gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(kuwubernetes): provide dex secrets as prep for dex install

Browse source
This commit is contained in:
Kat Inskip 2024-01-21 12:30:53 -08:00
parent 26f1631d71
commit 6103dfe0f1
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
4 changed files with 40 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

29
systems/kuwubernetes/nixos.nix
View file

@ -4,7 +4,18 @@
lib,
modulesPath,
...
}: {
}: let
inherit (lib.attrsets) genAttrs nameValuePair;
inherit (builtins) listToAttrs;
dexFiles = [
"ca-key.pem"
"ca.pem"
"ca.srl"
"csr.pem"
"key.pem"
"req.cnf"
];
in {
imports = with meta; [
(modulesPath + "/profiles/qemu-guest.nix")
nixos.sops
@ -35,9 +46,19 @@
networking.interfaces.ens18.useDHCP = true;
sops.secrets.cloudflare_kubernetes_tunnel = {
owner = config.services.cloudflared.user;
};
sops.secrets = let
dexCommon = {
owner = "kubernetes";
};
in
{
cloudflare_kubernetes_tunnel = {
owner = config.services.cloudflared.user;
};
}
// (genAttrs (map (name: "dex-${name}") dexFiles) (_: dexCommon));
environment.etc = listToAttrs (map (name: nameValuePair "dex-ssl/${name}" {source = config.sops.secrets."dex-${name}".path;}) dexFiles);
services.cloudflared = let
tunnelId = "3dde2376-1dd1-4282-b5a4-aba272594976";