mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
chore(keycloak): cloudflared and vouch
This commit is contained in:
arcnmx
parent
b8714cc674
commit
2eef6e5508
15 changed files with 303 additions and 229 deletions
|
|
@ -40,27 +40,6 @@
|
|||
nameValuePair host {
|
||||
service = "http://${accessHostFor args}:${toString port}";
|
||||
};
|
||||
ingressForVouch = {
|
||||
host ? system.services.vouch-proxy.domain,
|
||||
port ? system.services.vouch-proxy.settings.vouch.port,
|
||||
hostName,
|
||||
system ? nixosFor hostName,
|
||||
...
|
||||
} @ args:
|
||||
nameValuePair host {
|
||||
service = "http://${accessHostFor args}:${toString port}";
|
||||
};
|
||||
ingressForKanidm = {
|
||||
host ? system.services.kanidm.server.frontend.domain,
|
||||
port ? system.services.kanidm.server.frontend.port,
|
||||
hostName,
|
||||
system ? nixosFor hostName,
|
||||
...
|
||||
} @ args:
|
||||
nameValuePair host {
|
||||
service = "https://${accessHostFor args}:${toString port}";
|
||||
originRequest.noTLSVerify = true;
|
||||
};
|
||||
in {
|
||||
sops.secrets.cloudflared-tunnel-apartment.owner = cfg.user;
|
||||
services.cloudflared = {
|
||||
|
|
@ -78,8 +57,6 @@ in {
|
|||
inherit hostName;
|
||||
})
|
||||
(ingressForHass {inherit hostName;})
|
||||
(ingressForVouch {inherit hostName;})
|
||||
(ingressForKanidm {inherit hostName;})
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@
|
|||
"/rpool/shared/mosquitto mnt/shared/mosquitto none bind,optional,create=dir",
|
||||
"/rpool/shared/hass mnt/shared/hass none bind,optional,create=dir",
|
||||
"/rpool/shared/postgresql mnt/shared/postgresql none bind,optional,create=dir",
|
||||
"/rpool/shared/kanidm mnt/shared/kanidm none bind,optional,create=dir",
|
||||
"/rpool/shared/unifi mnt/shared/unifi none bind,optional,create=dir",
|
||||
"/dev/ttyZigbee dev/ttyZigbee none bind,optional,create=file",
|
||||
"/dev/net/tun dev/net/tun none bind,optional,create=file"
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
...
|
||||
}: let
|
||||
inherit (lib.modules) mkIf mkMerge;
|
||||
inherit (config.services) kanidm mosquitto home-assistant;
|
||||
inherit (config.services) mosquitto home-assistant;
|
||||
in {
|
||||
imports = let
|
||||
inherit (meta) nixos;
|
||||
|
|
@ -19,8 +19,6 @@ in {
|
|||
nixos.access.zigbee2mqtt
|
||||
nixos.access.home-assistant
|
||||
nixos.access.unifi
|
||||
nixos.vouch
|
||||
nixos.kanidm
|
||||
nixos.unifi
|
||||
nixos.mosquitto
|
||||
nixos.home-assistant
|
||||
|
|
@ -43,10 +41,6 @@ in {
|
|||
|
||||
networking.firewall = {
|
||||
interfaces.local.allowedTCPPorts = mkMerge [
|
||||
(mkIf kanidm.enableServer [
|
||||
kanidm.server.frontend.port
|
||||
(mkIf kanidm.server.ldap.enable kanidm.server.ldap.port)
|
||||
])
|
||||
(mkIf home-assistant.enable [
|
||||
home-assistant.config.http.server_port
|
||||
])
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue