Add auth.c3d2.de
This commit is contained in:
parent
6a0583b592
commit
70004fb081
77
flake.lock
77
flake.lock
|
@ -8,11 +8,11 @@
|
|||
"rust-analyzer-src": "rust-analyzer-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1658212081,
|
||||
"narHash": "sha256-zy+sNlqK/yqmMpSzZUIp54OT1yet62r4AZcRR8HiITY=",
|
||||
"lastModified": 1658471435,
|
||||
"narHash": "sha256-NQ6pbKcXv/zZYXiGzx+BsPJglrEps9qJxCdpmB135n4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "69069698c3aa14fc211c66c6635c1e34f4d6b441",
|
||||
"rev": "353d5ac5d0e3e8c26fe7c6744afdb1929496b1df",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -52,7 +52,7 @@
|
|||
"locked": {
|
||||
"lastModified": 1657923513,
|
||||
"narHash": "sha256-YzHPow09B9uSdybUxP5lQn2hXk90Q6oTDL6UXzD0/+k=",
|
||||
"ref": "master",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "f7cf04a7ad47e388121f0771651fec0df91407f3",
|
||||
"revCount": 61,
|
||||
"type": "git",
|
||||
|
@ -261,11 +261,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1657781616,
|
||||
"narHash": "sha256-M/wl8+gRNELNhEmNjWTZVf61lfZIyiUn/NkyEqQAW80=",
|
||||
"lastModified": 1658401027,
|
||||
"narHash": "sha256-z/sDfzsFOoWNO9nZGfxDCNjHqXvSVZLDBDSgzr9qDXE=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "76c9664813ed7082115ac7efb8a1619a804a631f",
|
||||
"rev": "83009edccc2e24afe3d0165ed98b60ff7471a5f8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -276,11 +276,11 @@
|
|||
},
|
||||
"nixos-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1658103945,
|
||||
"narHash": "sha256-1/kQlzKGt1563JZ+gIlNHU6rEbaDh2KopZLJ4CzraWI=",
|
||||
"lastModified": 1658380158,
|
||||
"narHash": "sha256-DBunkegKWlxPZiOcw3/SNIFg93amkdGIy2g0y/jDpHg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2e3f6efdeda4cfff0259912495761885d8bee74a",
|
||||
"rev": "a65b5b3f5504b8b89c196aba733bdf2b0bd13c16",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -290,6 +290,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-unstable-sandro": {
|
||||
"locked": {
|
||||
"lastModified": 1658518038,
|
||||
"narHash": "sha256-UmZMks6eanvgS4C1qYzyqmnm8Cq0WfXp+UuRR6P7BDU=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ca0f6a20d2a14638f303d9358d9d39dddd33e47e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "SuperSandro2000",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1645296114,
|
||||
|
@ -368,11 +384,11 @@
|
|||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1657972522,
|
||||
"narHash": "sha256-JTiKsBT1BwMbtSUsvtSl8ffkiirby8FaujJVGV766Q8=",
|
||||
"lastModified": 1658422817,
|
||||
"narHash": "sha256-kzZrlzqK6kbkTEnDK21wjRDamUJP0m30pm3XRPk0aZg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "07a2e6a4e31ea48408861607198972d60adaf4ad",
|
||||
"rev": "70e3e0ee807371e16563a88b77b8533e2cea8aa2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -423,11 +439,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1657582234,
|
||||
"narHash": "sha256-0PKwtnYb+uxWR4CghP6Uh2HduGRjW31DnvIp9x3TCUE=",
|
||||
"lastModified": 1658251917,
|
||||
"narHash": "sha256-uQHbd2hTM+JjQOQvJxuixerjWIty395yhe3MKkF2l1I=",
|
||||
"owner": "astro",
|
||||
"repo": "nix-openwrt-imagebuilder",
|
||||
"rev": "1a18b5abddaef5c9aee89f499183106beb3a95a9",
|
||||
"rev": "43ef0baec4b3928a75cb3be8bc9d6a880dd95d89",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -466,6 +482,7 @@
|
|||
"naersk": "naersk",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixos-unstable": "nixos-unstable",
|
||||
"nixos-unstable-sandro": "nixos-unstable-sandro",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs-mobilizon": "nixpkgs-mobilizon",
|
||||
"oparl-scraper": "oparl-scraper",
|
||||
|
@ -485,11 +502,11 @@
|
|||
"rust-analyzer-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1658182792,
|
||||
"narHash": "sha256-NOpxaEiFT9n7oSe02puqerKAt2VRsO8XtZ0Ra83JOOY=",
|
||||
"lastModified": 1658391799,
|
||||
"narHash": "sha256-Bw/zHZXdxe4DLhtT/hk0t/oDwXKLTTtb6Xt4HTbWT74=",
|
||||
"owner": "rust-lang",
|
||||
"repo": "rust-analyzer",
|
||||
"rev": "567a5e9ef7c753e03d528cbc19110db99e8d6878",
|
||||
"rev": "84a6fac37ad61ff512993ee64b47deff9a52c560",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -504,7 +521,7 @@
|
|||
"locked": {
|
||||
"lastModified": 1657924163,
|
||||
"narHash": "sha256-iLIo/V8FGW2Urfjom/qroQVmj+4plvb2yclv4ZDA8Yw=",
|
||||
"ref": "master",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "0109b2afff571835107d0861ae8459dd73dc9a66",
|
||||
"revCount": 58,
|
||||
"type": "git",
|
||||
|
@ -527,7 +544,7 @@
|
|||
"locked": {
|
||||
"lastModified": 1657928876,
|
||||
"narHash": "sha256-vK8OIjiD3XpzTH6uv358IU71Jwvu5o2+q8ISg+Vg+tU=",
|
||||
"ref": "master",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "ce0f7c9f962851cdead48cf8dd3ee088aa00efed",
|
||||
"revCount": 143,
|
||||
"type": "git",
|
||||
|
@ -548,11 +565,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1658030499,
|
||||
"narHash": "sha256-Y2Me+uys8VpKUincd7T3ab8O4gBFv8bR5BmBZfn4i4w=",
|
||||
"lastModified": 1658398472,
|
||||
"narHash": "sha256-DjPJ3YQXyV1GRvF3ToBIY+RYdypwNxYchN1HIhDPLe0=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "7526ce07b897ad1f1016680de5121f646e28a893",
|
||||
"rev": "6efa719f8d02139ce41398b9e59e06888dc1305a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -593,7 +610,7 @@
|
|||
"locked": {
|
||||
"lastModified": 1657495218,
|
||||
"narHash": "sha256-iPoKIGSnnMo7JG74pSs3RH1ivl6feUlqM+lS5ZnCAnY=",
|
||||
"ref": "master",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "58006d51a409ae6ceb996f66fa4d7eea0e160ecc",
|
||||
"revCount": 96,
|
||||
"type": "git",
|
||||
|
@ -684,11 +701,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1658176981,
|
||||
"narHash": "sha256-zGf7rRHV1PolB48XV6JT2fdPQu8UK52HMNFVymSG3hE=",
|
||||
"ref": "master",
|
||||
"rev": "78586ec3f672ea5a67234da9a409121f44d6247e",
|
||||
"revCount": 1498,
|
||||
"lastModified": 1658519473,
|
||||
"narHash": "sha256-IjZUJBAzwv5I9AagDVYw6R/b3YndY0Vk6jvRq1kwfUM=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "ec93cdfcda09a749007e5161c75517e47ecd165d",
|
||||
"revCount": 1501,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/zentralwerk/network.git"
|
||||
},
|
||||
|
|
|
@ -5,6 +5,8 @@
|
|||
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
|
||||
nixpkgs-mobilizon.url = "github:minijackson/nixpkgs/init-mobilizon";
|
||||
nixos-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
# contains portunus WIP branch on current nixos-unstable
|
||||
nixos-unstable-sandro.url = "github:SuperSandro2000/nixpkgs/nixos-unstable";
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
fenix = {
|
||||
url = "github:nix-community/fenix";
|
||||
|
@ -427,6 +429,13 @@
|
|||
] ++ modules;
|
||||
};
|
||||
in {
|
||||
auth = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
./hosts/containers/auth
|
||||
];
|
||||
nixpkgs = inputs.nixos-unstable-sandro;
|
||||
};
|
||||
|
||||
broker = nixosSystem' {
|
||||
modules = [
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
{ zentralwerk, config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
c3d2 = {
|
||||
deployment = {
|
||||
server = "server10";
|
||||
mounts = [ "etc" "home" "var"];
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
networking = {
|
||||
hostName = "auth";
|
||||
hosts = {
|
||||
# required for ldaps connection over localhost
|
||||
"::1" = [ "auth.c3d2.de" ];
|
||||
"127.0.0.1" = [ "auth.c3d2.de" ];
|
||||
};
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."auth.c3d2.de" = {
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/dex".proxyPass ="http://localhost:${toString config.services.portunus.dex.port}";
|
||||
"/" = {
|
||||
proxyPass = "http://localhost:${toString config.services.portunus.port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
portunus = {
|
||||
enable = true;
|
||||
dex = {
|
||||
# enable = true;
|
||||
};
|
||||
domain = "auth.c3d2.de";
|
||||
ldap = {
|
||||
suffix = "dc=c3d2,dc=de";
|
||||
tls = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -19,6 +19,9 @@
|
|||
hostNames = [ "vps1.nixvita.de" "vps1.codetu.be" "nixvita.de" ];
|
||||
proxyTo.host = "172.20.73.51";
|
||||
matchArg = "-m end";
|
||||
} {
|
||||
hostNames = [ "auth.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.auth.ip4;
|
||||
} {
|
||||
hostNames = [ "jabber.c3d2.de" ];
|
||||
proxyTo = {
|
||||
|
|
Loading…
Reference in New Issue