feat(idp): records

nixos/access/kanidm.nix

@@ -65,6 +65,10 @@ in {
     port = mkOption {
       type = port;
     };
+    ldapHost = mkOption {
+      type = str;
+      default = access.host;
+    };
     ldapPort = mkOption {
       type = port;
     };
@@ -101,7 +105,7 @@ in {
           listen 0.0.0.0:389;
           listen [::]:389;
           ${allows}
-          proxy_pass ${access.host}:${toString access.ldapPort};
+          proxy_pass ${access.ldapHost}:${toString access.ldapPort};
           proxy_ssl on;
           proxy_ssl_verify off;
         }
@@ -109,7 +113,7 @@ in {
           listen 0.0.0.0:636 ssl;
           listen [::]:636 ssl;
           ${sslConfig}
-          proxy_pass ${access.host}:${toString access.ldapPort};
+          proxy_pass ${access.ldapHost}:${toString access.ldapPort};
           proxy_ssl on;
           proxy_ssl_verify off;
         }

systems/hakurei/nixos.nix

@@ -92,8 +92,9 @@ in {
     access.kanidm = assert kanidm.enableServer; {
       inherit (kanidm.server.frontend) domain port;
       host = tei.networking.access.hostnameForNetwork.local;
-      ldapPort = kanidm.server.ldap.port;
-      ldapEnable = kanidm.server.ldap.enable;
+      ldapHost = "idp.local.${config.networking.domain}";
+      ldapPort = 389;
+      ldapEnable = true;
     };
     virtualHosts = {
       ${access.kanidm.domain} = {

tf/cloudflare_records.tf

@@ -69,6 +69,15 @@ module "mediabox_system_records" {
   ]
 }
 
+module "idp_system_records" {
+  source    = "./system/records"
+  name      = "idp"
+  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
+  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
+  local_v4  = "10.1.1.46"
+  local_v6  = "fd0a::be24:11ff:fe3d:3991"
+}
+
 module "kubernetes_system_records" {
   source    = "./system/records"
   name      = "kubernetes"