clouvider-fra01: add int.lukegb.com which points at oauth2proxy
This commit is contained in:
parent
299893c475
commit
e656191b7b
5 changed files with 94 additions and 0 deletions
|
@ -14,6 +14,7 @@ in fix (self:
|
|||
third_party = import ./third_party ch;
|
||||
ops = import ./ops ch;
|
||||
nix = import ./nix ch;
|
||||
web = import ./web ch;
|
||||
|
||||
lib = self.third_party.nixpkgs.lib;
|
||||
|
||||
|
|
|
@ -2,6 +2,29 @@
|
|||
let
|
||||
inherit (depot.ops) secrets;
|
||||
machineSecrets = secrets.machineSpecific.clouvider-fra01;
|
||||
|
||||
proxyVirtualHosts = {
|
||||
"deluge.int.lukegb.com" = "http://localhost:8112";
|
||||
"radarr.int.lukegb.com" = "http://localhost:7878";
|
||||
"sonarr.int.lukegb.com" = "http://localhost:8989";
|
||||
};
|
||||
oauth2Host = {
|
||||
locations."/".extraConfig = lib.mkBefore ''
|
||||
error_page 401 = /oauth2/start?rd=https://$host$uri;
|
||||
'';
|
||||
useACMEHost = "int.lukegb.com";
|
||||
forceSSL = true;
|
||||
};
|
||||
intVirtualHosts = (builtins.mapAttrs (name: value: lib.recursiveUpdate oauth2Host {
|
||||
locations."/".proxyPass = value;
|
||||
}) proxyVirtualHosts) // {
|
||||
"login.int.lukegb.com" = {
|
||||
root = depot.web.login-int;
|
||||
} // oauth2Host;
|
||||
"int.lukegb.com" = {
|
||||
root = depot.web.int;
|
||||
} // oauth2Host;
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
../lib/zfs.nix
|
||||
|
@ -143,5 +166,44 @@ in {
|
|||
enable = true;
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
email = "letsencrypt@lukegb.com";
|
||||
certs."int.lukegb.com" = {
|
||||
domain = "*.int.lukegb.com";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = machineSecrets.cloudflareCredentials;
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
extraDomains = {
|
||||
"int.lukegb.com" = null;
|
||||
};
|
||||
postRun = ''
|
||||
systemctl reload nginx
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = intVirtualHosts;
|
||||
};
|
||||
services.oauth2_proxy = {
|
||||
enable = true;
|
||||
clientID = "136257844546-6q1mcg4jqc8fcjigutcr47ii8g04qbvt.apps.googleusercontent.com";
|
||||
cookie.domain = ".int.lukegb.com";
|
||||
email.domains = [ "lukegb.com" ];
|
||||
google = {
|
||||
adminEmail = "lukegb@lukegb.com";
|
||||
serviceAccountJSON = machineSecrets.googleServiceAccount;
|
||||
};
|
||||
keyFile = machineSecrets.oauth2proxySecrets;
|
||||
redirectURL = "https://login.int.lukegb.com/oauth2/callback";
|
||||
nginx.virtualHosts = builtins.filter (lib.hasSuffix ".int.lukegb.com") (builtins.attrNames intVirtualHosts);
|
||||
extraConfig = {
|
||||
whitelist-domain = ".int.lukegb.com,int.lukegb.com";
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "20.03";
|
||||
}
|
||||
|
|
5
web/default.nix
Normal file
5
web/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
login-int = pkgs.copyPathToStore ./login-int;
|
||||
int = pkgs.copyPathToStore ./int;
|
||||
}
|
15
web/int/index.html
Normal file
15
web/int/index.html
Normal file
|
@ -0,0 +1,15 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>int.lukegb.com</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>int.lukegb.com</h1>
|
||||
<ul>
|
||||
<li><a href="https://sonarr.int.lukegb.com">sonarr</a></li>
|
||||
<li><a href="https://radarr.int.lukegb.com">radarr</a></li>
|
||||
<li><a href="https://deluge.int.lukegb.com">deluge</a></li>
|
||||
</ul>
|
||||
<p><a href="https://login.int.lukegb.com/oauth2/sign_out">Log out</a></p>
|
||||
</body>
|
||||
</html>
|
11
web/login-int/index.html
Normal file
11
web/login-int/index.html
Normal file
|
@ -0,0 +1,11 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>login.int</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>login</h1>
|
||||
<p>Hello!</p>
|
||||
<a href="/oauth2/sign_out">Log out?</a>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in a new issue