diff options
Diffstat (limited to 'nix/hosts/corrino')
| -rw-r--r-- | nix/hosts/corrino/configuration.nix | 4 | ||||
| -rw-r--r-- | nix/hosts/corrino/ports.nix | 1 | ||||
| -rw-r--r-- | nix/hosts/corrino/secrets/goapp_oidc_secret.age | bin | 0 -> 395 bytes | |||
| -rw-r--r-- | nix/hosts/corrino/vm.nix | 15 | ||||
| -rw-r--r-- | nix/hosts/corrino/www/goapp.emile.space.nix | 78 | ||||
| -rw-r--r-- | nix/hosts/corrino/www/templates/goapp/default.nix | 30 |
6 files changed, 96 insertions, 32 deletions
diff --git a/nix/hosts/corrino/configuration.nix b/nix/hosts/corrino/configuration.nix index d453b34..52e9ecf 100644 --- a/nix/hosts/corrino/configuration.nix +++ b/nix/hosts/corrino/configuration.nix @@ -27,6 +27,8 @@ in ./www/git ./www/nix-cache + ./www/goapp.emile.space.nix + # screego # web @@ -42,7 +44,7 @@ in ./www/photo - # ./www/tickets.emile.space.nix + ./www/tickets.emile.space.nix # ./www/talks.emile.space.nix # ./www/stream.emile.space.nix ./www/md.emile.space.nix diff --git a/nix/hosts/corrino/ports.nix b/nix/hosts/corrino/ports.nix index 10ae593..bb64934 100644 --- a/nix/hosts/corrino/ports.nix +++ b/nix/hosts/corrino/ports.nix @@ -24,6 +24,7 @@ restic = 8002; nocodb = 8003; goatcounter = 8004; + goapp = 8005; r2wars-web = 8089; ctf = 8338; magic-hash = 8339; diff --git a/nix/hosts/corrino/secrets/goapp_oidc_secret.age b/nix/hosts/corrino/secrets/goapp_oidc_secret.age new file mode 100644 index 0000000..a842003 --- /dev/null +++ b/nix/hosts/corrino/secrets/goapp_oidc_secret.age Binary files differdiff --git a/nix/hosts/corrino/vm.nix b/nix/hosts/corrino/vm.nix index 37d1356..78d818f 100644 --- a/nix/hosts/corrino/vm.nix +++ b/nix/hosts/corrino/vm.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, ... }: { services.emile.libvirtnix = { @@ -15,6 +15,19 @@ uuid = "E34DE478-1402-45BB-B3FD-FC960549258E"; genid = "CA1E2462-1E9D-404C-8DDB-19EEF9D9651B"; + os = { + nvram = { + type = "network"; + source = { + mirror = { + abi = "copy"; + ready = "yes"; + type = "network"; + }; + }; + }; + }; + packages = { libvirt = pkgs.libvirt; qemu = pkgs.qemu; diff --git a/nix/hosts/corrino/www/goapp.emile.space.nix b/nix/hosts/corrino/www/goapp.emile.space.nix new file mode 100644 index 0000000..4a486aa --- /dev/null +++ b/nix/hosts/corrino/www/goapp.emile.space.nix @@ -0,0 +1,78 @@ +{ config, pkgs, ... }: + +{ + services.nginx.virtualHosts."goapp.emile.space" = { + forceSSL = true; + enableACME = true; + + locations = { + "/" = { + proxyPass = "http://${config.services.emile.goapp-frontend.host}:${toString config.services.emile.goapp-frontend.port}"; + }; + }; + }; + + services.authelia.instances.main.settings.identity_providers.oidc.clients = [ + { + id = "goapp"; + + # ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986 + secret = "$pbkdf2-sha512$310000$/Ht5DUFmIeu/7Ty2PWHXnw$.uJIN1vmZMyGjCAoA0PzUcVaTMIH36AK80KvOZAHVXgLr1Y9ZOrRjoiwK.srHAO29mrcw1BNpCjFTYdWOoympg"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ + # "http://localhost:8080/oauth2/callback" + "https://goapp.emile.space/oauth2/callback" + ]; + scopes = [ + "openid" + "email" + "profile" + "groups" + ]; + grant_types = [ + "refresh_token" + "authorization_code" + ]; + response_types = [ "code" ]; + response_modes = [ + "form_post" + "query" + "fragment" + ]; + token_endpoint_auth_method = "client_secret_post"; + } + ]; + + environment.systemPackages = with pkgs; [ goapp-frontend ]; + + # deploy: + # - push code + # - build in order to get the new hash (nix build .#goapp-frontend-pkg) + # - update hash in the package (//nix/templates/goapp/frontent/default.nix) + # - deploy + + # services.emile.goapp-frontend = { + # enable = true; + # package = pkgs.goapp-frontend; + + # host = "127.0.0.1"; + # port = config.emile.ports.goapp-frontend; + # public-url = "https://goapp-frontend.emile.space/"; + + # oidc = { + # id = "goapp-frontend"; + # issuer = "https://sso.emile.space"; + # cookie-name = "oidc-client"; + # scopes = [ "openid" "profile" "email" "groups" ]; + # secret-path = "/run/goapp-frontend_oidc_secret"; + # }; + + # # TODO(emile): change these when going live + # session-key-path = config.age.secrets.goapp-frontend_oidc_secret.path; + + # logfile-path = "/var/log/goapp-frontend.log"; + # database-path = "/var/lib/goapp-frontend/main.db"; + # sessiondb-path = "/var/lib/goapp-frontend/session.db"; + # }; +} diff --git a/nix/hosts/corrino/www/templates/goapp/default.nix b/nix/hosts/corrino/www/templates/goapp/default.nix deleted file mode 100644 index 716d6ab..0000000 --- a/nix/hosts/corrino/www/templates/goapp/default.nix +++ /dev/null @@ -1,30 +0,0 @@ - -{ - services.authelia.instances.main.settings.identity_providers.oidc.clients = [ - { - id = "goapp"; - - # ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986 - secret = "$pbkdf2-sha512$310000$WUai4pp1ZVJDrJ8j6ICLiQ$NOMMaCZ3gt.x.a09MWatMkJWQIaH0QeWgRXSbuD2iWRwR.N6MWmJA6QO.LIKcxn6l.zHZN4bO1Ztsrbo9010Tw"; - public = false; - authorization_policy = "two_factor"; - redirect_uris = [ "https://127.0.0.1:8080/auth/oauth2/callback" ]; - scopes = [ - "openid" - "email" - "profile" - ]; - grant_types = [ - "refresh_token" - "authorization_code" - ]; - response_types = [ "code" ]; - response_modes = [ - "form_post" - "query" - "fragment" - ]; - token_endpoint_auth_method = "client_secret_post"; - } - ]; -} |
