Klub-RZ/infrastructure
4
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity

feat(core01): add inventory.rz.ens.wtf → snipe-it instance

Browse source
This commit is contained in:
Raito Bezarius 2022-09-06 01:06:39 +02:00
parent 86de42442d
commit dc971eff71
7 changed files with 78 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
machines/core-services-01/configuration.nix
View file

@ -20,6 +20,7 @@
./acme-dns.nix ./acme-dns.nix
./backups.nix ./backups.nix
./headscale.nix ./headscale.nix
./snipe-it.nix
# ./dex.nix # ./dex.nix
./oauth2_proxy.nix ./oauth2_proxy.nix
./secrets ./secrets

2
machines/core-services-01/secrets/default.nix
View file

@ -5,4 +5,6 @@
age.secrets.droneKeyFile.file = ./droneKeyFile.age; age.secrets.droneKeyFile.file = ./droneKeyFile.age;
age.secrets.dexGiteaClientSecret.file = ./dexGiteaClientSecret.age; age.secrets.dexGiteaClientSecret.file = ./dexGiteaClientSecret.age;
age.secrets.matterbridge.file = ./matterbridge.age; age.secrets.matterbridge.file = ./matterbridge.age;
age.secrets.snipeItAppKey.file = ./snipeItAppKey.age;
age.secrets.snipeItOidcClientSecret.file = ./snipeItOidcClientSecret.age;
} }

2
machines/core-services-01/secrets/secrets.nix
View file

@ -12,5 +12,7 @@ in
"droneKeyFile.age".publicKeys = superadmins ++ systems; "droneKeyFile.age".publicKeys = superadmins ++ systems;
"dexGiteaClientSecret.age".publicKeys = superadmins ++ systems; "dexGiteaClientSecret.age".publicKeys = superadmins ++ systems;
"matterbridge.age".publicKeys = superadmins ++ systems; "matterbridge.age".publicKeys = superadmins ++ systems;
"snipeItAppKey.age".publicKeys = superadmins ++ systems;
"snipeItOidcClientSecret.age".publicKeys = superadmins ++ systems;
} }

27
machines/core-services-01/secrets/snipeItAppKey.age Normal file
View file

@ -0,0 +1,27 @@
age-encryption.org/v1
-> ssh-rsa krWCLQ
i/TW/dUpeS8QL9ZJg7xKdGW65D1SWFjMpolf1BgEs3hm6uI2W3RWUb5S1PEs6HdF
l/yiJtZeBC0e0QbaQ776fiy0MSmuMgcRbJJ1rjloGwFzwwvtqhQMG8rLp70IPZoV
F6sUz4jKHaEjIVVbRokdfIKMSnhRXnbW5domOxPmZjXck7YxaR1zqD4S9PtH12Q/
P+l/IVS6+tuWlaTs+1FY2pQ0ppPkwxBirm+4/dxD7E5MkOT0OFcpopI225u2vJAz
Hfk6SBhWuOu2GFfLDS3sS+50kvx1MNvMeb9qVYHkxE8tXhJxOpykkzwYktYp17jY
m+rh1gMPt+mZV2ELaZkGjQ
-> ssh-ed25519 85WiGg TSVInZQdH1ZbhSG+FptwCu96UX1SHAhQNculIk8nVF4
L1ptiGhMZN78uu1TQ2qVV73+lhlgD34g7xt/AL268Dk
-> ssh-ed25519 reTIKw vrZd8hFFywOmDJxAq58Tt4Wdq2ovft1IDJqCvkpRU1o
9TmODia85CwXZmzdxk6W4LCflCybq7O1WWoqG5vxENk
-> ssh-ed25519 /vwQcQ NSJNN/lRO6TbOQTlY9bT4kdEuP2hElmNIcKRI4ilrQY
eGIr9VQSrbG4hB2XQGYXquQVZIkLRq9g9+Ap25YSWSQ
-> ssh-ed25519 cvTB5g 24UlsKN0XaA6wW87zj5PkPy90LUmdJe80FV2LVLiwzk
57VJ2pf45+r7CgMdr/78ngWll12Se7dS993i+YKp3Vg
-> ssh-ed25519 Wu8JLQ wgWSOp5VQzF+pvL338wOwaJ3RIIi1I4SNqW+vT6NQF8
HVTfWqmf9CnEkHFpu9NWYagwwBdW8NumwFcUvSlb9i8
-> ssh-ed25519 h6AgbA ZRjMQkjz+sw2BZh/myaSnMgz8cngGM9wxQf6L6uPxE8
OgYfhTQe4iB9SyL8iReQByA9N5VcUC/YvpvbPIgp/3U
-> ssh-ed25519 lHr4YQ JAnhqkgzuCDsmDYnRG/DL/MDrfA/0uCZ1kpZSWiuPw4
uMPzV/uWAozlffoqIDtTcI5CI3FAzM5fzDuupAzgE4w
-> 3[k-grease l5" cr(}p5 s{\538Js
uR+N+zPd323E/1K5MdNaPzAeNYBYfbmmsxtQRufVjMj8jobBLhHq4RVJ/E57t8yv
4Cxp
--- 1iiPH5I9CDFZwZQwRbhKnqpZ08vTMP1u4pU3+hNpubk
Ûfõ(T×—å©,<2C>¬4Ïî\hKçTÌ Ç†q)eºñ+³˜è}¥ÁæuñÖÌü Êô'h©“N”/䶢ä6B4<15>KÒ£ð<C2A3>퓃

26
machines/core-services-01/secrets/snipeItOidcClientSecret.age Normal file
View file

@ -0,0 +1,26 @@
age-encryption.org/v1
-> ssh-rsa krWCLQ
gPydOcolFG+axyXPVVYYjjr0hypl/xczmMM+W+BbfZFaAL0TqXpqRgjtZSNvA+oh
+JHdr+/8IHh2qCS2vtzuH5lAsjM4h4FPPnGixX1SI9eNH14b/Otmoa/OtQD4pHcB
PYbh1yh4AILggg1ZMdttS+FUuMtu2A6y2NZYSkbBLy9dwEdZNBs0/cX/xNEqK72V
JF0BuGYvchyJ4ec4/m1od94dVva5qKUvK6mr0u5XPXObEOdZ8jJwZodJjrpDaEHJ
/yt8svY6upoXIdM4dVbY0Ab1VCwXf+tbGuwypVJF2TkeVW5tbImxuoTPE5XNdKLF
XU6RfHzLjUnG1T+dObb9gQ
-> ssh-ed25519 85WiGg lVvfjaLUhjdWgRnz0supjMNc6pDpbeEy2Z0fFOc7dkQ
srngyi1Wdi1lcXFK7MJtqt2koZkopcXX+hOFENHXJgY
-> ssh-ed25519 reTIKw ubW5n+mkAgxwHT9okMRWoE9k5ZpWN7UQDrvRwgS3Xio
O7GRq35wulhSadIAJ7C0ekLQQVk209yGiSaWg/VNgYU
-> ssh-ed25519 /vwQcQ 0FZbpEDS3xuKyPOSExt4wb/Oi0xlTivdLlpKuXicqx8
3ZMA31MUD76KNK1+yX2473wDSv0oyheT7jAmvnbPJNg
-> ssh-ed25519 cvTB5g 04++RfeztjNzyHMW7WhxdAWoWT5NyatCN8zf7xFYiCw
OWYQ3oFR+/NjY8skMpzd0eS9fsAeugO+loiq4ZqEVWo
-> ssh-ed25519 Wu8JLQ b5BEsw8GS+LUcLZ7h36WDHp1uunlVymEcCmAcs5xaHQ
4xs/EAPRD4Z/rL3zisjGmslVt7OHx+Kh1kJmdBAxED4
-> ssh-ed25519 h6AgbA wNeprhlhTORbN4WFxWPJO0DV5vBVteE297O73EfngD4
sceiHAg3S0aZ9xGIsw5VaPJkAWCci03SrHM520pb+Gw
-> ssh-ed25519 lHr4YQ v6dG659zPeUqbyT8To8oGf6Kp3y15Z2YjlzdLVK3FCI
wB7EFm4tsgkaYexLfQM+lkNtUr09GWlLnh7CbgX3Ifc
-> =-grease zZ5 e./C_
z1vYPnfdTh+G0bc+UvV1EZMSfaNDsWiDHJ+W+1CB2+Z4pOnQt2jBFPYv7rE
--- LbcSlaucZaWsTqBR9PIA46r00cfJtG5ndinWSzsnl/0
1hò¼Ñ~‘¿×sÈ°#-ˆFX/<2F>ÿ2¯.Z¨˜F?¬w©ýE<C3BD>ßþ]ñÅiïûc.%»—b-wtÜŒ¸q_%¬}

19
machines/core-services-01/snipe-it.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs, config, ... }:
{
services.snipe-it = {
enable = true;
hostName = "inventory.rz.ens.wtf";
database.createLocally = true;
appKeyFile = config.age.secrets.snipeItAppKey.path;
config = {
AUTH_METHOD = "oidc";
OIDC_NAME = "Keycloak";
OIDC_DISPLAY_NAME_CLAIMS = "name";
OIDC_CLIENT_ID = "snipe-it";
OIDC_CLIENT_SECRET = { _secret = config.age.secrets.snipeItOidcClientSecret.path; };
OIDC_ISSUER = "https://auth.rz.ens.wtf/auth/realms/ClubReseau";
OIDC_ISSUER_DISCOVER = true;
};
};
}

1
machines/core-services-01/subZone.nix
View file

@ -38,6 +38,7 @@ dualstack // {
auth = dualstack; auth = dualstack;
push = dualstack; push = dualstack;
tailscale = dualstack; tailscale = dualstack;
inventory = dualstack;
core01 = dualstack; core01 = dualstack;
ns1 = dualstack; ns1 = dualstack;