gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(idp): clean up ssl config a little

Browse source
This commit is contained in:
arcnmx 2024-03-13 11:34:04 -07:00
parent 3495b5285e
commit 97d9eecd3c
2 changed files with 7 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nixos/access/freeipa.nix
View file

@ -181,13 +181,19 @@ in {
virtualHosts = { virtualHosts = {
${access.domain} = { ${access.domain} = {
inherit locations extraConfig; inherit locations extraConfig;
inherit (access) useACMEHost;
forceSSL = mkDefault (access.useACMEHost != null);
}; };
${access.globalDomain} = { ${access.globalDomain} = {
inherit locations extraConfig; inherit locations extraConfig;
inherit (access) useACMEHost;
forceSSL = mkDefault (access.useACMEHost != null || virtualHosts.${access.domain}.forceSSL);
}; };
${access.caDomain} = { ${access.caDomain} = {
locations = caLocations; locations = caLocations;
inherit extraConfig; inherit extraConfig;
inherit (access) useACMEHost;
forceSSL = mkDefault (access.useACMEHost != null || virtualHosts.${access.domain}.forceSSL);
}; };
${access.localDomain} = { ${access.localDomain} = {
inherit (virtualHosts.${access.domain}) useACMEHost; inherit (virtualHosts.${access.domain}) useACMEHost;

9
systems/hakurei/nixos.nix
View file

@ -180,6 +180,7 @@ in {
useACMEHost = access.unifi.domain; useACMEHost = access.unifi.domain;
}; };
access.freeipa = { access.freeipa = {
useACMEHost = access.freeipa.domain;
host = "idp.local.${config.networking.domain}"; host = "idp.local.${config.networking.domain}";
kerberos.ports.kpasswd = 464; kerberos.ports.kpasswd = 464;
}; };
@ -197,14 +198,6 @@ in {
${access.kanidm.domain} = { ${access.kanidm.domain} = {
useACMEHost = access.kanidm.domain; useACMEHost = access.kanidm.domain;
}; };
${access.freeipa.domain} = {
forceSSL = true;
useACMEHost = access.freeipa.domain;
};
${access.freeipa.caDomain} = {
forceSSL = true;
useACMEHost = access.freeipa.domain;
};
${access.freepbx.domain} = { ${access.freepbx.domain} = {
local.enable = true; local.enable = true;
}; };