newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mob next [ci-skip] [ci skip] [skip ci]

Browse Source 
lastFile:vars/per-machine/rigel/rigel-pocket-id/subdomain/value
This commit is contained in:
kurogeek
2025-07-30 15:47:05 +07:00
parent bfd0dd1a41
commit d36cff5d92
7 changed files with 63 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
inventories/default.nix
View File

@@ -37,6 +37,7 @@
input = "self";
};
roles.default.machines.b4l = { };
roles.default.machines.rigel = { };
};
nextcloud = {
module = {

5
machines/rigel/configuration.nix
View File

@@ -1,3 +1,8 @@
{ inputs, ... }:
{
imports = [
(inputs.import-tree ./services)
];
system.stateVersion = "25.11";
networking.fqdn = "rigel.local";
}

35
machines/rigel/services/pocket-id.nix Normal file
View File

@@ -0,0 +1,35 @@
{ config, ... }:
let
pidDomain = "${config.clan.core.vars.generators.rigel-pocket-id.files.subdomain.value}.${config.networking.fqdn}";
in
{
clan.core.vars.generators.rigel-pocket-id = {
files.subdomain.secret = false;
prompts = {
subdomain = {
persist = true;
type = "line";
description = "Sub-domain for Pocket-ID app. Default:(auth)";
};
};
script = ''cat $prompts/subdomain || echo -n "auth" > $out/subdomain'';
};
services.pocket-id = {
settings = {
APP_ENV = "production";
APP_URL = "http://${pidDomain}";
TRUST_PROXY = true;
};
};
services.nginx.virtualHosts."${pidDomain}" = {
useACMEHost = "${config.networking.fqdn}";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.pocket-id.settings.PORT}";
};
};
}

1
vars/per-machine/rigel/pocket-id/encryption-key/machines/rigel Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/rigel

19
vars/per-machine/rigel/pocket-id/encryption-key/secret Normal file
View File

@@ -0,0 +1,19 @@
{
"data": "ENC[AES256_GCM,data:11Z7KMxrgnhiI6VHafRjUMHPGWItvZU6L8a6yhQ1WjFK,iv:czyaHb2VAqLCq650CFCGs+0PBGqx4JCtB1/gYPiDF+0=,tag:rKDmsGV1wsY2g9wrNC29qA==,type:str]",
"sops": {
"age": [
{
"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiVEg2VVcrcjFJQmlhbmpv\nV0J1M1d0ZXdCcEtrQUt6SDdWMS9nNVJMSWlFClZ5ZlFwK0xaZ1NVZHR2aGRmV09E\nS2o2OFY2NWlOV2luSmJXUG1tdFVENVUKLS0tIGRaVWNVb3MrQXk0a0J2Tm50aWRt\ndXdtTFB1ZklXZll0Y3pHbHRaaExDU2cK8TIS5ZtO/Kljt+kXCwW0bqNF8WM9iLWX\nKL+S1iLzGBsWFfdXDBJuvOdQAtSstxIOM0k6kMJSjAcUQEAEY0ilFA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1S3dTaDMvWDVGalVnc3p0\neXNtQ3BiQnJZMVdoc0w0ZndLMVhuREJiYUIwClpQanZUdFQwYnJLK2tBMUZDS3RE\nZ3JodUJ5WmhmWHpwRkF6Z1FYaTVFS1EKLS0tIFArdDkvRVhOd3hPYStjMGV3cWp3\nd29XRk1XZzA5cG1vV05tZmRtR1MzK1UKFlGI8+NEyZfJB7yXwBwsdP4IhI9XiiUV\n8CEnDL095iGLBNCc1ycYmVUXJUDO1B3CJH7yJIJQwlie5cF352GpjA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-07-30T05:03:59Z",
"mac": "ENC[AES256_GCM,data:9iDp/0gkcllEXOVlLMUq6COTCTLjeaB6FSOrZNzIC+rhqZrotYtY6pL/THf3OxzUkr88Pd+kNTewy+zUtb1wlL4DwL9IuaAKzmCYtmkrlmyz0j1xhIj/qDhSyTcFlBk05Mbe4vF+VwPZPHXz04d8sTeijNHLeWHtOULPa6+WPPw=,iv:DJnqTfl8pC3lgsl4FK2sh6k3LNfkfHWEx8wLnA2yeOQ=,tag:8AC+sz7lplAfzYiAZzSp8A==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

1
vars/per-machine/rigel/pocket-id/encryption-key/users/kurogeek Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/kurogeek

1
vars/per-machine/rigel/rigel-pocket-id/subdomain/value Normal file
View File

@@ -0,0 +1 @@
auth