sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: move some services to other domain

Browse source
This commit is contained in:
oddlama 2024-03-12 19:40:09 +01:00
parent fcc159ed12
commit dfe0345888
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
15 changed files with 31 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/sire/guests/grafana.nix
View file

@ -4,7 +4,7 @@
...
}: let
sentinelCfg = nodes.sentinel.config;
grafanaDomain = "grafana.${sentinelCfg.repo.secrets.local.personalDomain}";
grafanaDomain = "grafana.${config.repo.secrets.global.domains.me}";
in {
meta.wireguard-proxy.sentinel.allowedTCPPorts = [config.services.grafana.settings.server.http_port];
@ -124,7 +124,7 @@ in {
use_pkce = true;
# Allow mapping oauth2 roles to server admin
allow_assign_grafana_admin = true;
role_attribute_path = "contains(scopes[*], 'server_admin') && 'GrafanaAdmin' || contains(scopes[*], 'admin') && 'Admin' || contains(scopes[*], 'editor') && 'Editor' || 'Viewer'";
role_attribute_path = "contains(groups[*], 'server_admin') && 'GrafanaAdmin' || contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'";
};
};

5
hosts/sire/guests/immich.nix
View file

@ -5,7 +5,7 @@
...
}: let
sentinelCfg = nodes.sentinel.config;
immichDomain = "immich.${sentinelCfg.repo.secrets.local.personalDomain}";
immichDomain = "immich.${config.repo.secrets.global.domains.me}";
ipImmichMachineLearning = "10.89.0.10";
ipImmichMicroservices = "10.89.0.11";
@ -74,9 +74,6 @@
lightStyle = "";
};
newVersionCheck.enabled = true;
# XXX: Immich's oauth cannot use PKCE and uses legacy crypto so we need to run:
# kanidm system oauth2 warning-insecure-client-disable-pkce immich
# kanidm system oauth2 warning-enable-legacy-crypto immich
oauth = rec {
enabled = true;
autoLaunch = false;

2
hosts/sire/guests/influxdb.nix
View file

@ -6,7 +6,7 @@
...
}: let
sentinelCfg = nodes.sentinel.config;
influxdbDomain = "influxdb.${sentinelCfg.repo.secrets.local.personalDomain}";
influxdbDomain = "influxdb.${config.repo.secrets.global.domains.me}";
influxdbPort = 8086;
in {
meta.wireguard-proxy.sentinel.allowedTCPPorts = [influxdbPort];

2
hosts/sire/guests/loki.nix
View file

@ -4,7 +4,7 @@
...
}: let
sentinelCfg = nodes.sentinel.config;
lokiDomain = "loki.${sentinelCfg.repo.secrets.local.personalDomain}";
lokiDomain = "loki.${config.repo.secrets.global.domains.me}";
in {
meta.wireguard-proxy.sentinel.allowedTCPPorts = [config.services.loki.configuration.server.http_listen_port];

2
hosts/sire/guests/paperless.nix
View file

@ -5,7 +5,7 @@
...
}: let
sentinelCfg = nodes.sentinel.config;
paperlessDomain = "paperless.${sentinelCfg.repo.secrets.local.personalDomain}";
paperlessDomain = "paperless.${config.repo.secrets.global.domains.me}";
paperlessBackupDir = "/var/cache/paperless-backup";
in {
microvm.mem = 1024 * 9;