massicot: host hedgedoc with oidc
This commit is contained in:
parent
b944954b3c
commit
8b735dd5da
5 changed files with 110 additions and 7 deletions
|
@ -18,6 +18,9 @@
|
|||
gts_env = {
|
||||
owner = "gotosocial";
|
||||
};
|
||||
hedgedoc_env = {
|
||||
owner = "hedgedoc";
|
||||
};
|
||||
grafana_cloud_api = {
|
||||
owner = "prometheus";
|
||||
sopsFile = ../secrets.yaml;
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
storage_box_mount: ENC[AES256_GCM,data:9lOAL3tkfB0pN4/cuM4SX0xoMrW0UUEzTN8spw3MQ3BWrfsRc3Stsce3puXz1sRf,iv:7Q9wzpBgQ3tqcfy0n/c6Ya84Kg60nhR/e2H0pVntWsY=,tag:9a0xvNBGQpCvhxgmV3hrww==,type:str]
|
||||
gts_env: ENC[AES256_GCM,data:CKFKHXCJvTD0HFkVrBWhabcl/cloCT03qcZIc5JymiIAu+o6wef6gsQlkKP81vxC9S3XMYtLgXQ03D7Jetkfg+7nafF1+ogN,iv:/axRqZIatwYL++/KmBIievPPyKRkHGmVpgRe2Eet+fg=,tag:gwxyuePOYiD1vlSyq3yjXA==,type:str]
|
||||
hedgedoc_env: ENC[AES256_GCM,data:zwAA+zKSJT0tZyYArCaa1lfL0y8DNHDp/thS11DrVxNvjmk38o0ydsKArfZKzFYye+qNBzz1B4sPCdW4cFgQUNgbM+n9AvoMB8CssdmQ+sALKmozA5aEV23q+khZSGlHocP6WA==,iv:SgZruOS1nanK64Ex1dvgoD1HzbGbNa4DFSBuVoaNgEc=,tag:R+I8m1AloDCXs5PdpEpS0w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -24,8 +25,8 @@ sops:
|
|||
dnFBa0lDWWZtS1BHdzBoVzNTaGNkSEEKi/W1n7RT8NpTp00SBMwxsUJAPDhumJ/i
|
||||
V2VnaSNwouD3SswTcoBzqQpBP9XrqzjIYGke90ZODFQbMY9WDQ+O0g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-12-15T13:06:05Z"
|
||||
mac: ENC[AES256_GCM,data:ArxA3+i+W2hU0mpzjPqzBA1pQdZySwJ+LVAez2PWFMsrgT4QATi+KmlWWfuPBkOq/DYafAES8lTemDeuzuQl7bWZq06g3s35C8Q3D/TDUKFF3ALEL5grSxKTVzg4Npjc2q2OIOXrIp/j83Gn1lBuyBFg0YdGkJ+b/BmDGkTbyUg=,iv:8MB/+WklLsFTnlvxLyvCK8VUMNeXtaPTGXlp9hRGzOM=,tag:VbbnQfPewNGdrPqmZJSYlA==,type:str]
|
||||
lastmodified: "2023-12-22T08:05:27Z"
|
||||
mac: ENC[AES256_GCM,data:CiXU49arW+3w4/Lkh4l+6VjopyP7XNCU4AmuwZmnmQ7Vv4RCt84fC6lM6o4HiCc5jB07QY+2WZ5LvWz9zgSt636UpnCMgbG1w2Lxae38fW02RHJv90rn+cyyddB5kSucr5/P5NKBOZut54Cf4zVW9BaqajpQMxe4hEOn+xXpXz8=,iv:beWRlUvb6OUOK+mUXdvpvmM8S7xK0QIkIA2Bk9QA35c=,tag:KrBXqsAdBAhtwygdEHnUqQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -11,6 +11,21 @@ in
|
|||
domain = "vaultwarden.xinyang.life";
|
||||
};
|
||||
|
||||
custom.hedgedoc = {
|
||||
enable = true;
|
||||
caddy = true;
|
||||
domain = "docs.xinyang.life";
|
||||
mediaPath = "/mnt/storage/hedgedoc";
|
||||
oidc = {
|
||||
enable = true;
|
||||
baseURL = "https://auth.xinyang.life/oauth2/openid/hedgedoc";
|
||||
authorizationURL = "https://auth.xinyang.life/ui/oauth2";
|
||||
tokenURL = "https://auth.xinyang.life/oauth2/token";
|
||||
userProfileURL = "https://auth.xinyang.life/oauth2/openid/hedgedoc/userinfo";
|
||||
};
|
||||
environmentFile = config.sops.secrets.hedgedoc_env.path;
|
||||
};
|
||||
|
||||
custom.prometheus = {
|
||||
enable = true;
|
||||
exporters.enable = true;
|
||||
|
@ -27,7 +42,7 @@ in
|
|||
fsType = "cifs";
|
||||
options = ["uid=${share},gid=${share},credentials=${config.sops.secrets.storage_box_mount.path}"];
|
||||
};
|
||||
}) [ "forgejo" "gotosocial" "conduit" ] );
|
||||
}) [ "forgejo" "gotosocial" "conduit" "hedgedoc" ] );
|
||||
|
||||
system.activationScripts = {
|
||||
conduit-media-link.text = ''
|
||||
|
@ -144,7 +159,7 @@ in
|
|||
flush_interval -1
|
||||
}
|
||||
'';
|
||||
virtualHosts."git.xinyang.life:443".extraConfig = ''
|
||||
virtualHosts."https://git.xinyang.life:443".extraConfig = ''
|
||||
reverse_proxy http://${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}
|
||||
'';
|
||||
|
||||
|
@ -155,8 +170,8 @@ in
|
|||
abort
|
||||
}
|
||||
'';
|
||||
virtualHosts."https://auth.xinyang.life:443".extraConfig = ''
|
||||
reverse_proxy https://auth.xinyang.life:${toString kanidm_listen_port} {
|
||||
virtualHosts."https://auth.xinyang.life".extraConfig = ''
|
||||
reverse_proxy https://127.0.0.1:${toString kanidm_listen_port} {
|
||||
header_up Host {upstream_hostport}
|
||||
header_down Access-Control-Allow-Origin "*"
|
||||
transport http {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue