gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: move kanidm to tei

Browse source
This commit is contained in:
arcnmx 2024-01-14 09:40:34 -08:00
parent b9e1f544f7
commit b892e420ab
7 changed files with 80 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

13
systems/tei/cloudflared.nix
View file

@ -12,11 +12,8 @@
systemFor = hostName: if hostName == config.networking.hostName
then config
else meta.network.nodes.${hostName};
accessHostFor = { hostName, access ? "local", ... }: let
host = {
local = "${hostName}.local";
tail = "${hostName}.tail.cutie.moe";
}.${access} or (throw "unsupported access ${access}");
accessHostFor = { hostName, system ? systemFor hostName, access ? "local", ... }: let
host = system.networking.access.hostnameForNetwork.${access} or (throw "unsupported access ${access}");
in if hostName == config.networking.hostName then "localhost" else host;
ingressForNginx = { host ? system.networking.fqdn, port ? 80, hostName, system ? systemFor hostName }@args: nameValuePair host {
service = "http://${accessHostFor args}:${toString port}";
@ -44,10 +41,10 @@ in {
default = "http_status:404";
ingress = listToAttrs [
(ingressForNginx { host = config.networking.domain; inherit hostName; })
(ingressForNginx rec { host = (systemFor hostName).services.zigbee2mqtt.domain; hostName = "tewi"; })
(ingressForNginx { host = (systemFor "tewi").services.zigbee2mqtt.domain; inherit hostName; })
(ingressForHass { hostName = "tewi"; })
(ingressForVouch { hostName = "tewi"; })
(ingressForKanidm { hostName = "tewi"; })
(ingressForVouch { inherit hostName; })
(ingressForKanidm { inherit hostName; })
];
extraTunnel.ingress = mkMerge [
(listToAttrs [

12
systems/tei/nixos.nix
View file

@ -11,10 +11,22 @@
nixos.postgres
nixos.nginx
nixos.access.gensokyo
nixos.access.zigbee2mqtt
nixos.vouch
nixos.kanidm
./cloudflared.nix
];
sops.defaultSopsFile = ./secrets.yaml;
services.nginx.access.zigbee2mqtt = let
inherit (meta.network.nodes) tewi;
z2m = tewi.services.zigbee2mqtt;
in {
inherit (z2m) domain;
inherit (z2m.settings.frontend) port;
host = tewi.networking.access.hostnameForNetwork.tail;
};
system.stateVersion = "23.11";
}

6
systems/tei/secrets.yaml
View file

@ -1,4 +1,6 @@
tailscale-key: ENC[AES256_GCM,data:0ify9ntv5wgr8S8wUdV72mbjt3h/jjceFnocMEIndeEJ1VYTINKlyoPL8VxVJpsi0QxtH7T7pvw=,iv:iapyEmjAT2gGBj+fTfSRtGX1/cvBmqbyI9h1flPprPM=,tag:UZDyojQcVwkquDPiRtfGKQ==,type:str]
vouch-client-secret: ENC[AES256_GCM,data:NSWRuvWo0uI1F4VP3NcMGwzlt1ctiaKG1g8XX91t2OU9UvdkuLYZYEzWfG7UEk2d,iv:HP3Q3kABV2tdHITPJlYQmv/iA4cu/ldC0BwPxKGFJU8=,tag:zCNF6POLbB5+Yzq+LeK5WQ==,type:str]
vouch-jwt: ENC[AES256_GCM,data:Oh6iNnyx6LnlBAW+Hs94qdVOxPJ/fiKDxCN+FRTp+yp8xReC8Ky0tC+NlO18hwuAiFoR++sQ4cUlWJbGZqmtRA==,iv:TNDcvq8LeWYENc+oY+JIgM6pdbkEj/PFhBjpO2UIPCg=,tag:zt5kivDX4WTLwcWmR4vmpQ==,type:str]
postgresql-init: ENC[AES256_GCM,data:AJY1PhgQ/vPYAugA+oqlm2CUjI+RZ3zVOd2zdMMtFt+uLmcxoAyap/zxvVDzCzzNY/jqAJnUaAr1aYw9Nd2icSMurR4=,iv:S4d4+1ncVlEzy50eU1lyPi3gPC+yvVZe6kGZa+oK2KU=,tag:U98pYwYf3sJRmB7Ac8g9Fw==,type:str]
cloudflared-tunnel-apartment: ENC[AES256_GCM,data:ysak+T+01jwznciOLY8xq6vkL+7ELiby7EBoEU2fdJSblsnd6EX736vkNZQV8QznDy5hdJtMLddFGSxUHgWujkFIK7Ra8dbK+QoYLdEmgkaZqyHy95fWwkjUc4d8OyxPA4YVRfGYh2NOBhE++YXy7zeZbvlau55CydQT9EyiCh1QkJwCURfG65iCJ7Ml36X+GeB4F4i1JZsvqsz4mXhP9WgqgzwuWA==,iv:PHRsxe+0P20TwT/a14AeiLjh5RFbY1zm9HKaIiunTw8=,tag:/z4dsGKjKz5l6ISL0lX0KQ==,type:str]
cloudflared-tunnel-apartment-deluge: ENC[AES256_GCM,data:Itq8yrIwCsvc3E2KOijK8TJqdw==,iv:+MMas0vLUb5p0kvXduMFa0D/nxkIZ6rOG9EpTjnCL0U=,tag:rD0NPDfP+wemrEsFbN/ZXA==,type:str]
@ -18,8 +20,8 @@ sops:
bGU0VHd0aFhHRC91WHh0Z0Y4TTE5QzgKpHehWfoJT4F1TtMHJ0tZkoJAPFAihQ7T
aunsQeLHJkHv1eWKpraTmo+04GVZofwId/1TtOContveBynfxcuG7Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-13T20:45:42Z"
mac: ENC[AES256_GCM,data:SVaQKEzVgl50f73vQHmAyy/Wq7fiiB5a5tZgToQ/Nc6yaC40ktApvhjVwlsNTJS6lfuLZ6krM+Ka0XzO3GRnj8MsrlIinhZaK7kP7+wPODZrSBVxgqT8Dpp/0JnB6/pplR1aVooC3GfP66Q3RPowkS+3CI/Oeor7D3hdDyX4b+0=,iv:+vp9BUG6N/lPeYFjtxM41JqpXKvX3oRqF6lSgZnN92Q=,tag:uPYI+XE218bjmacO9LWkIw==,type:str]
lastmodified: "2024-01-14T17:09:19Z"
mac: ENC[AES256_GCM,data:EiWpfwx/hiad44XeqmIYUvrvM5h/qzMScfwmbPBal+Za8edTGZ4tD+pD0+HDj/V7AQj4d7sSMtg9Y4UZnmyYK1qUD1Yx0BF2+9XjtGNAtayZc1rkoD7aBsb5IlTymp8GIJrEgUhBZAOPbrgMgqHHgZQXN9ym4bDRjPIwY/u0aUs=,iv:WhWGzQk4anrdIaf7EbVeReKiMw6z1w1wdrdpAGjJqIs=,tag:k8G5rvOgdjBaVVRmVyL9hg==,type:str]
pgp:
- created_at: "2024-01-07T21:18:21Z"
enc: |-