gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(vouch): local access

Browse source
This commit is contained in:
arcnmx 2024-02-19 13:20:57 -08:00
parent ee2618061d
commit e4596f256f
5 changed files with 182 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

20
systems/hakurei/nixos.nix
View file

@ -28,6 +28,7 @@ in {
nixos.access.nginx
nixos.access.global
nixos.access.gensokyo
nixos.access.vouch
nixos.access.kanidm
nixos.access.freeipa
nixos.access.kitchencam
@ -59,6 +60,14 @@ in {
inherit (config.services) nginx tailscale;
inherit (nginx) access;
in {
${access.vouch.localDomain} = {
inherit (nginx) group;
extraDomainNames = mkMerge [
(mkIf tailscale.enable [
access.vouch.tailDomain
])
];
};
${access.kanidm.domain} = {
inherit (nginx) group;
extraDomainNames = mkMerge [
@ -128,15 +137,14 @@ in {
services.nginx = let
inherit (config.services.nginx) access;
vouch = {
authUrl = vouch-proxy.authUrl;
url = vouch-proxy.url;
proxyOrigin = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";
};
in {
access.plex = assert plex.enable; {
url = "http://${mediabox.networking.access.hostnameForNetwork.local}:32400";
};
access.vouch = assert vouch-proxy.enable; {
url = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";
useACMEHost = access.vouch.localDomain;
};
access.kanidm = assert kanidm.enableServer; {
inherit (kanidm.server.frontend) domain port;
host = tei.networking.access.hostnameForNetwork.local;
@ -168,10 +176,8 @@ in {
useACMEHost = access.plex.domain;
};
${access.kitchencam.domain} = {
inherit vouch;
};
${access.invidious.domain} = {
inherit vouch;
useACMEHost = access.invidious.domain;
forceSSL = true;
};