gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(idp): records

Browse source
This commit is contained in:
arcnmx 2024-01-30 20:50:18 -08:00
parent 38787f79d1
commit 6428d469bd
3 changed files with 18 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
nixos/access/kanidm.nix
View file

@ -65,6 +65,10 @@ in {
port = mkOption { port = mkOption {
type = port; type = port;
}; };
ldapHost = mkOption {
type = str;
default = access.host;
};
ldapPort = mkOption { ldapPort = mkOption {
type = port; type = port;
}; };
@ -101,7 +105,7 @@ in {
listen 0.0.0.0:389; listen 0.0.0.0:389;
listen [::]:389; listen [::]:389;
${allows} ${allows}
proxy_pass ${access.host}:${toString access.ldapPort}; proxy_pass ${access.ldapHost}:${toString access.ldapPort};
proxy_ssl on; proxy_ssl on;
proxy_ssl_verify off; proxy_ssl_verify off;
} }
@ -109,7 +113,7 @@ in {
listen 0.0.0.0:636 ssl; listen 0.0.0.0:636 ssl;
listen [::]:636 ssl; listen [::]:636 ssl;
${sslConfig} ${sslConfig}
proxy_pass ${access.host}:${toString access.ldapPort}; proxy_pass ${access.ldapHost}:${toString access.ldapPort};
proxy_ssl on; proxy_ssl on;
proxy_ssl_verify off; proxy_ssl_verify off;
} }

5
systems/hakurei/nixos.nix
View file

@ -92,8 +92,9 @@ in {
access.kanidm = assert kanidm.enableServer; { access.kanidm = assert kanidm.enableServer; {
inherit (kanidm.server.frontend) domain port; inherit (kanidm.server.frontend) domain port;
host = tei.networking.access.hostnameForNetwork.local; host = tei.networking.access.hostnameForNetwork.local;
ldapPort = kanidm.server.ldap.port; ldapHost = "idp.local.${config.networking.domain}";
ldapEnable = kanidm.server.ldap.enable; ldapPort = 389;
ldapEnable = true;
}; };
virtualHosts = { virtualHosts = {
${access.kanidm.domain} = { ${access.kanidm.domain} = {

9
tf/cloudflare_records.tf
View file

@ -69,6 +69,15 @@ module "mediabox_system_records" {
] ]
} }
module "idp_system_records" {
source = "./system/records"
name = "idp"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
local_v4 = "10.1.1.46"
local_v6 = "fd0a::be24:11ff:fe3d:3991"
}
module "kubernetes_system_records" { module "kubernetes_system_records" {
source = "./system/records" source = "./system/records"
name = "kubernetes" name = "kubernetes"