depot-wide: create logged-out.int.lukegb.com

This commit is contained in:
Luke Granger-Brown 2020-12-30 00:57:53 +00:00
parent e0ab7d9ea4
commit 26e379dfb7
5 changed files with 31 additions and 9 deletions

View file

@ -362,6 +362,11 @@ in
default = false; default = false;
description = "If set, the TLS connection to the storage backend will not be verified."; description = "If set, the TLS connection to the storage backend will not be verified.";
}; };
signout_redirect_url = mkOption {
type = with types; nullOr str;
default = null;
description = "Signout redirect url is the url user will be redirected to after signing out.";
};
policy = mkOption { policy = mkOption {
type = types.listOf (types.submodule { type = types.listOf (types.submodule {
@ -406,11 +411,6 @@ in
default = null; default = null;
description = "Use this token to authenticate requests to a Kubernetes API server. Pomerium will impersonate the Pomerium user's identity, and Kubernetes RBAC can be applied to IdP user and groups."; description = "Use this token to authenticate requests to a Kubernetes API server. Pomerium will impersonate the Pomerium user's identity, and Kubernetes RBAC can be applied to IdP user and groups.";
}; };
signout_redirect_url = mkOption {
type = with types; nullOr str;
default = null;
description = "Signout redirect url is the url user will be redirected to after signing out.";
};
path = mkOption { path = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;

View file

@ -16,6 +16,7 @@ let
}; };
serve = _apply (value: { root = value; }) { serve = _apply (value: { root = value; }) {
"int.lukegb.com" = depot.web.int; "int.lukegb.com" = depot.web.int;
"logged-out.int.lukegb.com" = depot.web.logged-out-int;
}; };
_apply = f: builtins.mapAttrs (name: value: lib.recursiveUpdate hostBase (f value)); _apply = f: builtins.mapAttrs (name: value: lib.recursiveUpdate hostBase (f value));
}; };

View file

@ -196,6 +196,7 @@ in {
forward_auth_url = "https://fwdauth.int.lukegb.com"; forward_auth_url = "https://fwdauth.int.lukegb.com";
authenticate_service_url = "https://auth.int.lukegb.com"; authenticate_service_url = "https://auth.int.lukegb.com";
signout_redirect_url = "https://logged-out.int.lukegb.com";
policy = let policy = let
baseConfig = { baseConfig = {
@ -211,19 +212,22 @@ in {
to = "https://${server}"; to = "https://${server}";
tls_server_name = hostName; tls_server_name = hostName;
} // extraConfig); } // extraConfig);
public = extraConfig: {
allow_public_unauthenticated_access = true;
allowed_domains = null;
} // extraConfig;
in [ in [
(service "clouvider-fra01" "int.lukegb.com" {}) (service "clouvider-fra01" "int.lukegb.com" {})
(service "clouvider-fra01" "logged-out.int.lukegb.com" (public {}))
(service "clouvider-fra01" "sonarr.int.lukegb.com" {}) (service "clouvider-fra01" "sonarr.int.lukegb.com" {})
(service "clouvider-fra01" "radarr.int.lukegb.com" {}) (service "clouvider-fra01" "radarr.int.lukegb.com" {})
(service "clouvider-fra01" "deluge.int.lukegb.com" {}) (service "clouvider-fra01" "deluge.int.lukegb.com" {})
(service "totoro:9090" "prometheus.int.lukegb.com" {}) (service "totoro:9090" "prometheus.int.lukegb.com" {})
(service "totoro:9093" "alertmanager.int.lukegb.com" {}) (service "totoro:9093" "alertmanager.int.lukegb.com" {})
(service "totoro:3000" "grafana.int.lukegb.com" {}) (service "totoro:3000" "grafana.int.lukegb.com" {})
(secureService "totoro" "invoices.lukegb.com" { (secureService "totoro" "invoices.lukegb.com" (public {
allow_public_unauthenticated_access = true;
allowed_domains = null;
regex = "^/((third_party|ajax|client_area|pdf)/.*|[a-zA-Z0-9]{8})$"; regex = "^/((third_party|ajax|client_area|pdf)/.*|[a-zA-Z0-9]{8})$";
}) }))
(secureService "totoro" "invoices.lukegb.com" {}) (secureService "totoro" "invoices.lukegb.com" {})
(baseConfig // { (baseConfig // {
from = "https://httpbin.int.lukegb.com"; from = "https://httpbin.int.lukegb.com";

View file

@ -5,4 +5,5 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
int = pkgs.copyPathToStore ./int; int = pkgs.copyPathToStore ./int;
logged-out-int = pkgs.copyPathToStore ./logged-out-int;
} }

View file

@ -0,0 +1,16 @@
<!--
SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
SPDX-License-Identifier: Apache-2.0
-->
<!DOCTYPE html>
<html>
<head>
<title>Logged out</title>
</head>
<body>
<h1>Congrats! You're logged out.</h1>
<a href="https://int.lukegb.com">Log in again</a>
</body>
</html>