idp: migrate to biotite

2025-02-14 13:51:50 +08:00 · 2025-02-14 13:51:50 +08:00 · 2e2968360c
commit 2e2968360c
parent 6bf1822141
13 changed files with 347 additions and 41 deletions
--- a/modules/nixos/common-settings/auth.nix
+++ b/modules/nixos/common-settings/auth.nix
@ -2,6 +2,7 @@
  config,
  lib,
  pkgs,
+  my-lib,
  ...
 }:

@ -11,6 +12,8 @@ let
    mkEnableOption
    ;

+  inherit (my-lib) idpUrl;
+
  cfg = config.commonSettings.auth;
 in
 {
--- a/modules/nixos/monitor/grafana.nix
+++ b/modules/nixos/monitor/grafana.nix
@ -22,9 +22,9 @@ in
          name = "Kanidm";
          client_id = "grafana";
          scopes = "openid,profile,email,groups";
-          auth_url = "${idpUrl}/ui/oauth2";
-          token_url = "${idpUrl}/oauth2/token";
-          api_url = "${idpUrl}/oauth2/openid/grafana/userinfo";
+          auth_url = "https://${idpUrl}/ui/oauth2";
+          token_url = "https://${idpUrl}/oauth2/token";
+          api_url = "https://${idpUrl}/oauth2/openid/grafana/userinfo";
          use_pkce = true;
          use_refresh_token = true;
          allow_sign_up = true;
--- a/modules/nixos/monitor/loki.nix
+++ b/modules/nixos/monitor/loki.nix
@ -15,6 +15,7 @@ let
    ;
  inherit (config.my-lib.settings)
    alertmanagerPort
+    internalDomain
    ;
  cfg = config.custom.monitoring;
  lokiPort = 3100;
@ -94,16 +95,17 @@ in
        rulerFile = pkgs.writeText "ruler.yml" (builtins.toJSON rulerConfig);
      in
      mkIf cfg.loki.enable {
+        systemd.services.loki.serviceConfig.After = "tailscaled.service";
        services.loki = {
          enable = true;
          configuration = {
            auth_enabled = false;
-            server.http_listen_address = "${config.networking.hostName}.coho-tet.ts.net";
+            server.http_listen_address = "${config.networking.hostName}.${internalDomain}";
            server.http_listen_port = lokiPort;

            common = {
              ring = {
-                instance_addr = "${config.networking.hostName}.coho-tet.ts.net";
+                instance_addr = "${config.networking.hostName}.${internalDomain}";
                kvstore.store = "inmemory";
              };
              replication_factor = 1;
@ -160,7 +162,7 @@ in
        configuration = {

          server = {
-            http_listen_address = "${config.networking.hostName}.coho-tet.ts.net";
+            http_listen_address = "${config.networking.hostName}.${internalDomain}";
            http_listen_port = 28183;
            grpc_listen_port = 0;
          };
@ -169,7 +171,7 @@ in

          clients = [
            {
-              url = "http://thorite.coho-tet.ts.net:${toString lokiPort}/loki/api/v1/push";
+              url = "http://thorite.${internalDomain}:${toString lokiPort}/loki/api/v1/push";
            }
          ];