clouvider-fra01: add int.lukegb.com which points at oauth2proxy
This commit is contained in:
parent
299893c475
commit
e656191b7b
5 changed files with 94 additions and 0 deletions
|
@ -14,6 +14,7 @@ in fix (self:
|
||||||
third_party = import ./third_party ch;
|
third_party = import ./third_party ch;
|
||||||
ops = import ./ops ch;
|
ops = import ./ops ch;
|
||||||
nix = import ./nix ch;
|
nix = import ./nix ch;
|
||||||
|
web = import ./web ch;
|
||||||
|
|
||||||
lib = self.third_party.nixpkgs.lib;
|
lib = self.third_party.nixpkgs.lib;
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,29 @@
|
||||||
let
|
let
|
||||||
inherit (depot.ops) secrets;
|
inherit (depot.ops) secrets;
|
||||||
machineSecrets = secrets.machineSpecific.clouvider-fra01;
|
machineSecrets = secrets.machineSpecific.clouvider-fra01;
|
||||||
|
|
||||||
|
proxyVirtualHosts = {
|
||||||
|
"deluge.int.lukegb.com" = "http://localhost:8112";
|
||||||
|
"radarr.int.lukegb.com" = "http://localhost:7878";
|
||||||
|
"sonarr.int.lukegb.com" = "http://localhost:8989";
|
||||||
|
};
|
||||||
|
oauth2Host = {
|
||||||
|
locations."/".extraConfig = lib.mkBefore ''
|
||||||
|
error_page 401 = /oauth2/start?rd=https://$host$uri;
|
||||||
|
'';
|
||||||
|
useACMEHost = "int.lukegb.com";
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
intVirtualHosts = (builtins.mapAttrs (name: value: lib.recursiveUpdate oauth2Host {
|
||||||
|
locations."/".proxyPass = value;
|
||||||
|
}) proxyVirtualHosts) // {
|
||||||
|
"login.int.lukegb.com" = {
|
||||||
|
root = depot.web.login-int;
|
||||||
|
} // oauth2Host;
|
||||||
|
"int.lukegb.com" = {
|
||||||
|
root = depot.web.int;
|
||||||
|
} // oauth2Host;
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../lib/zfs.nix
|
../lib/zfs.nix
|
||||||
|
@ -143,5 +166,44 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
email = "letsencrypt@lukegb.com";
|
||||||
|
certs."int.lukegb.com" = {
|
||||||
|
domain = "*.int.lukegb.com";
|
||||||
|
dnsProvider = "cloudflare";
|
||||||
|
credentialsFile = machineSecrets.cloudflareCredentials;
|
||||||
|
user = config.services.nginx.user;
|
||||||
|
group = config.services.nginx.group;
|
||||||
|
extraDomains = {
|
||||||
|
"int.lukegb.com" = null;
|
||||||
|
};
|
||||||
|
postRun = ''
|
||||||
|
systemctl reload nginx
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts = intVirtualHosts;
|
||||||
|
};
|
||||||
|
services.oauth2_proxy = {
|
||||||
|
enable = true;
|
||||||
|
clientID = "136257844546-6q1mcg4jqc8fcjigutcr47ii8g04qbvt.apps.googleusercontent.com";
|
||||||
|
cookie.domain = ".int.lukegb.com";
|
||||||
|
email.domains = [ "lukegb.com" ];
|
||||||
|
google = {
|
||||||
|
adminEmail = "lukegb@lukegb.com";
|
||||||
|
serviceAccountJSON = machineSecrets.googleServiceAccount;
|
||||||
|
};
|
||||||
|
keyFile = machineSecrets.oauth2proxySecrets;
|
||||||
|
redirectURL = "https://login.int.lukegb.com/oauth2/callback";
|
||||||
|
nginx.virtualHosts = builtins.filter (lib.hasSuffix ".int.lukegb.com") (builtins.attrNames intVirtualHosts);
|
||||||
|
extraConfig = {
|
||||||
|
whitelist-domain = ".int.lukegb.com,int.lukegb.com";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "20.03";
|
system.stateVersion = "20.03";
|
||||||
}
|
}
|
||||||
|
|
5
web/default.nix
Normal file
5
web/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
login-int = pkgs.copyPathToStore ./login-int;
|
||||||
|
int = pkgs.copyPathToStore ./int;
|
||||||
|
}
|
15
web/int/index.html
Normal file
15
web/int/index.html
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>int.lukegb.com</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>int.lukegb.com</h1>
|
||||||
|
<ul>
|
||||||
|
<li><a href="https://sonarr.int.lukegb.com">sonarr</a></li>
|
||||||
|
<li><a href="https://radarr.int.lukegb.com">radarr</a></li>
|
||||||
|
<li><a href="https://deluge.int.lukegb.com">deluge</a></li>
|
||||||
|
</ul>
|
||||||
|
<p><a href="https://login.int.lukegb.com/oauth2/sign_out">Log out</a></p>
|
||||||
|
</body>
|
||||||
|
</html>
|
11
web/login-int/index.html
Normal file
11
web/login-int/index.html
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>login.int</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>login</h1>
|
||||||
|
<p>Hello!</p>
|
||||||
|
<a href="/oauth2/sign_out">Log out?</a>
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in a new issue