From dc971eff71754648527ab7a06bd40ba6a89c2c0c Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Tue, 6 Sep 2022 01:06:39 +0200 Subject: [PATCH] =?UTF-8?q?feat(core01):=20add=20inventory.rz.ens.wtf=20?= =?UTF-8?q?=E2=86=92=20snipe-it=20instance?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machines/core-services-01/configuration.nix | 1 + machines/core-services-01/secrets/default.nix | 2 ++ machines/core-services-01/secrets/secrets.nix | 2 ++ .../secrets/snipeItAppKey.age | 27 +++++++++++++++++++ .../secrets/snipeItOidcClientSecret.age | 26 ++++++++++++++++++ machines/core-services-01/snipe-it.nix | 19 +++++++++++++ machines/core-services-01/subZone.nix | 1 + 7 files changed, 78 insertions(+) create mode 100644 machines/core-services-01/secrets/snipeItAppKey.age create mode 100644 machines/core-services-01/secrets/snipeItOidcClientSecret.age create mode 100644 machines/core-services-01/snipe-it.nix diff --git a/machines/core-services-01/configuration.nix b/machines/core-services-01/configuration.nix index 5f0e145..dcf85af 100644 --- a/machines/core-services-01/configuration.nix +++ b/machines/core-services-01/configuration.nix @@ -20,6 +20,7 @@ ./acme-dns.nix ./backups.nix ./headscale.nix + ./snipe-it.nix # ./dex.nix ./oauth2_proxy.nix ./secrets diff --git a/machines/core-services-01/secrets/default.nix b/machines/core-services-01/secrets/default.nix index 452d42e..a02981b 100644 --- a/machines/core-services-01/secrets/default.nix +++ b/machines/core-services-01/secrets/default.nix @@ -5,4 +5,6 @@ age.secrets.droneKeyFile.file = ./droneKeyFile.age; age.secrets.dexGiteaClientSecret.file = ./dexGiteaClientSecret.age; age.secrets.matterbridge.file = ./matterbridge.age; + age.secrets.snipeItAppKey.file = ./snipeItAppKey.age; + age.secrets.snipeItOidcClientSecret.file = ./snipeItOidcClientSecret.age; } diff --git a/machines/core-services-01/secrets/secrets.nix b/machines/core-services-01/secrets/secrets.nix index 0455e41..9925641 100644 --- a/machines/core-services-01/secrets/secrets.nix +++ b/machines/core-services-01/secrets/secrets.nix @@ -12,5 +12,7 @@ in "droneKeyFile.age".publicKeys = superadmins ++ systems; "dexGiteaClientSecret.age".publicKeys = superadmins ++ systems; "matterbridge.age".publicKeys = superadmins ++ systems; + "snipeItAppKey.age".publicKeys = superadmins ++ systems; + "snipeItOidcClientSecret.age".publicKeys = superadmins ++ systems; } diff --git a/machines/core-services-01/secrets/snipeItAppKey.age b/machines/core-services-01/secrets/snipeItAppKey.age new file mode 100644 index 0000000..3a393c2 --- /dev/null +++ b/machines/core-services-01/secrets/snipeItAppKey.age @@ -0,0 +1,27 @@ +age-encryption.org/v1 +-> ssh-rsa krWCLQ +i/TW/dUpeS8QL9ZJg7xKdGW65D1SWFjMpolf1BgEs3hm6uI2W3RWUb5S1PEs6HdF +l/yiJtZeBC0e0QbaQ776fiy0MSmuMgcRbJJ1rjloGwFzwwvtqhQMG8rLp70IPZoV +F6sUz4jKHaEjIVVbRokdfIKMSnhRXnbW5domOxPmZjXck7YxaR1zqD4S9PtH12Q/ +P+l/IVS6+tuWlaTs+1FY2pQ0ppPkwxBirm+4/dxD7E5MkOT0OFcpopI225u2vJAz +Hfk6SBhWuOu2GFfLDS3sS+50kvx1MNvMeb9qVYHkxE8tXhJxOpykkzwYktYp17jY +m+rh1gMPt+mZV2ELaZkGjQ +-> ssh-ed25519 85WiGg TSVInZQdH1ZbhSG+FptwCu96UX1SHAhQNculIk8nVF4 +L1ptiGhMZN78uu1TQ2qVV73+lhlgD34g7xt/AL268Dk +-> ssh-ed25519 reTIKw vrZd8hFFywOmDJxAq58Tt4Wdq2ovft1IDJqCvkpRU1o +9TmODia85CwXZmzdxk6W4LCflCybq7O1WWoqG5vxENk +-> ssh-ed25519 /vwQcQ NSJNN/lRO6TbOQTlY9bT4kdEuP2hElmNIcKRI4ilrQY +eGIr9VQSrbG4hB2XQGYXquQVZIkLRq9g9+Ap25YSWSQ +-> ssh-ed25519 cvTB5g 24UlsKN0XaA6wW87zj5PkPy90LUmdJe80FV2LVLiwzk +57VJ2pf45+r7CgMdr/78ngWll12Se7dS993i+YKp3Vg +-> ssh-ed25519 Wu8JLQ wgWSOp5VQzF+pvL338wOwaJ3RIIi1I4SNqW+vT6NQF8 +HVTfWqmf9CnEkHFpu9NWYagwwBdW8NumwFcUvSlb9i8 +-> ssh-ed25519 h6AgbA ZRjMQkjz+sw2BZh/myaSnMgz8cngGM9wxQf6L6uPxE8 +OgYfhTQe4iB9SyL8iReQByA9N5VcUC/YvpvbPIgp/3U +-> ssh-ed25519 lHr4YQ JAnhqkgzuCDsmDYnRG/DL/MDrfA/0uCZ1kpZSWiuPw4 +uMPzV/uWAozlffoqIDtTcI5CI3FAzM5fzDuupAzgE4w +-> 3[k-grease l5" cr(}p5 s{\538Js +uR+N+zPd323E/1K5MdNaPzAeNYBYfbmmsxtQRufVjMj8jobBLhHq4RVJ/E57t8yv +4Cxp +--- 1iiPH5I9CDFZwZQwRbhKnqpZ08vTMP1u4pU3+hNpubk +ےf(Tח,4\hKT džq)e+}u 'hN/䶢6B4Kң \ No newline at end of file diff --git a/machines/core-services-01/secrets/snipeItOidcClientSecret.age b/machines/core-services-01/secrets/snipeItOidcClientSecret.age new file mode 100644 index 0000000..80300cc --- /dev/null +++ b/machines/core-services-01/secrets/snipeItOidcClientSecret.age @@ -0,0 +1,26 @@ +age-encryption.org/v1 +-> ssh-rsa krWCLQ +gPydOcolFG+axyXPVVYYjjr0hypl/xczmMM+W+BbfZFaAL0TqXpqRgjtZSNvA+oh ++JHdr+/8IHh2qCS2vtzuH5lAsjM4h4FPPnGixX1SI9eNH14b/Otmoa/OtQD4pHcB +PYbh1yh4AILggg1ZMdttS+FUuMtu2A6y2NZYSkbBLy9dwEdZNBs0/cX/xNEqK72V +JF0BuGYvchyJ4ec4/m1od94dVva5qKUvK6mr0u5XPXObEOdZ8jJwZodJjrpDaEHJ +/yt8svY6upoXIdM4dVbY0Ab1VCwXf+tbGuwypVJF2TkeVW5tbImxuoTPE5XNdKLF +XU6RfHzLjUnG1T+dObb9gQ +-> ssh-ed25519 85WiGg lVvfjaLUhjdWgRnz0supjMNc6pDpbeEy2Z0fFOc7dkQ +srngyi1Wdi1lcXFK7MJtqt2koZkopcXX+hOFENHXJgY +-> ssh-ed25519 reTIKw ubW5n+mkAgxwHT9okMRWoE9k5ZpWN7UQDrvRwgS3Xio +O7GRq35wulhSadIAJ7C0ekLQQVk209yGiSaWg/VNgYU +-> ssh-ed25519 /vwQcQ 0FZbpEDS3xuKyPOSExt4wb/Oi0xlTivdLlpKuXicqx8 +3ZMA31MUD76KNK1+yX2473wDSv0oyheT7jAmvnbPJNg +-> ssh-ed25519 cvTB5g 04++RfeztjNzyHMW7WhxdAWoWT5NyatCN8zf7xFYiCw +OWYQ3oFR+/NjY8skMpzd0eS9fsAeugO+loiq4ZqEVWo +-> ssh-ed25519 Wu8JLQ b5BEsw8GS+LUcLZ7h36WDHp1uunlVymEcCmAcs5xaHQ +4xs/EAPRD4Z/rL3zisjGmslVt7OHx+Kh1kJmdBAxED4 +-> ssh-ed25519 h6AgbA wNeprhlhTORbN4WFxWPJO0DV5vBVteE297O73EfngD4 +sceiHAg3S0aZ9xGIsw5VaPJkAWCci03SrHM520pb+Gw +-> ssh-ed25519 lHr4YQ v6dG659zPeUqbyT8To8oGf6Kp3y15Z2YjlzdLVK3FCI +wB7EFm4tsgkaYexLfQM+lkNtUr09GWlLnh7CbgX3Ifc +-> =-grease zZ5 e./C_ +z1vYPnfdTh+G0bc+UvV1EZMSfaNDsWiDHJ+W+1CB2+Z4pOnQt2jBFPYv7rE +--- LbcSlaucZaWsTqBR9PIA46r00cfJtG5ndinWSzsnl/0 +1h~sȰ#-FX/2.ZF?wE]ic.%b-wt܌q_%} \ No newline at end of file diff --git a/machines/core-services-01/snipe-it.nix b/machines/core-services-01/snipe-it.nix new file mode 100644 index 0000000..c1f3658 --- /dev/null +++ b/machines/core-services-01/snipe-it.nix @@ -0,0 +1,19 @@ +{ pkgs, config, ... }: +{ + services.snipe-it = { + enable = true; + hostName = "inventory.rz.ens.wtf"; + database.createLocally = true; + appKeyFile = config.age.secrets.snipeItAppKey.path; + + config = { + AUTH_METHOD = "oidc"; + OIDC_NAME = "Keycloak"; + OIDC_DISPLAY_NAME_CLAIMS = "name"; + OIDC_CLIENT_ID = "snipe-it"; + OIDC_CLIENT_SECRET = { _secret = config.age.secrets.snipeItOidcClientSecret.path; }; + OIDC_ISSUER = "https://auth.rz.ens.wtf/auth/realms/ClubReseau"; + OIDC_ISSUER_DISCOVER = true; + }; + }; +} diff --git a/machines/core-services-01/subZone.nix b/machines/core-services-01/subZone.nix index a0f9fc4..a3a0573 100644 --- a/machines/core-services-01/subZone.nix +++ b/machines/core-services-01/subZone.nix @@ -38,6 +38,7 @@ dualstack // { auth = dualstack; push = dualstack; tailscale = dualstack; + inventory = dualstack; core01 = dualstack; ns1 = dualstack;