feat(core01): add inventory.rz.ens.wtf → snipe-it instance
This commit is contained in:
parent
86de42442d
commit
dc971eff71
7 changed files with 78 additions and 0 deletions
|
@ -20,6 +20,7 @@
|
|||
./acme-dns.nix
|
||||
./backups.nix
|
||||
./headscale.nix
|
||||
./snipe-it.nix
|
||||
# ./dex.nix
|
||||
./oauth2_proxy.nix
|
||||
./secrets
|
||||
|
|
|
@ -5,4 +5,6 @@
|
|||
age.secrets.droneKeyFile.file = ./droneKeyFile.age;
|
||||
age.secrets.dexGiteaClientSecret.file = ./dexGiteaClientSecret.age;
|
||||
age.secrets.matterbridge.file = ./matterbridge.age;
|
||||
age.secrets.snipeItAppKey.file = ./snipeItAppKey.age;
|
||||
age.secrets.snipeItOidcClientSecret.file = ./snipeItOidcClientSecret.age;
|
||||
}
|
||||
|
|
|
@ -12,5 +12,7 @@ in
|
|||
"droneKeyFile.age".publicKeys = superadmins ++ systems;
|
||||
"dexGiteaClientSecret.age".publicKeys = superadmins ++ systems;
|
||||
"matterbridge.age".publicKeys = superadmins ++ systems;
|
||||
"snipeItAppKey.age".publicKeys = superadmins ++ systems;
|
||||
"snipeItOidcClientSecret.age".publicKeys = superadmins ++ systems;
|
||||
}
|
||||
|
||||
|
|
27
machines/core-services-01/secrets/snipeItAppKey.age
Normal file
27
machines/core-services-01/secrets/snipeItAppKey.age
Normal file
|
@ -0,0 +1,27 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-rsa krWCLQ
|
||||
i/TW/dUpeS8QL9ZJg7xKdGW65D1SWFjMpolf1BgEs3hm6uI2W3RWUb5S1PEs6HdF
|
||||
l/yiJtZeBC0e0QbaQ776fiy0MSmuMgcRbJJ1rjloGwFzwwvtqhQMG8rLp70IPZoV
|
||||
F6sUz4jKHaEjIVVbRokdfIKMSnhRXnbW5domOxPmZjXck7YxaR1zqD4S9PtH12Q/
|
||||
P+l/IVS6+tuWlaTs+1FY2pQ0ppPkwxBirm+4/dxD7E5MkOT0OFcpopI225u2vJAz
|
||||
Hfk6SBhWuOu2GFfLDS3sS+50kvx1MNvMeb9qVYHkxE8tXhJxOpykkzwYktYp17jY
|
||||
m+rh1gMPt+mZV2ELaZkGjQ
|
||||
-> ssh-ed25519 85WiGg TSVInZQdH1ZbhSG+FptwCu96UX1SHAhQNculIk8nVF4
|
||||
L1ptiGhMZN78uu1TQ2qVV73+lhlgD34g7xt/AL268Dk
|
||||
-> ssh-ed25519 reTIKw vrZd8hFFywOmDJxAq58Tt4Wdq2ovft1IDJqCvkpRU1o
|
||||
9TmODia85CwXZmzdxk6W4LCflCybq7O1WWoqG5vxENk
|
||||
-> ssh-ed25519 /vwQcQ NSJNN/lRO6TbOQTlY9bT4kdEuP2hElmNIcKRI4ilrQY
|
||||
eGIr9VQSrbG4hB2XQGYXquQVZIkLRq9g9+Ap25YSWSQ
|
||||
-> ssh-ed25519 cvTB5g 24UlsKN0XaA6wW87zj5PkPy90LUmdJe80FV2LVLiwzk
|
||||
57VJ2pf45+r7CgMdr/78ngWll12Se7dS993i+YKp3Vg
|
||||
-> ssh-ed25519 Wu8JLQ wgWSOp5VQzF+pvL338wOwaJ3RIIi1I4SNqW+vT6NQF8
|
||||
HVTfWqmf9CnEkHFpu9NWYagwwBdW8NumwFcUvSlb9i8
|
||||
-> ssh-ed25519 h6AgbA ZRjMQkjz+sw2BZh/myaSnMgz8cngGM9wxQf6L6uPxE8
|
||||
OgYfhTQe4iB9SyL8iReQByA9N5VcUC/YvpvbPIgp/3U
|
||||
-> ssh-ed25519 lHr4YQ JAnhqkgzuCDsmDYnRG/DL/MDrfA/0uCZ1kpZSWiuPw4
|
||||
uMPzV/uWAozlffoqIDtTcI5CI3FAzM5fzDuupAzgE4w
|
||||
-> 3[k-grease l5" cr(}p5 s{\538Js
|
||||
uR+N+zPd323E/1K5MdNaPzAeNYBYfbmmsxtQRufVjMj8jobBLhHq4RVJ/E57t8yv
|
||||
4Cxp
|
||||
--- 1iiPH5I9CDFZwZQwRbhKnqpZ08vTMP1u4pU3+hNpubk
|
||||
Û’f’õ(T×—å©,<2C>¬4Ïî\hKçTÌ Ç†›q)eºñ+³˜è}¥ÁæuñÖÌü
Êô'h©“N”/䶢ä6‚B4<15>KÒ£ð<C2A3>퓃
|
|
@ -0,0 +1,26 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-rsa krWCLQ
|
||||
gPydOcolFG+axyXPVVYYjjr0hypl/xczmMM+W+BbfZFaAL0TqXpqRgjtZSNvA+oh
|
||||
+JHdr+/8IHh2qCS2vtzuH5lAsjM4h4FPPnGixX1SI9eNH14b/Otmoa/OtQD4pHcB
|
||||
PYbh1yh4AILggg1ZMdttS+FUuMtu2A6y2NZYSkbBLy9dwEdZNBs0/cX/xNEqK72V
|
||||
JF0BuGYvchyJ4ec4/m1od94dVva5qKUvK6mr0u5XPXObEOdZ8jJwZodJjrpDaEHJ
|
||||
/yt8svY6upoXIdM4dVbY0Ab1VCwXf+tbGuwypVJF2TkeVW5tbImxuoTPE5XNdKLF
|
||||
XU6RfHzLjUnG1T+dObb9gQ
|
||||
-> ssh-ed25519 85WiGg lVvfjaLUhjdWgRnz0supjMNc6pDpbeEy2Z0fFOc7dkQ
|
||||
srngyi1Wdi1lcXFK7MJtqt2koZkopcXX+hOFENHXJgY
|
||||
-> ssh-ed25519 reTIKw ubW5n+mkAgxwHT9okMRWoE9k5ZpWN7UQDrvRwgS3Xio
|
||||
O7GRq35wulhSadIAJ7C0ekLQQVk209yGiSaWg/VNgYU
|
||||
-> ssh-ed25519 /vwQcQ 0FZbpEDS3xuKyPOSExt4wb/Oi0xlTivdLlpKuXicqx8
|
||||
3ZMA31MUD76KNK1+yX2473wDSv0oyheT7jAmvnbPJNg
|
||||
-> ssh-ed25519 cvTB5g 04++RfeztjNzyHMW7WhxdAWoWT5NyatCN8zf7xFYiCw
|
||||
OWYQ3oFR+/NjY8skMpzd0eS9fsAeugO+loiq4ZqEVWo
|
||||
-> ssh-ed25519 Wu8JLQ b5BEsw8GS+LUcLZ7h36WDHp1uunlVymEcCmAcs5xaHQ
|
||||
4xs/EAPRD4Z/rL3zisjGmslVt7OHx+Kh1kJmdBAxED4
|
||||
-> ssh-ed25519 h6AgbA wNeprhlhTORbN4WFxWPJO0DV5vBVteE297O73EfngD4
|
||||
sceiHAg3S0aZ9xGIsw5VaPJkAWCci03SrHM520pb+Gw
|
||||
-> ssh-ed25519 lHr4YQ v6dG659zPeUqbyT8To8oGf6Kp3y15Z2YjlzdLVK3FCI
|
||||
wB7EFm4tsgkaYexLfQM+lkNtUr09GWlLnh7CbgX3Ifc
|
||||
-> =-grease zZ5 e./C_
|
||||
z1vYPnfdTh+G0bc+UvV1EZMSfaNDsWiDHJ+W+1CB2+Z4pOnQt2jBFPYv7rE
|
||||
--- LbcSlaucZaWsTqBR9PIA46r00cfJtG5ndinWSzsnl/0
|
||||
1hò¼Ñ~‘¿×sÈ°#-ˆFX/<2F>ÿ2¯.Z¨˜F?¬w©ýE<C3BD>ßþ]ñÅiïûc.%»—b-wtÜŒ¸q_%¬}
|
19
machines/core-services-01/snipe-it.nix
Normal file
19
machines/core-services-01/snipe-it.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
services.snipe-it = {
|
||||
enable = true;
|
||||
hostName = "inventory.rz.ens.wtf";
|
||||
database.createLocally = true;
|
||||
appKeyFile = config.age.secrets.snipeItAppKey.path;
|
||||
|
||||
config = {
|
||||
AUTH_METHOD = "oidc";
|
||||
OIDC_NAME = "Keycloak";
|
||||
OIDC_DISPLAY_NAME_CLAIMS = "name";
|
||||
OIDC_CLIENT_ID = "snipe-it";
|
||||
OIDC_CLIENT_SECRET = { _secret = config.age.secrets.snipeItOidcClientSecret.path; };
|
||||
OIDC_ISSUER = "https://auth.rz.ens.wtf/auth/realms/ClubReseau";
|
||||
OIDC_ISSUER_DISCOVER = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -38,6 +38,7 @@ dualstack // {
|
|||
auth = dualstack;
|
||||
push = dualstack;
|
||||
tailscale = dualstack;
|
||||
inventory = dualstack;
|
||||
core01 = dualstack;
|
||||
ns1 = dualstack;
|
||||
|
||||
|
|
Loading…
Reference in a new issue