From 7a3f987b0d51b23775e2b99ed144f8df9928aaf3 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sat, 9 Mar 2024 15:23:50 +0100
Subject: [PATCH] keycloak: disable

---
 hosts/falkenstein/modules/dns/default.nix |   7 ++--
 hosts/nuc/default.nix                     |   1 -
 hosts/nuc/modules/keycloak/default.nix    |  43 ----------------------
 secrets.nix                               |   1 -
 secrets/nuc/keycloak/db.age               | Bin 339 -> 0 bytes
 5 files changed, 3 insertions(+), 49 deletions(-)
 delete mode 100644 hosts/nuc/modules/keycloak/default.nix
 delete mode 100644 secrets/nuc/keycloak/db.age

diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix
index 92da955..48b2eb8 100644
--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@@ -13,8 +13,9 @@
         '';
         file = pkgs.writeText "rfive.de_zone.txt" ''
           $TTL 3600
+          $ORIGIN rfive.de.
         
-          rfive.de.  86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. 2024030829 10800 3600 604800 3600
+          rfive.de.  86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. 2024030832 10800 3600 604800 3600
           @  3600   IN  NS  ns.rfive.de.
           @  3600   IN  NS  ns.inwx.de.
           @  3600   IN  NS  ns2.inwx.de.
@@ -28,7 +29,7 @@
           @  IN   CAA   0 issue "letsencrypt.org"
           @  IN   CAA   0 issuewild ";"
 
-          nuc         3600 IN A 141.30.227.6
+          nuc         IN A 141.30.227.6
 
           falkenstein IN A 23.88.121.184
           falkenstein IN AAAA 2a01:4f8:c012:49de::1
@@ -45,7 +46,6 @@
           rspamd._domainkey IN TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB"
           _dmarc            IN TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de"
 
-          auth       IN CNAME nuc.rfive.de.
           cache      IN CNAME nuc.rfive.de.
           chat       IN CNAME nuc.rfive.de.
           img.trucks IN CNAME falkenstein.rfive.de.
@@ -54,7 +54,6 @@
           rspamd     IN CNAME falkenstein.rfive.de.
           seafile    IN CNAME nuc.rfive.de.
           trucks     IN CNAME falkenstein.rfive.de.
-          uptime     IN CNAME nuc.rfive.de.
           vault      IN CNAME nuc.rfive.de.
 
           _discord IN TXT "dh=0bcca75b0a56c304f0c23fbdb3f12009411e8c0c"
diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix
index 6177596..7415d60 100644
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@@ -7,7 +7,6 @@
       ./modules/networks
       ./modules/backup
       ./modules/cache
-      ./modules/keycloak
       ./modules/matrix
       ./modules/mautrix-telegram
       ./modules/seafile
diff --git a/hosts/nuc/modules/keycloak/default.nix b/hosts/nuc/modules/keycloak/default.nix
deleted file mode 100644
index 0ace24b..0000000
--- a/hosts/nuc/modules/keycloak/default.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ config, ... }:
-let
-  domain = "auth.${config.networking.domain}";
-in
-{
-  age.secrets.keycloak = {
-    file = ../../../../secrets/nuc/keycloak/db.age;
-  };
-  services.keycloak = {
-    enable = true;
-    settings = {
-      http-port = 8084;
-      https-port = 19000;
-      hostname = domain;
-      # proxy-headers = "forwarded";
-      proxy = "edge";
-    };
-    database = {
-      # host = "/var/run/postgresql/.s.PGSQL.5432";
-      # useSSL = false;
-      # createLocally = false;
-      passwordFile = config.age.secrets.keycloak.path;
-    };
-    initialAdminPassword = "plschangeme";
-  };
-  # services.postgresql = {
-  #   enable = true;
-  #   ensureUsers = [
-  #     {
-  #       name = "keycloak";
-  #       ensureDBOwnership = true;
-  #     }
-  #   ];
-  #   ensureDatabases = [ "keycloak" ];
-  # };
-  services.nginx.virtualHosts."${domain}" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}";
-    };
-  };
-}
diff --git a/secrets.nix b/secrets.nix
index f73f67b..afcde6c 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -20,7 +20,6 @@ in
   "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
-  "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];
diff --git a/secrets/nuc/keycloak/db.age b/secrets/nuc/keycloak/db.age
deleted file mode 100644
index 1093a5bf5f6ea03cbdbdb1d3b8ec99964fadf213..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 339
zcmZ9_yH0~p002-o6E+j$%;Z9_P@tvJnB4YKD1BI<E$w2$<AS%LydP2*<80#U?BwX+
zCm0jsYWxI0!Ng5x&kr2SM>GnZw2pHeg-229H%gYEPsuF1ppn}Y1hzvKrVSL0%nd(L
zq7gf!hBL#PH>lhw2OAinVO>Ef)7e6|Rj?G4K2O+zAvIk%PoNE&rU67V?Si#5)<jtm
zM;n$>7nPl2P>HMmTXUwnOP_>tVNtNg5Ssn%6!6hyhSj((Cv}Inr${u5+FFEYBW@W&
z;JIl_b9)`stz@b#bkKy+xAD?*@_3Vtk;ZWPyt|@2=WnBF(qvL+5EwOfCE&HoHAh7<
zr&WnQuGh9DVUIski@D;&u|&|p2jUM-ZlAtbyw5*_*SDR$>lVIy|GED@53}RXhuy=V
O#5cXi7mzT@)$A7^VsX3x