu6/gxW9fofT11aHBjnH6rLy6KTnXK56jiyaXKPc25EgzKC9aomR4=,iv:hmADJiouxO4dznlSbKXJcAJgRJKtiR5QlypWt3/I7o0=,tag:HBP0G5o30rZsj+2YpM5gkw==,type:str]
lastmodified: "2024-03-22T23:54:07Z"
mac: ENC[AES256_GCM,data:Uhu+T6indz3MjssA0v62+ob5nqih1QFJLnJD29k24rSnQPWerV6ZM+rT8kMr3wYDouyi+dZm4217wTPENj8sjmRdbCmLSsaR7FffSCDRI5pCDvzuQxSLAOGAbaWZl5zwFuUKQ8sD4xAfj7R3g+Kayyg8dvIovhs7pSTUHmMG+PI=,iv:xK1KqPN+J/y5PN6ZVbLj5QOlT/Q+5QfZo211RedRNCU=,tag:WWs+iVsY6DmBHlw0KcmrCA==,type:str]
pgp:
- created_at: "2024-03-13T22:39:09Z"
enc: |-

12
systems/utsuho/nixos.nix
View file

@ -1,6 +1,5 @@
{meta, config, access, ...}: let
inherit (config.services.nginx) virtualHosts;
tei = access.nixosFor "tei";
{meta, config, ...}: let
inherit (config.services) nginx;
in {
imports = let
inherit (meta) nixos;
@ -8,6 +7,7 @@ in {
nixos.sops
nixos.base
nixos.reisen-ct
nixos.ipa
nixos.cloudflared
nixos.nginx
nixos.access.unifi
@ -15,15 +15,17 @@ in {
];
services.cloudflared = let
tunnelId = "28bcd3fc-3467-4997-806b-546ba9995028";
inherit (config.services) unifi;
inherit (nginx) virtualHosts defaultHTTPListenPort;
tunnelId = "28bcd3fc-3467-4997-806b-546ba9995028";
localNginx = "http://localhost:${toString defaultHTTPListenPort}";
in {
tunnels.${tunnelId} = {
default = "http_status:404";
credentialsFile = config.sops.secrets.cloudflared-tunnel-utsuho.path;
ingress = {
${virtualHosts.unifi.serverName} = assert unifi.enable; {
service = "http://localhost";
service = localNginx;
};
};
};

5
systems/utsuho/secrets.yaml
View file

@ -1,4 +1,5 @@
cloudflared-tunnel-utsuho: ENC[AES256_GCM,data:GqhrwmOjfmj4VhecMS8765MPBq0URQlW64Hs7ljLVKFZdUKOz4trT+GusDEmTnHTSo+Tl24Bd6Z6TdyFKgacVOUFaPhO3EBkMrZ0rjFWVib4LsH3IH3/hctLiGJDbXLpu3WGnY/lYopPWr5870gzRfJCvbQecrFibsD9osksScttKOUVziTKSmYeOWHiTzI/ZrMUa3HMH3+O6rfajY2qq+v3O31/PS1cHEl+A2zfdmKVMbF/ugyVn/8cveYQGz5fsIDm11i5J9BrbWvaTH8=,iv:d9bW/dYRgk6QzWzUXu6IXUuwQo+Ghm1OPqU/lQLlss0=,tag:NNAOb/QUM41x/1Qhp2MWqw==,type:str]
krb5-keytab: ENC[AES256_GCM,data:BkpMT7O9JHmWKVRaMunuYjYMIa9+37IKJmahQE7tOIKzCjPdRkUjqB0+zbuuxQC4GA36vF16U8j3Rdu5mB/27pS/ZoOtOtLftyS5EcU6rzMZP09lsxdyO/9xGCXbIK/119tNN6+PMBuxmZFfP8+bnM3KlQHBnLbjXtGDeuHEMzH2PuTCxCRO5sVOYU/0dSlZioGB0eHJJszGFcMOMeEMuGyu3XiBwIfQ4tCD2Nw9SA8eSIQ7E0RXcRQtl0h9IEgjH1O6TkCBIsGRpVXHvcJgj5XhPYilmLenNtfi/JmyzjtCJbKAgi8J9o/Tox73ORKEzHSRSmUmr/e+EKrH1TdfH0t6/h5/tErhxqQwy0tEVbhcjH56r+n/65gH3kMO0QflKMM7Z9yk9v0+FJk5T1geEf+UT1tBvfCVQ8E5brxI0Jz9mPmkkSE1ZuGZ+gtw3rYwSUrWcgmbaH+r9dIvAKMgsFxDqRzhxjEXM1w=,iv:4+/cOA51FCE9lRpJ8ib3TEf1gKFqgTVg+SsujMMzWx4=,tag:ZaDx2AJhc7CEoMCmgcCWCQ==,type:str]
sops:
shamir_threshold: 1
kms: []
@ -15,8 +16,8 @@ sops:
aGMvcU4xQVNuczB5NGhZMnFlWnlkSGsKm8Z3rSM/uNN1522p0inM5vQ8+OY83FDI
I69BH9qL2ekRG2e2Qw+bjeHOUm9Qe9QSRsQPW3Z3XDdxEVxRgE9Avw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-21T17:43:11Z"
mac: ENC[AES256_GCM,data:g/e7TsFAbKZZpbbJyKZxbyjJ0fIDoPA+hrh7NbuJKJw8sSVBnhxbDBVzMELpekRg/HuXlYB9vf/2tVgIrDdSN8oF+JP6E5O5i7pebDSibpQ2aAsUadWBQfuzaCAu/jfbKbe7lAfU631nnkVP0K9wdj2aRRjElr68sbdfeSFIeBs=,iv:5Zr5dWk63ebyxNwXBOTjjmBg9UBJqB7BOQKtrJUafYM=,tag:D3gz/tEyZY6IIHhT19x/cw==,type:str]
lastmodified: "2024-03-22T23:44:00Z"
mac: ENC[AES256_GCM,data:l8QX2jzmUlDTs+HxGGSpuwBZ5+GTTtT6wdfH1JiPzQXBPkmOgh6qbcWDfDBSB/RCSvGYr01nhrOS0o/hFRrSB4YHGIeqvxBF+jSC/69BpWKSse1iGMFRvmDUuhk91fb3cVNJRsqUWczt83eJjnPIDVW4z6wRKcvVuZmG2S+2l2c=,iv:bakM1RALwvtHUp4bOTYLAGYyOph7fW8v/z+6z3Fqh+0=,tag:du776gXc4RQfrtNgN/Sxbg==,type:str]
pgp:
- created_at: "2024-03-21T17:32:41Z"
enc: |-