gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(idp): access via hakurei

Browse source
This commit is contained in:
arcnmx 2024-01-31 09:46:31 -08:00
parent 6428d469bd
commit 6dc06a746a
5 changed files with 260 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

30
systems/hakurei/nixos.nix
View file

@ -26,6 +26,7 @@ in {
nixos.access.global
nixos.access.gensokyo
nixos.access.kanidm
nixos.access.freeipa
nixos.access.proxmox
nixos.access.plex
./reisen-ssh.nix
@ -56,18 +57,32 @@ in {
inherit (nginx) group;
extraDomainNames = mkMerge [
[access.kanidm.localDomain]
(mkIf kanidm.server.ldap.enable [
(mkIf access.kanidm.ldapEnable [
access.kanidm.ldapDomain
access.kanidm.ldapLocalDomain
])
(mkIf tailscale.enable [
access.kanidm.tailDomain
])
(mkIf (kanidm.server.ldap.enable && tailscale.enable) [
(mkIf (access.kanidm.ldapEnable && tailscale.enable) [
access.kanidm.ldapTailDomain
])
];
};
${access.freeipa.domain} = {
inherit (nginx) group;
extraDomainNames = mkMerge [
[
access.freeipa.localDomain
access.ldap.domain
access.ldap.localDomain
]
(mkIf tailscale.enable [
access.freeipa.tailDomain
access.ldap.tailDomain
])
];
};
${access.proxmox.domain} = {
inherit (nginx) group;
extraDomainNames = mkMerge [
@ -92,14 +107,19 @@ in {
access.kanidm = assert kanidm.enableServer; {
inherit (kanidm.server.frontend) domain port;
host = tei.networking.access.hostnameForNetwork.local;
ldapHost = "idp.local.${config.networking.domain}";
ldapPort = 389;
ldapEnable = true;
ldapEnable = false;
};
access.freeipa = {
host = "idp.local.${config.networking.domain}";
};
virtualHosts = {
${access.kanidm.domain} = {
useACMEHost = access.kanidm.domain;
};
${access.freeipa.domain} = {
forceSSL = true;
useACMEHost = access.freeipa.domain;
};
${access.proxmox.domain} = {
useACMEHost = access.proxmox.domain;
};