keycloak: disable

hosts/falkenstein/modules/dns/default.nix

@@ -13,8 +13,9 @@
         '';
         file = pkgs.writeText "rfive.de_zone.txt" ''
           $TTL 3600
+          $ORIGIN rfive.de.
         
-          rfive.de.  86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. 2024030829 10800 3600 604800 3600
+          rfive.de.  86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. 2024030832 10800 3600 604800 3600
           @  3600   IN  NS  ns.rfive.de.
           @  3600   IN  NS  ns.inwx.de.
           @  3600   IN  NS  ns2.inwx.de.
@@ -28,7 +29,7 @@
           @  IN   CAA   0 issue "letsencrypt.org"
           @  IN   CAA   0 issuewild ";"
 
-          nuc         3600 IN A 141.30.227.6
+          nuc         IN A 141.30.227.6
 
           falkenstein IN A 23.88.121.184
           falkenstein IN AAAA 2a01:4f8:c012:49de::1
@@ -45,7 +46,6 @@
           rspamd._domainkey IN TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB"
           _dmarc            IN TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de"
 
-          auth       IN CNAME nuc.rfive.de.
           cache      IN CNAME nuc.rfive.de.
           chat       IN CNAME nuc.rfive.de.
           img.trucks IN CNAME falkenstein.rfive.de.
@@ -54,7 +54,6 @@
           rspamd     IN CNAME falkenstein.rfive.de.
           seafile    IN CNAME nuc.rfive.de.
           trucks     IN CNAME falkenstein.rfive.de.
-          uptime     IN CNAME nuc.rfive.de.
           vault      IN CNAME nuc.rfive.de.
 
           _discord IN TXT "dh=0bcca75b0a56c304f0c23fbdb3f12009411e8c0c"

hosts/nuc/default.nix

@@ -7,7 +7,6 @@
       ./modules/networks
       ./modules/backup
       ./modules/cache
-      ./modules/keycloak
       ./modules/matrix
       ./modules/mautrix-telegram
       ./modules/seafile

hosts/nuc/modules/keycloak/default.nix

@@ -1,43 +0,0 @@
-{ config, ... }:
-let
-  domain = "auth.${config.networking.domain}";
-in
-{
-  age.secrets.keycloak = {
-    file = ../../../../secrets/nuc/keycloak/db.age;
-  };
-  services.keycloak = {
-    enable = true;
-    settings = {
-      http-port = 8084;
-      https-port = 19000;
-      hostname = domain;
-      # proxy-headers = "forwarded";
-      proxy = "edge";
-    };
-    database = {
-      # host = "/var/run/postgresql/.s.PGSQL.5432";
-      # useSSL = false;
-      # createLocally = false;
-      passwordFile = config.age.secrets.keycloak.path;
-    };
-    initialAdminPassword = "plschangeme";
-  };
-  # services.postgresql = {
-  #   enable = true;
-  #   ensureUsers = [
-  #     {
-  #       name = "keycloak";
-  #       ensureDBOwnership = true;
-  #     }
-  #   ];
-  #   ensureDatabases = [ "keycloak" ];
-  # };
-  services.nginx.virtualHosts."${domain}" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}";
-    };
-  };
-}

secrets.nix

@@ -20,7 +20,6 @@ in
   "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
-  "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];