commit 819b797326638769362ea4ba7c777c5a14af01a6 · wiro.world/dotfiles

+19

nixos/profiles/server.nix

···

       32
        
         headscale-port = 3005;

     

       33
        
         headscale-hostname = "headscale.wiro.world";

     

       34
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       35
        
         grafana-port = 9000;

     

       36
        
         grafana-hostname = "console.wiro.world";

     

       37
        
         prometheus-port = 9001;

     
···

       157
        
             virtualHosts.${headscale-hostname}.extraConfig = ''

     

       158
        
               reverse_proxy http://localhost:${toString headscale-port}

     

       159
        
             '';

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       160
        
           };

     

       161
        
       

     

       162
        
           security.sudo.wheelNeedsPassword = false;

     
···

       248
        
       

     

       249
        
               oidc = { };

     

       250
        
             };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       251
        
           };

     

       252
        
       

     

       253
        
           # port used is 6567

···

       32
        
         headscale-port = 3005;

     

       33
        
         headscale-hostname = "headscale.wiro.world";

     

       34
        
       

     

       35
       +
         lldap-port = 3006;

     

       36
       +
         lldap-hostname = "ldap.wiro.world";

     

       37
       +
       

     

       38
        
         grafana-port = 9000;

     

       39
        
         grafana-hostname = "console.wiro.world";

     

       40
        
         prometheus-port = 9001;

     
···

       160
        
             virtualHosts.${headscale-hostname}.extraConfig = ''

     

       161
        
               reverse_proxy http://localhost:${toString headscale-port}

     

       162
        
             '';

     

       163
       +
       

     

       164
       +
             virtualHosts.${lldap-hostname}.extraConfig = ''

     

       165
       +
               reverse_proxy http://localhost:${toString lldap-port}

     

       166
       +
             '';

     

       167
        
           };

     

       168
        
       

     

       169
        
           security.sudo.wheelNeedsPassword = false;

     
···

       255
        
       

     

       256
        
               oidc = { };

     

       257
        
             };

     

       258
       +
           };

     

       259
       +
       

     

       260
       +
           age.secrets.lldap-env.file = ../../secrets/lldap-env.age;

     

       261
       +
           services.lldap = {

     

       262
       +
             enable = true;

     

       263
       +
             settings = {

     

       264
       +
               http_url = "https://${lldap-hostname}";

     

       265
       +
               http_port = lldap-port;

     

       266
       +
       

     

       267
       +
               ldap_base_dn = "dc=wiro,dc=world";

     

       268
       +
             };

     

       269
       +
             environmentFile = config.age.secrets.lldap-env.path;

     

       270
        
           };

     

       271
        
       

     

       272
        
           # port used is 6567

secrets/lldap-env.age

This is a binary file and will not be displayed.

+2

secrets/secrets.nix

···

       19
        
       

     

       20
        
         # Defines `PDS_JWT_SECRET`, `PDS_ADMIN_PASSWORD`, `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX`, `PDS_EMAIL_SMTP_URL`, `PDS_EMAIL_FROM_ADDRESS`.

     

       21
        
         "pds-env.age".publicKeys = deploy;

     

       0
        
       
     

       0
        
       
     

       22
        
       

     

       23
        
         # Not used in config but useful

     

       24
        
         "pgp-ca5e.age".publicKeys = users;

···

       19
        
       

     

       20
        
         # Defines `PDS_JWT_SECRET`, `PDS_ADMIN_PASSWORD`, `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX`, `PDS_EMAIL_SMTP_URL`, `PDS_EMAIL_FROM_ADDRESS`.

     

       21
        
         "pds-env.age".publicKeys = deploy;

     

       22
       +
         # Defines `LLDAP_JWT_SECRET`, `LLDAP_KEY_SEED`.

     

       23
       +
         "lldap-env.age".publicKeys = deploy;

     

       24
        
       

     

       25
        
         # Not used in config but useful

     

       26
        
         "pgp-ca5e.age".publicKeys = users;