add kanidm

systems/palatine-hill/docker/default.nix

@@ -10,11 +10,11 @@
     #./firefly.nix
     #./foundry.nix
     ./glances.nix
-    # ./haproxy.nix
+    ./haproxy.nix
     ./minecraft.nix
     ./nextcloud.nix
     # ./postgres.nix
-    # ./restic.nix
+    ./restic.nix
     ./torr.nix
     # ./unifi.nix
   ];

systems/palatine-hill/docker/haproxy.cfg

@@ -58,6 +58,7 @@ frontend ContentSwitching
   acl host_prometheus hdr(host) -i prom.alicehuston.xyz
   acl host_gitea hdr(host) -i git.alicehuston.xyz
   acl host_gitea hdr(host) -i nayeonie.com
+  acl host_kanidm hdr(host) -i auth.nayeonie.com
   # Backend-forwarding
   use_backend www_nodes if host_www
 #  use_backend ldapui_nodes if host_ldapui
@@ -75,6 +76,7 @@ frontend ContentSwitching
   use_backend minio_nodes if host_minio
   use_backend minio_console_nodes if host_minio_console
   use_backend gitea_nodes if host_gitea
+  use_backend kanidm_nodes if host_kanidm
 
 #frontend ldap
 #  bind *:389
@@ -183,6 +185,15 @@ backend gitea_nodes
   mode http
   server server 192.168.76.2:6443
 
+backend kanidm_nodes
+  mode http
+  option forwardfor
+  http-request set-header X-Forwarded-Proto https
+  http-request set-header X-Forwarded-Host %[req.hdr(host)]
+  acl internal src 192.168.76.0/24 192.168.191.0/24
+  http-request deny unless internal
+  server server 192.168.76.2:8443 ssl verify none
+
 #backend netdata_nodes
 #  mode http
 #  server server 192.168.76.2:19999

systems/palatine-hill/docker/haproxy.nix

@@ -23,8 +23,6 @@
       };
       dependsOn = [
         "nextcloud"
-        "grafana"
-        "foundryvtt"
         "glances"
         "mc-router"
       ];