depot-wide: create logged-out.int.lukegb.com
This commit is contained in:
parent
e0ab7d9ea4
commit
26e379dfb7
5 changed files with 31 additions and 9 deletions
|
@ -362,6 +362,11 @@ in
|
||||||
default = false;
|
default = false;
|
||||||
description = "If set, the TLS connection to the storage backend will not be verified.";
|
description = "If set, the TLS connection to the storage backend will not be verified.";
|
||||||
};
|
};
|
||||||
|
signout_redirect_url = mkOption {
|
||||||
|
type = with types; nullOr str;
|
||||||
|
default = null;
|
||||||
|
description = "Signout redirect url is the url user will be redirected to after signing out.";
|
||||||
|
};
|
||||||
|
|
||||||
policy = mkOption {
|
policy = mkOption {
|
||||||
type = types.listOf (types.submodule {
|
type = types.listOf (types.submodule {
|
||||||
|
@ -406,11 +411,6 @@ in
|
||||||
default = null;
|
default = null;
|
||||||
description = "Use this token to authenticate requests to a Kubernetes API server. Pomerium will impersonate the Pomerium user's identity, and Kubernetes RBAC can be applied to IdP user and groups.";
|
description = "Use this token to authenticate requests to a Kubernetes API server. Pomerium will impersonate the Pomerium user's identity, and Kubernetes RBAC can be applied to IdP user and groups.";
|
||||||
};
|
};
|
||||||
signout_redirect_url = mkOption {
|
|
||||||
type = with types; nullOr str;
|
|
||||||
default = null;
|
|
||||||
description = "Signout redirect url is the url user will be redirected to after signing out.";
|
|
||||||
};
|
|
||||||
path = mkOption {
|
path = mkOption {
|
||||||
type = with types; nullOr str;
|
type = with types; nullOr str;
|
||||||
default = null;
|
default = null;
|
||||||
|
|
|
@ -16,6 +16,7 @@ let
|
||||||
};
|
};
|
||||||
serve = _apply (value: { root = value; }) {
|
serve = _apply (value: { root = value; }) {
|
||||||
"int.lukegb.com" = depot.web.int;
|
"int.lukegb.com" = depot.web.int;
|
||||||
|
"logged-out.int.lukegb.com" = depot.web.logged-out-int;
|
||||||
};
|
};
|
||||||
_apply = f: builtins.mapAttrs (name: value: lib.recursiveUpdate hostBase (f value));
|
_apply = f: builtins.mapAttrs (name: value: lib.recursiveUpdate hostBase (f value));
|
||||||
};
|
};
|
||||||
|
|
|
@ -196,6 +196,7 @@ in {
|
||||||
|
|
||||||
forward_auth_url = "https://fwdauth.int.lukegb.com";
|
forward_auth_url = "https://fwdauth.int.lukegb.com";
|
||||||
authenticate_service_url = "https://auth.int.lukegb.com";
|
authenticate_service_url = "https://auth.int.lukegb.com";
|
||||||
|
signout_redirect_url = "https://logged-out.int.lukegb.com";
|
||||||
|
|
||||||
policy = let
|
policy = let
|
||||||
baseConfig = {
|
baseConfig = {
|
||||||
|
@ -211,19 +212,22 @@ in {
|
||||||
to = "https://${server}";
|
to = "https://${server}";
|
||||||
tls_server_name = hostName;
|
tls_server_name = hostName;
|
||||||
} // extraConfig);
|
} // extraConfig);
|
||||||
|
public = extraConfig: {
|
||||||
|
allow_public_unauthenticated_access = true;
|
||||||
|
allowed_domains = null;
|
||||||
|
} // extraConfig;
|
||||||
in [
|
in [
|
||||||
(service "clouvider-fra01" "int.lukegb.com" {})
|
(service "clouvider-fra01" "int.lukegb.com" {})
|
||||||
|
(service "clouvider-fra01" "logged-out.int.lukegb.com" (public {}))
|
||||||
(service "clouvider-fra01" "sonarr.int.lukegb.com" {})
|
(service "clouvider-fra01" "sonarr.int.lukegb.com" {})
|
||||||
(service "clouvider-fra01" "radarr.int.lukegb.com" {})
|
(service "clouvider-fra01" "radarr.int.lukegb.com" {})
|
||||||
(service "clouvider-fra01" "deluge.int.lukegb.com" {})
|
(service "clouvider-fra01" "deluge.int.lukegb.com" {})
|
||||||
(service "totoro:9090" "prometheus.int.lukegb.com" {})
|
(service "totoro:9090" "prometheus.int.lukegb.com" {})
|
||||||
(service "totoro:9093" "alertmanager.int.lukegb.com" {})
|
(service "totoro:9093" "alertmanager.int.lukegb.com" {})
|
||||||
(service "totoro:3000" "grafana.int.lukegb.com" {})
|
(service "totoro:3000" "grafana.int.lukegb.com" {})
|
||||||
(secureService "totoro" "invoices.lukegb.com" {
|
(secureService "totoro" "invoices.lukegb.com" (public {
|
||||||
allow_public_unauthenticated_access = true;
|
|
||||||
allowed_domains = null;
|
|
||||||
regex = "^/((third_party|ajax|client_area|pdf)/.*|[a-zA-Z0-9]{8})$";
|
regex = "^/((third_party|ajax|client_area|pdf)/.*|[a-zA-Z0-9]{8})$";
|
||||||
})
|
}))
|
||||||
(secureService "totoro" "invoices.lukegb.com" {})
|
(secureService "totoro" "invoices.lukegb.com" {})
|
||||||
(baseConfig // {
|
(baseConfig // {
|
||||||
from = "https://httpbin.int.lukegb.com";
|
from = "https://httpbin.int.lukegb.com";
|
||||||
|
|
|
@ -5,4 +5,5 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
int = pkgs.copyPathToStore ./int;
|
int = pkgs.copyPathToStore ./int;
|
||||||
|
logged-out-int = pkgs.copyPathToStore ./logged-out-int;
|
||||||
}
|
}
|
||||||
|
|
16
web/logged-out-int/index.html
Normal file
16
web/logged-out-int/index.html
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
<!--
|
||||||
|
SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
||||||
|
|
||||||
|
SPDX-License-Identifier: Apache-2.0
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Logged out</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Congrats! You're logged out.</h1>
|
||||||
|
<a href="https://int.lukegb.com">Log in again</a>
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in a new issue