gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(idp): cockpit access

Browse source
This commit is contained in:
arcnmx 2024-05-13 10:53:57 -07:00
parent f826d2bb4a
commit c51febd94d
6 changed files with 57 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

1
systems/freeipa/default.nix
View file

@ -36,6 +36,7 @@ _: {
enable = true;
ports.public.enable = false;
};
cockpit.enable = true;
freeipa.enable = true;
ldap.enable = true;
kerberos.enable = true;

4
systems/hakurei/nixos.nix
View file

@ -62,6 +62,7 @@ in {
credentialsFile = config.sops.secrets.cloudflared-tunnel-hakurei.path;
ingress = mkMerge [
(virtualHosts.freeipa'web.proxied.cloudflared.getIngress {})
(virtualHosts.freeipa'cockpit.proxied.cloudflared.getIngress {})
(virtualHosts.prox.proxied.cloudflared.getIngress {})
(virtualHosts.gensokyoZone.proxied.cloudflared.getIngress {})
];
@ -166,6 +167,8 @@ in {
virtualHosts.freeipa.otherServerNames
virtualHosts.freeipa'web.allServerNames
virtualHosts.freeipa'web'local.allServerNames
virtualHosts.freeipa'cockpit.allServerNames
virtualHosts.freeipa'cockpit'local.allServerNames
virtualHosts.freeipa'ldap.allServerNames
virtualHosts.freeipa'ldap'local.allServerNames
(mkIf virtualHosts.freeipa'ldap'tail.enable virtualHosts.freeipa'ldap'tail.allServerNames)
@ -237,6 +240,7 @@ in {
ssl.cert.enable = true;
};
freeipa'web.proxied.enable = "cloudflared";
freeipa'cockpit.proxied.enable = "cloudflared";
keycloak = {
# we're not the real sso record-holder, so don't respond globally..
local.denyGlobal = true;