gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(vouch): separate local cookie

Browse source
This commit is contained in:
arcnmx 2024-09-04 16:45:38 -07:00
parent 5cbde2e43f
commit b8e5fda0a7
6 changed files with 88 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

9
systems/hakurei/nixos.nix
View file

@ -26,7 +26,7 @@ in {
nixos.ddclient
nixos.acme
nixos.nginx
nixos.vouch
nixos.vouch.local
nixos.access.nginx
nixos.access.global
nixos.access.mosquitto
@ -77,13 +77,6 @@ in {
};
};
# configure a secondary vouch instance for local clients, but don't use it by default
services.vouch-proxy = {
authUrl = "https://${virtualHosts.keycloak'local.serverName}/realms/${config.networking.domain}";
domain = "login.local.${config.networking.domain}";
settings.cookie.domain = "local.${config.networking.domain}";
};
security.acme.certs = {
hakurei = {
inherit (nginx) group;

2
systems/keycloak/nixos.nix
View file

@ -17,7 +17,7 @@ in {
nixos.keycloak
nixos.vaultwarden
nixos.cloudflared
nixos.vouch
nixos.vouch.gensokyo
nixos.nginx
nixos.access.vaultwarden
];