mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 20:39:18 -08:00
refactor: move kanidm to tei
This commit is contained in:
arcnmx
parent
b9e1f544f7
commit
b892e420ab
7 changed files with 80 additions and 28 deletions
|
|
@ -12,11 +12,8 @@
|
|||
systemFor = hostName: if hostName == config.networking.hostName
|
||||
then config
|
||||
else meta.network.nodes.${hostName};
|
||||
accessHostFor = { hostName, access ? "local", ... }: let
|
||||
host = {
|
||||
local = "${hostName}.local";
|
||||
tail = "${hostName}.tail.cutie.moe";
|
||||
}.${access} or (throw "unsupported access ${access}");
|
||||
accessHostFor = { hostName, system ? systemFor hostName, access ? "local", ... }: let
|
||||
host = system.networking.access.hostnameForNetwork.${access} or (throw "unsupported access ${access}");
|
||||
in if hostName == config.networking.hostName then "localhost" else host;
|
||||
ingressForNginx = { host ? system.networking.fqdn, port ? 80, hostName, system ? systemFor hostName }@args: nameValuePair host {
|
||||
service = "http://${accessHostFor args}:${toString port}";
|
||||
|
|
@ -44,10 +41,10 @@ in {
|
|||
default = "http_status:404";
|
||||
ingress = listToAttrs [
|
||||
(ingressForNginx { host = config.networking.domain; inherit hostName; })
|
||||
(ingressForNginx rec { host = (systemFor hostName).services.zigbee2mqtt.domain; hostName = "tewi"; })
|
||||
(ingressForNginx { host = (systemFor "tewi").services.zigbee2mqtt.domain; inherit hostName; })
|
||||
(ingressForHass { hostName = "tewi"; })
|
||||
(ingressForVouch { hostName = "tewi"; })
|
||||
(ingressForKanidm { hostName = "tewi"; })
|
||||
(ingressForVouch { inherit hostName; })
|
||||
(ingressForKanidm { inherit hostName; })
|
||||
];
|
||||
extraTunnel.ingress = mkMerge [
|
||||
(listToAttrs [
|
||||
|
|
|
|||
|
|
@ -11,10 +11,22 @@
|
|||
nixos.postgres
|
||||
nixos.nginx
|
||||
nixos.access.gensokyo
|
||||
nixos.access.zigbee2mqtt
|
||||
nixos.vouch
|
||||
nixos.kanidm
|
||||
./cloudflared.nix
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
|
||||
services.nginx.access.zigbee2mqtt = let
|
||||
inherit (meta.network.nodes) tewi;
|
||||
z2m = tewi.services.zigbee2mqtt;
|
||||
in {
|
||||
inherit (z2m) domain;
|
||||
inherit (z2m.settings.frontend) port;
|
||||
host = tewi.networking.access.hostnameForNetwork.tail;
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,6 @@
|
|||
tailscale-key: ENC[AES256_GCM,data:0ify9ntv5wgr8S8wUdV72mbjt3h/jjceFnocMEIndeEJ1VYTINKlyoPL8VxVJpsi0QxtH7T7pvw=,iv:iapyEmjAT2gGBj+fTfSRtGX1/cvBmqbyI9h1flPprPM=,tag:UZDyojQcVwkquDPiRtfGKQ==,type:str]
|
||||
vouch-client-secret: ENC[AES256_GCM,data:NSWRuvWo0uI1F4VP3NcMGwzlt1ctiaKG1g8XX91t2OU9UvdkuLYZYEzWfG7UEk2d,iv:HP3Q3kABV2tdHITPJlYQmv/iA4cu/ldC0BwPxKGFJU8=,tag:zCNF6POLbB5+Yzq+LeK5WQ==,type:str]
|
||||
vouch-jwt: ENC[AES256_GCM,data:Oh6iNnyx6LnlBAW+Hs94qdVOxPJ/fiKDxCN+FRTp+yp8xReC8Ky0tC+NlO18hwuAiFoR++sQ4cUlWJbGZqmtRA==,iv:TNDcvq8LeWYENc+oY+JIgM6pdbkEj/PFhBjpO2UIPCg=,tag:zt5kivDX4WTLwcWmR4vmpQ==,type:str]
|
||||
postgresql-init: ENC[AES256_GCM,data:AJY1PhgQ/vPYAugA+oqlm2CUjI+RZ3zVOd2zdMMtFt+uLmcxoAyap/zxvVDzCzzNY/jqAJnUaAr1aYw9Nd2icSMurR4=,iv:S4d4+1ncVlEzy50eU1lyPi3gPC+yvVZe6kGZa+oK2KU=,tag:U98pYwYf3sJRmB7Ac8g9Fw==,type:str]
|
||||
cloudflared-tunnel-apartment: ENC[AES256_GCM,data:ysak+T+01jwznciOLY8xq6vkL+7ELiby7EBoEU2fdJSblsnd6EX736vkNZQV8QznDy5hdJtMLddFGSxUHgWujkFIK7Ra8dbK+QoYLdEmgkaZqyHy95fWwkjUc4d8OyxPA4YVRfGYh2NOBhE++YXy7zeZbvlau55CydQT9EyiCh1QkJwCURfG65iCJ7Ml36X+GeB4F4i1JZsvqsz4mXhP9WgqgzwuWA==,iv:PHRsxe+0P20TwT/a14AeiLjh5RFbY1zm9HKaIiunTw8=,tag:/z4dsGKjKz5l6ISL0lX0KQ==,type:str]
|
||||
cloudflared-tunnel-apartment-deluge: ENC[AES256_GCM,data:Itq8yrIwCsvc3E2KOijK8TJqdw==,iv:+MMas0vLUb5p0kvXduMFa0D/nxkIZ6rOG9EpTjnCL0U=,tag:rD0NPDfP+wemrEsFbN/ZXA==,type:str]
|
||||
|
|
@ -18,8 +20,8 @@ sops:
|
|||
bGU0VHd0aFhHRC91WHh0Z0Y4TTE5QzgKpHehWfoJT4F1TtMHJ0tZkoJAPFAihQ7T
|
||||
aunsQeLHJkHv1eWKpraTmo+04GVZofwId/1TtOContveBynfxcuG7Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-01-13T20:45:42Z"
|
||||
mac: ENC[AES256_GCM,data:SVaQKEzVgl50f73vQHmAyy/Wq7fiiB5a5tZgToQ/Nc6yaC40ktApvhjVwlsNTJS6lfuLZ6krM+Ka0XzO3GRnj8MsrlIinhZaK7kP7+wPODZrSBVxgqT8Dpp/0JnB6/pplR1aVooC3GfP66Q3RPowkS+3CI/Oeor7D3hdDyX4b+0=,iv:+vp9BUG6N/lPeYFjtxM41JqpXKvX3oRqF6lSgZnN92Q=,tag:uPYI+XE218bjmacO9LWkIw==,type:str]
|
||||
lastmodified: "2024-01-14T17:09:19Z"
|
||||
mac: ENC[AES256_GCM,data:EiWpfwx/hiad44XeqmIYUvrvM5h/qzMScfwmbPBal+Za8edTGZ4tD+pD0+HDj/V7AQj4d7sSMtg9Y4UZnmyYK1qUD1Yx0BF2+9XjtGNAtayZc1rkoD7aBsb5IlTymp8GIJrEgUhBZAOPbrgMgqHHgZQXN9ym4bDRjPIwY/u0aUs=,iv:WhWGzQk4anrdIaf7EbVeReKiMw6z1w1wdrdpAGjJqIs=,tag:k8G5rvOgdjBaVVRmVyL9hg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-01-07T21:18:21Z"
|
||||
enc: |-
|
||||
|
|
|
|||
|
|
@ -44,9 +44,6 @@ in {
|
|||
nixos.sops
|
||||
nixos.tailscale
|
||||
nixos.nginx
|
||||
nixos.access.zigbee2mqtt
|
||||
nixos.vouch
|
||||
nixos.kanidm
|
||||
nixos.mosquitto
|
||||
nixos.zigbee2mqtt
|
||||
nixos.deluge
|
||||
|
|
|
|||
|
|
@ -3,8 +3,6 @@ hass-pass: ENC[AES256_GCM,data:LvoI4sQ77HpYdmNoPLQ=,iv:oAQGTqBh1sf4fbuWGs9AqCE1y
|
|||
systemd-pass: ENC[AES256_GCM,data:3bEqqWsnBHOgzD95YqwDvg==,iv:ack6EGhE2GzxwRi3gwj1A19Tzi2PJ9iiisMrKozPV/M=,tag:uCR51yn9dAG2x9DCfo1mGQ==,type:str]
|
||||
z2m-pass: ENC[AES256_GCM,data:1bqOab8EQbniAMeL9XRmDg==,iv:uUU3kbuCRIGaueTPE54EHwm4IGwUu+67O4gPYZmd1h4=,tag:iceTSLsRuADiOgZ5cnlnjw==,type:str]
|
||||
tailscale-key: ENC[AES256_GCM,data:dGqnKoCFSF6ZmeptOP7bGy4HYDdUCC1oTdXpiUURDgXl/FltOKExby0=,iv:c8yN1XLk3ZAAzkBozzHJ9BWerWdiNQG/p8e46j8cZyo=,tag:E5Ey5R+t372yLE6XegoOrA==,type:str]
|
||||
vouch-client-secret: ENC[AES256_GCM,data:4MZL99JM4AeUcUfZ8a335utxgqvdH5PCc1R3KAvuOGpaWFGmU7CaD3vV5eLJ62gJ,iv:n1xbPBHi2TcZ12lm7LqItv2aOo7dkgzRh10uxFsy3yM=,tag:+fmJzYMhbiUae/kSyWbT5Q==,type:str]
|
||||
vouch-jwt: ENC[AES256_GCM,data:XDalZtedsBNnDYApmWpdYR9yHBvNXA2DlMmKyCPmcMlqTlbAIVL702/HzTaWLvwpgVXpn3pgG8hNXm9rUE764Q==,iv:qyvGCsildhYgzQiYQ4M0H6eFYrKp8aTkwEeZywpQqHM=,tag:ogtAgvpYE43VPhLhD4NuNA==,type:str]
|
||||
openiscsi-config: ENC[AES256_GCM,data:xyZVJRzR4vK+UAtq3+/QcszLIlcHXYifHnFKm5tVbFUj3c7PjxYGLkvXZfFvERStewdNIQ==,iv:BcbEupXiLECXwfETaVOqfHQ+vkBbrGxkQn54WBYug54=,tag:e0cddYTQAfzSk2AhvzJFvA==,type:str]
|
||||
openiscsi-env: ENC[AES256_GCM,data:uAlnrtk64UQukKBWHYrH5J4Ys+GIpu5zDg==,iv:7ahUk9nocs4cSgtr/A4G0Xhlp7pZj/bUlUDLMMYEAMk=,tag:rE2mdBGT3kZqyoDIaKUY3w==,type:str]
|
||||
systemd2mqtt-env: ENC[AES256_GCM,data:Zo3+acCcMWgai2ERKbmOlI0hvdkOlNviBqeLb1ALuA==,iv:NxXBDCEevBRqMDY9/3z/Uq2+vENswkYTgTa82wKc32U=,tag:01WUphYRJrwmHv9HE4ac8w==,type:str]
|
||||
|
|
@ -39,8 +37,8 @@ sops:
|
|||
VndVTG0zQWhsUHcwTkFjK2ZPdzRPUUEKJ3flgZ6/s+TjlFgzsANYaOFiEPQuE4zR
|
||||
7npNUDFLe26Q32G3j/lLSBzZZfKoOC5SOSp9TB8eWMYSxfNnXEIu0g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-01-13T20:45:28Z"
|
||||
mac: ENC[AES256_GCM,data:733JRbccdRsiar7P00Dbg91w6qyORH7D0dC+11xhx50SAI5PHr9yAjQyP5lFqf629imNMUBmZ3Fh/eC+BlZSoCuUWheQvQVXUmPsI1RftOgRFzOHqIn/ColrG2PkaOzNHrpWMzRa3mpe0q4bQLco10/rcUPYZtbRNGZbSBta/M4=,iv:1z+h3ZLi+f8qQfN8amejoX8akN6j4+mdW+/02mEh6Pk=,tag:KsTaK+EIYLI9BHNsaPODwA==,type:str]
|
||||
lastmodified: "2024-01-14T17:09:08Z"
|
||||
mac: ENC[AES256_GCM,data:8c0s0CS48jjcnrT45el5qWWI9MAIF4zP3vhR7B0I1QDSBk6id52t9x0N+/yF/VwfDOpZ5rj72GxI46yleMQqgutzuqZve3Bwhk46uVoPQ+21lgVAzHd+DJ3pBddczSjzFKrKWi4HJz1jhf3bsNxIMqDhxj0TPcgnRnsn98M6rqc=,iv:sQEttA+NTQqLptxyCquOgjc6pyLRei8500DQHB3fAnU=,tag:Z5dL7mRIy+1wsrrIR1oMEA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-03-10T17:06:53Z"
|
||||
enc: |
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue