keycloak: re-init

networking: beautify
printing: enable
2025-04-10 16:56:17 +02:00 · 2024-04-26 10:39:49 +02:00 · 2024-04-26 10:37:13 +02:00 · 2024-04-26 10:36:59 +02:00 · 2024-04-26 10:36:49 +02:00 · 2024-04-26 10:36:09 +02:00
10 changed files with 87 additions and 22 deletions
--- a/flake.lock
+++ b/flake.lock
@ -216,11 +216,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1713789879,
-        "narHash": "sha256-4Wt3Bg6uOnvwZcECBZaFEdzlWRlGLgd8DqLL4ugLdxg=",
+        "lastModified": 1714042918,
+        "narHash": "sha256-4AItZA3EQIiSNAxliuYEJumw/LaVfrMv84gYyrs0r3U=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "46833c3115e8858370880d892748f0927d8193c3",
+        "rev": "0c5704eceefcb7bb238a958f532a86e3b59d76db",
        "type": "github"
      },
      "original": {
@ -317,11 +317,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1713668931,
-        "narHash": "sha256-rVlwWQlgFGGK3aPVcKmtYqWgjYnPah5FOIsYAqrMN2w=",
+        "lastModified": 1713869268,
+        "narHash": "sha256-o3CMQeu/S8/4zU0pMtYg51rd1FWdJsI2Xohzng1Ysdg=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "07ece11b22217b8459df589f858e92212b74f1a1",
+        "rev": "dcb6ac44922858ce3a5b46f77a36d6030181460c",
        "type": "github"
      },
      "original": {
@ -332,11 +332,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1713714899,
-        "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
+        "lastModified": 1713895582,
+        "narHash": "sha256-cfh1hi+6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
+        "rev": "572af610f6151fd41c212f897c71f7056e3fb518",
        "type": "github"
      },
      "original": {
--- a/hosts/falkenstein/modules/networks/default.nix
+++ b/hosts/falkenstein/modules/networks/default.nix
@ -87,8 +87,15 @@
    };
    networks."30-dorm" = {
      matchConfig.Name = "wg0";
+      addresses = [
+        {
+          addressConfig = {
+            Address = "192.168.43.4/24";
+            AddPrefixRoute = false;
+          };
+        }
+      ];
      networkConfig = {
-        Address = "192.168.43.4/32";
        DNS = "192.168.43.1";
        Domains = [
          "~vpn.rfive.de"
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@ -7,6 +7,7 @@
      ./modules/networks
      ./modules/adguard
      ./modules/backup
+      ./modules/keycloak
      ./modules/cache
      ./modules/matrix
      ./modules/mautrix-telegram
--- a/hosts/nuc/modules/keycloak/default.nix
+++ b/hosts/nuc/modules/keycloak/default.nix
@ -0,0 +1,43 @@
+{ config, ... }:
+let
+  domain = "auth.${config.networking.domain}";
+in
+{
+  age.secrets.keycloak = {
+    file = ../../../../secrets/nuc/keycloak/db.age;
+  };
+  services.keycloak = {
+    enable = true;
+    settings = {
+      http-port = 8084;
+      https-port = 19000;
+      hostname = domain;
+      # proxy-headers = "forwarded";
+      proxy = "edge";
+    };
+    database = {
+      # host = "/var/run/postgresql/.s.PGSQL.5432";
+      # useSSL = false;
+      # createLocally = false;
+      passwordFile = config.age.secrets.keycloak.path;
+    };
+    initialAdminPassword = "plschangeme";
+  };
+  # services.postgresql = {
+  #   enable = true;
+  #   ensureUsers = [
+  #     {
+  #       name = "keycloak";
+  #       ensureDBOwnership = true;
+  #     }
+  #   ];
+  #   ensureDatabases = [ "keycloak" ];
+  # };
+  services.nginx.virtualHosts."${domain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}";
+    };
+  };
+}
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@ -163,8 +163,15 @@
    networks."30-wg0" = {
      matchConfig.Name = "wg0";
      linkConfig.RequiredForOnline = false;
+      addresses = [
+        {
+          addressConfig = {
+            Address = "192.168.43.3/24";
+            AddPrefixRoute = false;
+          };
+        }
+      ];
      networkConfig = {
-        Address = "192.168.43.3/32";
        DNS = "192.168.43.1";
        Domains = [
          "~vpn.rfive.de"
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -95,7 +95,7 @@
  systemd.services = {
    openfortivpn-agdsn = {
      description = "AG DSN Fortinet VPN";
-      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert bbbe0df79764c5f1bd4b332e449e43a40e43eec57c983a1e75a1896e6eae4da5";
+      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password)";
      requires = [ "network-online.target" ];
      after = [ "network.target" "network-online.target" ];
      serviceConfig = {
--- a/hosts/thinkpad/modules/printing/default.nix
+++ b/hosts/thinkpad/modules/printing/default.nix
@ -1,13 +1,17 @@
 { pkgs, ... }:
 {
-  environment.systemPackages = with pkgs; [ cups ];
-  #   services.printing = {
-  #   enable = true;
-  #   stateless = true;
-  #   browsedConf = ''
-  #     BrowsePoll cups.agdsn.network
-  #     LocalQueueNamingRemoteCUPS RemoteName
-  #   '';
-  #   drivers = with pkgs; [ cups-kyocera ];
-  # };
+  # environment.systemPackages = with pkgs; [ cups ];
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+  };
+  services.printing = {
+    enable = true;
+    stateless = true;
+    browsedConf = ''
+      BrowsePoll cups.agdsn.network
+      LocalQueueNamingRemoteCUPS RemoteName
+    '';
+    drivers = with pkgs; [ cups-kyocera ];
+  };
 }
--- a/secrets.nix
+++ b/secrets.nix
@ -20,6 +20,7 @@ in
  "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
+  "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];
--- a/secrets/nuc/keycloak/db.age
+++ b/secrets/nuc/keycloak/db.age
--- a/shared/zsh.nix
+++ b/shared/zsh.nix
@ -45,6 +45,8 @@
        export MCFLY_RESULTS=30
        export MCFLY_INTERFACE_VIEW=BOTTOM
        export MCFLY_PROMPT="❯"
+        # fix for networkctl
+        zstyle ':completion:*:complete:networkctl:*' list-grouped true
        source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
        source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
        unsetopt extendedglob
Author	SHA1	Message	Date
Rouven Seifert	afc0ea55be	keycloak: re-init	2024-04-26 10:39:49 +02:00
Rouven Seifert	7bc9e06788	networking: beautify	2024-04-26 10:37:13 +02:00
Rouven Seifert	71c7cf31d2	printing: enable	2024-04-26 10:36:59 +02:00
Rouven Seifert	63d9cabcfb	updates	2024-04-26 10:36:49 +02:00
Rouven Seifert	f3837236e7	zsh: fix networkctl completion	2024-04-26 10:36:09 +02:00