gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

glauth: Working

Browse source
This commit is contained in:
kat witch 2021-09-05 00:03:41 +01:00
parent a1d46f5301
commit acfa259b2a
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
4 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
config/services/glauth/default.nix
View file

@ -1,6 +1,10 @@
{ config, tf, lib, ... }: with lib; {
network.firewall.public.tcp.ports = singleton 3984;
network.extraCerts.domain-auth = "auth.${config.network.dns.domain}";
users.groups.domain-auth.members = [ "nginx" "glauth" ];
security.acme.certs.domain-auth.group = "domain-auth";
services.glauth = {
enable = true;
configFile = config.secrets.files.glauth-config-file.path;
@ -19,8 +23,8 @@
ldaps = {
enabled = true;
listen = "0.0.0.0:3894";
cert = "/var/lib/acme/auth.kittywit.ch/fullchain.pem";
key = "/var/lib/acme/auth.kittywit.ch/key.pem";
cert = "/var/lib/acme/domain-auth/fullchain.pem";
key = "/var/lib/acme/domain-auth/key.pem";
};
backend = {
baseDN = "dc=kittywitch,dc=com";

2
config/services/keycloak/default.nix
View file

@ -29,7 +29,7 @@
};
services.nginx.virtualHosts."auth.${config.network.dns.domain}" = {
enableACME = true;
useACMEHost = "domain-auth";
forceSSL = true;
locations = { "/".proxyPass = "http://127.0.0.1:8089"; };
};