refactor: get rid of providedDomains in favor of globals

hosts/sentinel/coturn.nix

@@ -38,7 +38,7 @@ in {
       to = config.services.coturn.max-port;
     }
   ];
-  networking.providedDomains.coturn = coturnDomain;
+  globals.services.coturn.domain = coturnDomain;
 
   services.coturn = {
     enable = true;

hosts/sentinel/default.nix

@@ -1,5 +1,6 @@
 {
   config,
+  globals,
   pkgs,
   ...
 }: {
@@ -44,12 +45,12 @@
   };
 
   # Connect safely via wireguard to skip authentication
-  networking.hosts.${config.wireguard.proxy-sentinel.ipv4} = [config.networking.providedDomains.influxdb];
+  networking.hosts.${config.wireguard.proxy-sentinel.ipv4} = [globals.services.influxdb.domain];
   meta.telegraf = {
     enable = true;
     scrapeSensors = false;
     influxdb2 = {
-      domain = config.networking.providedDomains.influxdb;
+      inherit (globals.services.influxdb) domain;
       organization = "machines";
       bucket = "telegraf";
       node = "sire-influxdb";

hosts/sentinel/oauth2.nix

@@ -1,5 +1,6 @@
 {
   config,
+  globals,
   nodes,
   ...
 }: {
@@ -40,14 +41,14 @@
   in {
     provider = "oidc";
     scope = "openid email";
-    loginURL = "https://${config.networking.providedDomains.kanidm}/ui/oauth2";
-    redeemURL = "https://${config.networking.providedDomains.kanidm}/oauth2/token";
-    validateURL = "https://${config.networking.providedDomains.kanidm}/oauth2/openid/${clientId}/userinfo";
+    loginURL = "https://${globals.services.kanidm.domain}/ui/oauth2";
+    redeemURL = "https://${globals.services.kanidm.domain}/oauth2/token";
+    validateURL = "https://${globals.services.kanidm.domain}/oauth2/openid/${clientId}/userinfo";
     clientID = clientId;
     email.domains = ["*"];
 
     extraConfig = {
-      oidc-issuer-url = "https://${config.networking.providedDomains.kanidm}/oauth2/openid/${clientId}";
+      oidc-issuer-url = "https://${globals.services.kanidm.domain}/oauth2/openid/${clientId}";
       provider-display-name = "Kanidm";
       #skip-provider-button = true;
     };