try keycloak
This commit is contained in:
@@ -49,6 +49,8 @@
|
||||
settings = {
|
||||
hostname = "auth.blunkall.us";
|
||||
};
|
||||
|
||||
initialAdminPassword = "7567";
|
||||
};
|
||||
|
||||
system.stateVersion = "25.05";
|
||||
|
||||
@@ -22,14 +22,6 @@
|
||||
containerPort = 443;
|
||||
hostPort = 443;
|
||||
}
|
||||
{
|
||||
containerPort = 9080;
|
||||
hostPort = 9080;
|
||||
}
|
||||
{
|
||||
containerPort = 9443;
|
||||
hostPort = 9443;
|
||||
}
|
||||
];
|
||||
|
||||
bindMounts = {
|
||||
@@ -62,20 +54,6 @@
|
||||
sendanonymoususage = false;
|
||||
};
|
||||
entryPoints = {
|
||||
local = {
|
||||
address = ":9080";
|
||||
http.redirections.entryPoint = {
|
||||
to = "localsecure";
|
||||
scheme = "https";
|
||||
};
|
||||
};
|
||||
|
||||
localsecure = {
|
||||
address = ":9443";
|
||||
asDefault = true;
|
||||
http.tls.certResolver = "cloudflare";
|
||||
};
|
||||
|
||||
web = {
|
||||
address = ":80";
|
||||
http.redirections.entryPoint = {
|
||||
@@ -90,7 +68,7 @@
|
||||
certResolver = "cloudflare";
|
||||
domains = {
|
||||
main = "blunkall.us";
|
||||
sans = [ "*.local.blunkall.us" "*.blunkall.us" "blunkall.us" ];
|
||||
sans = [ "*.blunkall.us" "blunkall.us" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -112,12 +90,6 @@
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
/*letsencrypt.acme = {
|
||||
email = "postmaster@blunkall.us";
|
||||
storage = "/root/data/acme.json";
|
||||
httpChallenge.entryPoint = "web";
|
||||
};*/
|
||||
};
|
||||
};
|
||||
|
||||
@@ -125,16 +97,14 @@
|
||||
http = {
|
||||
routers = {
|
||||
homepageSecure = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`blunkall.us`) || Host(`www.blunkall.us`)";
|
||||
service = "homepage";
|
||||
tls.certResolver = "cloudflare";
|
||||
middlewares = [
|
||||
"authentik"
|
||||
];
|
||||
#middlewares = [ "authentik" ];
|
||||
};
|
||||
nathan = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`nathan.blunkall.us`)";
|
||||
service = "homepage";
|
||||
tls.certResolver = "cloudflare";
|
||||
@@ -143,50 +113,42 @@
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`remote.blunkall.us`)";
|
||||
service = "novnc";
|
||||
middlewares = [ "authentik" ];
|
||||
tls.certResolver = "cloudflare";
|
||||
#middlewares = [ "authentik" ];
|
||||
};
|
||||
homeassistant = {
|
||||
/*homeassistant = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`hass.blunkall.us`)";
|
||||
service = "homeassistant";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
ollama = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`ollama.blunkall.us`)";
|
||||
service = "ollama";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
};*/
|
||||
jellyfin = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`jellyfin.blunkall.us`)";
|
||||
service = "jellyfin";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
|
||||
auth = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`auth.blunkall.us`)";
|
||||
service = "authentik";
|
||||
service = "keycloak";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
gitlab = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
/*gitlab = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`gitlab.blunkall.us`)";
|
||||
service = "gitlab";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
|
||||
};*/
|
||||
gitea = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`gitea.blunkall.us`)";
|
||||
service = "gitea";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
|
||||
nextcloud = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`nextcloud.blunkall.us`)";
|
||||
service = "nextcloud";
|
||||
tls.certResolver = "cloudflare";
|
||||
@@ -194,21 +156,19 @@
|
||||
"nextcloud_redirectregex"
|
||||
];
|
||||
};
|
||||
|
||||
traefik = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`traefik.blunkall.us`)";
|
||||
service = "api@internal";
|
||||
tls.certResolver = "cloudflare";
|
||||
middlewares = [ "authentik" ];
|
||||
#middlewares = [ "authentik" ];
|
||||
};
|
||||
|
||||
ntfy = {
|
||||
/*ntfy = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`ntfy.blunkall.us`)";
|
||||
service = "ntfy";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
};*/
|
||||
|
||||
/*pihole = {
|
||||
entryPoints = [ "localsecure" ];
|
||||
@@ -217,7 +177,7 @@
|
||||
tls.certResolver = "cloudflare";
|
||||
};*/
|
||||
|
||||
netbird = {
|
||||
/*netbird = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`vpn.blunkall.us`)";
|
||||
service = "netbird";
|
||||
@@ -240,11 +200,11 @@
|
||||
rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/signalexchange.SignalExchange`)";
|
||||
service = "netbirdSignal";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
};*/
|
||||
};
|
||||
|
||||
middlewares = {
|
||||
authentik.forwardAuth = {
|
||||
/*authentik.forwardAuth = {
|
||||
address = "http://192.168.100.10:9000/outpost.goauthentik.io/auth/traefik";
|
||||
trustForwardHeader = true;
|
||||
authResponseHeaders = [
|
||||
@@ -260,7 +220,7 @@
|
||||
"X-authentik-meta-app"
|
||||
"X-authentik-meta-version"
|
||||
];
|
||||
};
|
||||
};*/
|
||||
|
||||
nextcloud_redirectregex.redirectregex = {
|
||||
permanent = true;
|
||||
@@ -270,7 +230,7 @@
|
||||
};
|
||||
|
||||
services = {
|
||||
gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
|
||||
#gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
|
||||
gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:3000"; } ];
|
||||
|
||||
homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ];
|
||||
@@ -279,32 +239,32 @@
|
||||
|
||||
authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ];
|
||||
|
||||
pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ];
|
||||
#pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ];
|
||||
|
||||
keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ];
|
||||
|
||||
novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ];
|
||||
|
||||
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ];
|
||||
|
||||
ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ];
|
||||
#ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ];
|
||||
|
||||
netbird.loadBalancer = {
|
||||
/*netbird.loadBalancer = {
|
||||
passHostHeader = true;
|
||||
servers = [ { url = "http://192.168.100.21"; } ];
|
||||
};
|
||||
netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.21:33073"; } ];
|
||||
netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.21:33073"; } ];
|
||||
netbirdSignal.loadBalancer.servers = [ { url = "h2c://192.168.100.21:10000"; } ];
|
||||
|
||||
homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ];
|
||||
|
||||
ollama.loadBalancer.servers = [ { url = "http://192.168.100.10:11434"; } ];
|
||||
*/
|
||||
#homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ];
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 9080 9443 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedUDPPorts = [ 80 443 ];
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
Reference in New Issue
Block a user