gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(access): kitchen

Browse source
This commit is contained in:
arcnmx 2024-02-09 18:05:20 -08:00
parent c77ca83fb1
commit d57c3e7b1a
3 changed files with 108 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

75
nixos/access/kitchencam.nix Normal file
View file

@ -0,0 +1,75 @@
{
config,
lib,
...
}: let
inherit (lib.options) mkOption;
inherit (lib.modules) mkIf mkDefault;
inherit (config.services.nginx) virtualHosts;
access = config.services.nginx.access.kitchencam;
in {
options.services.nginx.access.kitchencam = with lib.types; {
host = mkOption {
type = str;
default = "kitchencam.local.${config.networking.domain}";
};
url = mkOption {
type = str;
default = "http://${access.host}:8080";
};
streamUrl = mkOption {
type = str;
default = "http://${access.host}:8081";
};
domain = mkOption {
type = str;
default = "kitchen.${config.networking.domain}";
};
localDomain = mkOption {
type = str;
default = "kitchen.local.${config.networking.domain}";
};
tailDomain = mkOption {
type = str;
default = "kitchen.tail.${config.networking.domain}";
};
useACMEHost = mkOption {
type = nullOr str;
default = null;
};
};
config.services.nginx = {
virtualHosts = let
extraConfig = ''
proxy_redirect off;
proxy_buffering off;
'';
locations = {
"/" = {
proxy.websocket.enable = true;
proxyPass = access.url;
};
"/stream" = {
proxy.websocket.enable = true;
proxyPass = access.streamUrl;
};
};
in {
${access.domain} = {
vouch.enable = true;
kTLS = mkDefault true;
inherit (access) useACMEHost;
forceSSL = mkDefault (access.useACMEHost != null);
inherit locations extraConfig;
};
${access.localDomain} = {
serverAliases = mkIf config.services.tailscale.enable [ access.tailDomain ];
inherit (virtualHosts.${access.domain}) useACMEHost;
addSSL = mkDefault (access.useACMEHost != null || virtualHosts.${access.domain}.addSSL || virtualHosts.${access.domain}.forceSSL);
kTLS = mkDefault true;
local.enable = true;
inherit locations extraConfig;
};
};
};
}

24
systems/hakurei/nixos.nix
View file

@ -9,7 +9,7 @@
mediabox = access.systemFor "mediabox";
tei = access.systemFor "tei";
inherit (mediabox.services) plex;
inherit (tei.services) kanidm;
inherit (tei.services) kanidm vouch-proxy;
in {
imports = let
inherit (meta) nixos;
@ -28,6 +28,7 @@ in {
nixos.access.gensokyo
nixos.access.kanidm
nixos.access.freeipa
nixos.access.kitchencam
nixos.access.proxmox
nixos.access.plex
nixos.samba
@ -98,6 +99,17 @@ in {
inherit (nginx) group;
extraDomainNames = [access.plex.localDomain];
};
${access.kitchencam.domain} = {
inherit (nginx) group;
extraDomainNames = mkMerge [
[
access.kitchencam.localDomain
]
(mkIf tailscale.enable [
access.kitchencam.tailDomain
])
];
};
};
services.nginx = let
@ -114,6 +126,9 @@ in {
access.freeipa = {
host = "idp.local.${config.networking.domain}";
};
access.kitchencam = {
useACMEHost = access.kitchencam.domain;
};
virtualHosts = {
${access.kanidm.domain} = {
useACMEHost = access.kanidm.domain;
@ -129,6 +144,13 @@ in {
addSSL = true;
useACMEHost = access.plex.domain;
};
${access.kitchencam.domain} = {
vouch = {
authUrl = vouch-proxy.authUrl;
url = vouch-proxy.url;
proxyOrigin = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";
};
};
};
};

10
tf/cloudflare_records.tf
View file

@ -21,12 +21,14 @@ module "hakurei_system_records" {
"ldap",
"freeipa",
"smb",
"kitchen",
]
global_subdomains = [
"plex",
"idp",
"ldap",
"smb",
"kitchen",
]
}
@ -89,6 +91,14 @@ module "kubernetes_system_records" {
local_v6 = "fd0a::be24:11ff:fe49:fedc"
}
module "kitchencam_system_records" {
source = "./system/records"
name = "kitchencam"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
local_v6 = "fd0a::ba27:ebff:fea8:f4ff"
}
module "tewi_legacy_system_records" {
source = "./system/records"
name = "tewi"