feat(access): kitchen

2026-02-09 12:29:19 -08:00 · 2024-02-09 18:05:20 -08:00 · 2024-02-09 18:05:20 -08:00 · d57c3e7b1a
commit d57c3e7b1a
parent c77ca83fb1
3 changed files with 108 additions and 1 deletions
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@ -9,7 +9,7 @@
  mediabox = access.systemFor "mediabox";
  tei = access.systemFor "tei";
  inherit (mediabox.services) plex;
-  inherit (tei.services) kanidm;
+  inherit (tei.services) kanidm vouch-proxy;
 in {
  imports = let
    inherit (meta) nixos;
@ -28,6 +28,7 @@ in {
    nixos.access.gensokyo
    nixos.access.kanidm
    nixos.access.freeipa
+    nixos.access.kitchencam
    nixos.access.proxmox
    nixos.access.plex
    nixos.samba
@ -98,6 +99,17 @@ in {
      inherit (nginx) group;
      extraDomainNames = [access.plex.localDomain];
    };
+    ${access.kitchencam.domain} = {
+      inherit (nginx) group;
+      extraDomainNames = mkMerge [
+        [
+          access.kitchencam.localDomain
+        ]
+        (mkIf tailscale.enable [
+          access.kitchencam.tailDomain
+        ])
+      ];
+    };
  };

  services.nginx = let
@ -114,6 +126,9 @@ in {
    access.freeipa = {
      host = "idp.local.${config.networking.domain}";
    };
+    access.kitchencam = {
+      useACMEHost = access.kitchencam.domain;
+    };
    virtualHosts = {
      ${access.kanidm.domain} = {
        useACMEHost = access.kanidm.domain;
@ -129,6 +144,13 @@ in {
        addSSL = true;
        useACMEHost = access.plex.domain;
      };
+      ${access.kitchencam.domain} = {
+        vouch = {
+          authUrl = vouch-proxy.authUrl;
+          url = vouch-proxy.url;
+          proxyOrigin = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";
+        };
+      };
    };
  };