sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: generate secrets

Browse source
This commit is contained in:
oddlama 2023-06-12 01:03:44 +02:00
parent f33fa54b65
commit 69bd2a71ce
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
24 changed files with 154 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

24
hosts/ward/microvms/kanidm/default.nix
View file

@ -6,26 +6,12 @@
utils,
...
}: {
extra.wireguard.proxy-sentinel.client.via = "sentinel";
imports = [
../../../../modules/proxy-via-sentinel.nix
];
# TODO this as includable module?
networking.nftables.firewall = {
zones = lib.mkForce {
proxy-sentinel.interfaces = ["proxy-sentinel"];
sentinel = {
parent = "proxy-sentinel";
ipv4Addresses = [nodes.sentinel.config.extra.wireguard.proxy-sentinel.ipv4];
ipv6Addresses = [nodes.sentinel.config.extra.wireguard.proxy-sentinel.ipv6];
};
};
rules = lib.mkForce {
sentinel-to-local = {
from = ["sentinel"];
to = ["local"];
allowedTCPPorts = [8300];
};
};
networking.nftables.firewall.rules = lib.mkForce {
sentinel-to-local.allowedTCPPorts = [8300];
};
age.secrets."kanidm-self-signed.crt" = {