diff --git a/nixos/access/kanidm.nix b/nixos/access/kanidm.nix index 5aa0cc69..bb54abb1 100644 --- a/nixos/access/kanidm.nix +++ b/nixos/access/kanidm.nix @@ -65,6 +65,10 @@ in { port = mkOption { type = port; }; + ldapHost = mkOption { + type = str; + default = access.host; + }; ldapPort = mkOption { type = port; }; @@ -101,7 +105,7 @@ in { listen 0.0.0.0:389; listen [::]:389; ${allows} - proxy_pass ${access.host}:${toString access.ldapPort}; + proxy_pass ${access.ldapHost}:${toString access.ldapPort}; proxy_ssl on; proxy_ssl_verify off; } @@ -109,7 +113,7 @@ in { listen 0.0.0.0:636 ssl; listen [::]:636 ssl; ${sslConfig} - proxy_pass ${access.host}:${toString access.ldapPort}; + proxy_pass ${access.ldapHost}:${toString access.ldapPort}; proxy_ssl on; proxy_ssl_verify off; } diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix index 119c6a51..558528bd 100644 --- a/systems/hakurei/nixos.nix +++ b/systems/hakurei/nixos.nix @@ -92,8 +92,9 @@ in { access.kanidm = assert kanidm.enableServer; { inherit (kanidm.server.frontend) domain port; host = tei.networking.access.hostnameForNetwork.local; - ldapPort = kanidm.server.ldap.port; - ldapEnable = kanidm.server.ldap.enable; + ldapHost = "idp.local.${config.networking.domain}"; + ldapPort = 389; + ldapEnable = true; }; virtualHosts = { ${access.kanidm.domain} = { diff --git a/tf/cloudflare_records.tf b/tf/cloudflare_records.tf index 9e87da96..850f091c 100644 --- a/tf/cloudflare_records.tf +++ b/tf/cloudflare_records.tf @@ -69,6 +69,15 @@ module "mediabox_system_records" { ] } +module "idp_system_records" { + source = "./system/records" + name = "idp" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + local_v4 = "10.1.1.46" + local_v6 = "fd0a::be24:11ff:fe3d:3991" +} + module "kubernetes_system_records" { source = "./system/records" name = "kubernetes"