treewide: update domains for some services

2025-01-01 23:33:11 +08:00 · 2025-01-01 23:33:11 +08:00 · 7bcb08990f
parent d305459834
commit 7bcb08990f
8 changed files with 22 additions and 22 deletions
--- a/infra/cloudflare.tf
+++ b/infra/cloudflare.tf
@ -61,9 +61,9 @@ resource "cloudflare_zero_trust_access_identity_provider" "oidc_keycloak" {
  config {
    client_id     = "cloudflare"
    client_secret = local.secrets.cloudflare.keycloak_oidc_secret
-    auth_url      = "https://keycloak.rebmit.moe/realms/rebmit/protocol/openid-connect/auth"
-    token_url     = "https://keycloak.rebmit.moe/realms/rebmit/protocol/openid-connect/token"
-    certs_url     = "https://keycloak.rebmit.moe/realms/rebmit/protocol/openid-connect/certs"
+    auth_url      = "https://id.rebmit.moe/realms/rebmit/protocol/openid-connect/auth"
+    token_url     = "https://id.rebmit.moe/realms/rebmit/protocol/openid-connect/token"
+    certs_url     = "https://id.rebmit.moe/realms/rebmit/protocol/openid-connect/certs"
    scopes        = ["openid", "email", "profile"]
  }
 }
--- a/infra/terraform.tfstate
+++ b/infra/terraform.tfstate
--- a/nixos/profiles/services/keycloak/default.nix
+++ b/nixos/profiles/services/keycloak/default.nix
@ -16,7 +16,7 @@
      http-host = "127.0.0.1";
      http-port = config.networking.ports.keycloak;
      proxy-headers = "xforwarded";
-      hostname = "keycloak.rebmit.moe";
+      hostname = "id.rebmit.moe";
      cache = "local";
    };
  };
@ -25,7 +25,7 @@
    MemoryDenyWriteExecute = false;
  };

-  services.caddy.virtualHosts."keycloak.rebmit.moe" = {
+  services.caddy.virtualHosts."id.rebmit.moe" = {
    extraConfig = ''
      reverse_proxy ${config.services.keycloak.settings.http-host}:${toString config.services.keycloak.settings.http-port}
    '';
--- a/nixos/profiles/services/matrix/synapse.nix
+++ b/nixos/profiles/services/matrix/synapse.nix
@ -18,7 +18,7 @@
    withJemalloc = true;
    settings = {
      server_name = "rebmit.moe";
-      public_baseurl = "https://matrix.rebmit.moe";
+      public_baseurl = "https://chat.rebmit.moe";

      dynamic_thumbnails = true;
      enable_registration = true;
@ -48,8 +48,8 @@
      oidc_providers = [
        {
          idp_id = "keycloak";
-          idp_name = "keycloak.rebmit.moe";
-          issuer = "https://keycloak.rebmit.moe/realms/rebmit";
+          idp_name = "id.rebmit.moe";
+          issuer = "https://id.rebmit.moe/realms/rebmit";
          client_id = "synapse";
          client_secret_path = config.sops.secrets."synapse/oidc-client-secret".path;
          scopes = [
@ -72,7 +72,7 @@
    };
  };

-  services.caddy.virtualHosts."matrix.rebmit.moe" = {
+  services.caddy.virtualHosts."chat.rebmit.moe" = {
    extraConfig = ''
      reverse_proxy /_matrix/* 127.0.0.1:${toString config.networking.ports.matrix-synapse}
      reverse_proxy /_synapse/* 127.0.0.1:${toString config.networking.ports.matrix-synapse}
--- a/nixos/profiles/services/miniflux/default.nix
+++ b/nixos/profiles/services/miniflux/default.nix
@ -3,19 +3,19 @@
  services.miniflux = {
    enable = true;
    config = rec {
-      BASE_URL = "https://miniflux.rebmit.moe";
+      BASE_URL = "https://rss.rebmit.moe";
      LISTEN_ADDR = "127.0.0.1:${toString config.networking.ports.miniflux}";
      CREATE_ADMIN = 0;
      OAUTH2_PROVIDER = "oidc";
      OAUTH2_CLIENT_ID = "miniflux";
      OAUTH2_REDIRECT_URL = "${BASE_URL}/oauth2/oidc/callback";
-      OAUTH2_OIDC_PROVIDER_NAME = "keycloak.rebmit.moe";
-      OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://keycloak.rebmit.moe/realms/rebmit";
+      OAUTH2_OIDC_PROVIDER_NAME = "id.rebmit.moe";
+      OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://id.rebmit.moe/realms/rebmit";
      OAUTH2_USER_CREATION = 1;
    };
  };

-  services.caddy.virtualHosts."miniflux.rebmit.moe" = {
+  services.caddy.virtualHosts."rss.rebmit.moe" = {
    extraConfig = ''
      reverse_proxy ${config.services.miniflux.config.LISTEN_ADDR}
    '';
--- a/nixos/profiles/services/prometheus/server.nix
+++ b/nixos/profiles/services/prometheus/server.nix
@ -105,9 +105,9 @@ in
          {
            targets = [
              "https://rebmit.moe"
-              "https://keycloak.rebmit.moe"
-              "https://matrix.rebmit.moe"
-              "https://miniflux.rebmit.moe"
+              "https://chat.rebmit.moe"
+              "https://id.rebmit.moe"
+              "https://rss.rebmit.moe"
            ];
          }
        ];
--- a/nixos/profiles/services/well-known/default.nix
+++ b/nixos/profiles/services/well-known/default.nix
@ -6,13 +6,13 @@
      header Access-Control-Allow-Origin *
      respond /.well-known/matrix/server `${
        builtins.toJSON {
-          "m.server" = "matrix.rebmit.moe:443";
+          "m.server" = "chat.rebmit.moe:443";
        }
      }`
      respond /.well-known/matrix/client `${
        builtins.toJSON {
          "m.homeserver" = {
-            "base_url" = "https://matrix.rebmit.moe";
+            "base_url" = "https://chat.rebmit.moe";
          };
        }
      }`
--- a/zones/rebmit.moe.nix
+++ b/zones/rebmit.moe.nix
@ -44,11 +44,11 @@ dns.lib.toString "rebmit.moe" {
  MX = with mx; [ (mx 10 "suwako-vie1.rebmit.link.") ];
  TXT = [ (with spf; soft [ "mx" ]) ];
  subdomains = {
-    keycloak.CNAME = [ "suwako-vie0.rebmit.link." ];
-    matrix.CNAME = [ "suwako-vie0.rebmit.link." ];
-    miniflux.CNAME = [ "suwako-vie0.rebmit.link." ];
+    chat.CNAME = [ "suwako-vie0.rebmit.link." ];
+    id.CNAME = [ "suwako-vie0.rebmit.link." ];
    ntfy.CNAME = [ "fallback.workers.moe." ];
    prometheus.CNAME = [ "fallback.workers.moe." ];
+    rss.CNAME = [ "suwako-vie0.rebmit.link." ];
    vault.CNAME = [ "suwako-vie1.rebmit.link." ];
  };
 }