diff --git a/flake.nix b/flake.nix index 4ef2b5f..92e57b7 100755 --- a/flake.nix +++ b/flake.nix @@ -83,12 +83,12 @@ ./modules/wiki ./modules/matrix ./modules/minecraft + ./modules/keycloak ./modules/nix-serve.nix ./modules/hedgedoc.nix ./modules/padlist.nix ./modules/nextcloud.nix - ./modules/keycloak.nix ./modules/monitoring.nix ./modules/vaultwarden.nix ./modules/forgejo diff --git a/modules/keycloak/default.nix b/modules/keycloak/default.nix new file mode 100644 index 0000000..f3b88ce --- /dev/null +++ b/modules/keycloak/default.nix @@ -0,0 +1,37 @@ +{ config, pkgs, lib, ... }: +let + domain = "sso.${config.networking.domain}"; +in +{ + sops.secrets."keycloak/db" = { }; + services.keycloak = { + enable = true; + # we use unstable as the release in stable is insecure + # package = nixpkgs-unstable.legacyPackages.x86_64-linux.keycloak; + settings = { + http-port = 8086; + https-port = 19000; + hostname = domain; + proxy = "edge"; + }; + # The module requires a password for the DB and works best with its own DB config + # Does an automatic Postgresql configuration + database = { + passwordFile = config.sops.secrets."keycloak/db".path; + }; + initialAdminPassword = "plschangeme"; + themes = with pkgs ; { + ifsr = keycloak_ifsr_theme; + }; + }; + services.nginx.virtualHosts."${domain}" = { + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}"; + extraConfig = '' + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + ''; + }; + }; +} diff --git a/modules/keycloak/theme.nix b/modules/keycloak/theme.nix new file mode 100644 index 0000000..0500e47 --- /dev/null +++ b/modules/keycloak/theme.nix @@ -0,0 +1,15 @@ +{ stdenv }: +stdenv.mkDerivation rec { + name = "keycloak_ifsr_theme"; + version = "1.1"; + + src = ./theme; + + nativeBuildInputs = [ ]; + buildInputs = [ ]; + + installPhase = '' + mkdir -p $out + cp -a login $out + ''; +} diff --git a/modules/keycloak/theme/login/resources/css/login.css b/modules/keycloak/theme/login/resources/css/login.css new file mode 100644 index 0000000..6314ff8 --- /dev/null +++ b/modules/keycloak/theme/login/resources/css/login.css @@ -0,0 +1,772 @@ +.login-pf { + background: none; +} + +.login-pf body { + background: url(../img/background.jpg) no-repeat center center fixed; + background-size: cover; + height: 100%; +} + +/*IE compatibility*/ +.pf-c-form-control { + font-size: 14px; + font-size: var(--pf-global--FontSize--sm); + border-width: 1px; + border-width: var(--pf-global--BorderWidth--sm);; + border-color: #EDEDED #EDEDED #8A8D90 #EDEDED; + border-color: var(--pf-global--BorderColor--300) var(--pf-global--BorderColor--300) var(--pf-global--BorderColor--200) var(--pf-global--BorderColor--300); + background-color: #FFFFFF; + background-color: var(--pf-global--BackgroundColor--100); + height: 36px; + height: calc(var(--pf-c-form-control--FontSize) * var(--pf-c-form-control--LineHeight) + var(--pf-c-form-control--BorderWidth) * 2 + var(--pf-c-form-control--PaddingTop) + var(--pf-c-form-control--PaddingBottom)); + padding: 5px 0.5rem; + padding: var(--pf-c-form-control--PaddingTop) var(--pf-c-form-control--PaddingRight) var(--pf-c-form-control--PaddingBottom) var(--pf-c-form-control--PaddingLeft); +} + +textarea.pf-c-form-control { + height: auto; +} + +.pf-c-form-control:hover, .pf-c-form-control:focus { + border-bottom-color: #0066CC; + border-bottom-color: var(--pf-global--primary-color--100); + border-bottom-width: 2px; + border-bottom-width: var(--pf-global--BorderWidth--md); +} + +.pf-c-form-control[aria-invalid=true] { + border-bottom-color: #C9190B; + border-bottom-color: var(--pf-global--danger-color--100); + border-bottom-width: 2px; + border-bottom-width: var(--pf-global--BorderWidth--md); +} + +.pf-c-check__label, .pf-c-radio__label { + font-size: 14px; + font-size: var(--pf-global--FontSize--sm); +} + +.pf-c-alert.pf-m-inline { + margin-bottom: 0.5rem; /* default - IE compatibility */ + margin-bottom: var(--pf-global--spacer--sm); + padding: 0.25rem; + padding: var(--pf-global--spacer--xs); + border: solid #ededed; + border: solid var(--pf-global--BorderColor--300); + border-width: 1px; + border-width: var(--pf-c-alert--m-inline--BorderTopWidth) var(--pf-c-alert--m-inline--BorderRightWidth) var(--pf-c-alert--m-inline--BorderBottomWidth) var(--pf-c-alert--m-inline--BorderLeftWidth); + display: -ms-flexbox; + display: grid; + -ms-grid-columns: max-content 1fr max-content; + grid-template-columns:max-content 1fr max-content; + grid-template-columns: var(--pf-c-alert--grid-template-columns); + grid-template-rows: 1fr auto; + grid-template-rows: var(--pf-c-alert--grid-template-rows); +} + +.pf-c-alert.pf-m-inline::before { + position: absolute; + top: -1px; + top: var(--pf-c-alert--m-inline--before--Top); + bottom: -1px; + bottom: var(--pf-c-alert--m-inline--before--Bottom); + left: 0; + width: 3px; + width: var(--pf-c-alert--m-inline--before--Width); + content: ; + background-color: #FFFFFF; + background-color: var(--pf-global--BackgroundColor--100); +} + +.pf-c-alert.pf-m-inline.pf-m-success::before { + background-color: #92D400; + background-color: var(--pf-global--success-color--100); +} + +.pf-c-alert.pf-m-inline.pf-m-danger::before { + background-color: #C9190B; + background-color: var(--pf-global--danger-color--100); +} + +.pf-c-alert.pf-m-inline.pf-m-warning::before { + background-color: #F0AB00; + background-color: var(--pf-global--warning-color--100); +} + +.pf-c-alert.pf-m-inline .pf-c-alert__icon { + padding: 1rem 0.5rem 1rem 1rem; + padding: var(--pf-c-alert--m-inline__icon--PaddingTop) var(--pf-c-alert--m-inline__icon--PaddingRight) var(--pf-c-alert--m-inline__icon--PaddingBottom) var(--pf-c-alert--m-inline__icon--PaddingLeft); + font-size: 16px; + font-size: var(--pf-c-alert--m-inline__icon--FontSize); +} + +.pf-c-alert.pf-m-success .pf-c-alert__icon { + color: #92D400; + color: var(--pf-global--success-color--100); +} + +.pf-c-alert.pf-m-success .pf-c-alert__title { + color: #486B00; + color: var(--pf-global--success-color--200); +} + +.pf-c-alert.pf-m-danger .pf-c-alert__icon { + color: #C9190B; + color: var(--pf-global--danger-color--100); +} + +.pf-c-alert.pf-m-danger .pf-c-alert__title { + color: #A30000; + color: var(--pf-global--danger-color--200); +} + +.pf-c-alert.pf-m-warning .pf-c-alert__icon { + color: #F0AB00; + color: var(--pf-global--warning-color--100); +} + +.pf-c-alert.pf-m-warning .pf-c-alert__title { + color: #795600; + color: var(--pf-global--warning-color--200); +} + +.pf-c-alert__title { + font-size: 14px; /* default - IE compatibility */ + font-size: var(--pf-global--FontSize--sm); + padding: 5px 8px; + padding: var(--pf-c-alert__title--PaddingTop) var(--pf-c-alert__title--PaddingRight) var(--pf-c-alert__title--PaddingBottom) var(--pf-c-alert__title--PaddingLeft); +} + +.pf-c-button{ + padding:0.375rem 1rem; + padding: var(--pf-global--spacer--form-element) var(--pf-global--spacer--md); +} + +/* default - IE compatibility */ +.pf-m-primary { + color: #FFFFFF; + background-color: #0066CC; + background-color: var(--pf-global--primary-color--100); +} + +/* default - IE compatibility */ +.pf-m-primary:hover { + background-color: #004080; + background-color: var(--pf-global--primary-color--200); +} + +/* default - IE compatibility */ +.pf-c-button.pf-m-control { + border: solid 1px; + border: solid var(--pf-global--BorderWidth--sm); + border-color: rgba(230, 230, 230, 0.5); +} +/*End of IE compatibility*/ +h1#kc-page-title { + margin-top: 10px; +} + +#kc-locale ul { + background-color: #FFF; + background-color: var(--pf-global--BackgroundColor--100); + display: none; + top: 20px; + min-width: 100px; + padding: 0; +} + +#kc-locale-dropdown{ + display: inline-block; +} + +#kc-locale-dropdown:hover ul { + display:block; +} + +/* IE compatibility */ +#kc-locale-dropdown a { + color: #6A6E73; + color: var(--pf-global--Color--200); + text-align: right; + font-size: 14px; + font-size: var(--pf-global--FontSize--sm); +} + +/* IE compatibility */ +a#kc-current-locale-link::after { + content: 2c5; + margin-left: 4px; + margin-left: var(--pf-global--spacer--xs) +} + +.login-pf .container { + padding-top: 40px; +} + +.login-pf a:hover { + color: #0099d3; +} + +#kc-logo { + width: 100%; +} + +div.kc-logo-text { + background-image: url(../img/agdsn_logo.png); + background-repeat: no-repeat; + background-size: auto; + position: relative; + top: 0%; + left: 25%; + width: 950px; + height: 250px; + + +} + +div.kc-logo-text span { + display: none; +} + +#kc-header { + color: #ededed; + overflow: visible; + white-space: nowrap; +} + +#kc-header-wrapper { + font-size: 29px; + text-transform: uppercase; + letter-spacing: 3px; + line-height: 1.2em; + padding: 62px 10px 20px; + white-space: normal; +} + +#kc-content { + width: 100%; +} + +#kc-attempted-username { + font-size: 20px; + font-family: inherit; + font-weight: normal; + padding-right: 10px; +} + +#kc-username { + text-align: center; + margin-bottom:-10px; +} + +#kc-webauthn-settings-form { + padding-top: 8px; +} + +#kc-form-webauthn .select-auth-box-parent { + pointer-events: none; +} + +#kc-form-webauthn .select-auth-box-desc { + color: var(--pf-global--palette--black-600); +} + +#kc-form-webauthn .select-auth-box-headline { + color: var(--pf-global--Color--300); +} + +#kc-form-webauthn .select-auth-box-icon { + flex: 0 0 3em; +} + +#kc-form-webauthn .select-auth-box-icon-properties { + margin-top: 10px; + font-size: 1.8em; +} + +#kc-form-webauthn .select-auth-box-icon-properties.unknown-transport-class { + margin-top: 3px; +} + +#kc-form-webauthn .pf-l-stack__item { + margin: -1px 0; +} + +#kc-content-wrapper { + margin-top: 20px; +} + +#kc-form-wrapper { + margin-top: 10px; +} + +#kc-info { + margin: 20px -40px -30px; +} + +#kc-info-wrapper { + font-size: 13px; + padding: 15px 35px; + background-color: #F0F0F0; +} + +#kc-form-options span { + display: block; +} + +#kc-form-options .checkbox { + margin-top: 0; + color: #72767b; +} + +#kc-terms-text { + margin-bottom: 20px; +} + +#kc-registration { + margin-bottom: 0; +} + +/* TOTP */ + +.subtitle { + text-align: right; + margin-top: 30px; + color: #909090; +} + +.required { + color: #A30000; /* default - IE compatibility */ + color: var(--pf-global--danger-color--200); +} + +ol#kc-totp-settings { + margin: 0; + padding-left: 20px; +} + +ul#kc-totp-supported-apps { + margin-bottom: 10px; +} + +#kc-totp-secret-qr-code { + max-width:150px; + max-height:150px; +} + +#kc-totp-secret-key { + background-color: #fff; + color: #333333; + font-size: 16px; + padding: 10px 0; +} + +/* OAuth */ + +#kc-oauth h3 { + margin-top: 0; +} + +#kc-oauth ul { + list-style: none; + padding: 0; + margin: 0; +} + +#kc-oauth ul li { + border-top: 1px solid rgba(255, 255, 255, 0.1); + font-size: 12px; + padding: 10px 0; +} + +#kc-oauth ul li:first-of-type { + border-top: 0; +} + +#kc-oauth .kc-role { + display: inline-block; + width: 50%; +} + +/* Code */ +#kc-code textarea { + width: 100%; + height: 8em; +} + +/* Social */ +.kc-social-links { + margin-top: 20px; +} + +.kc-social-provider-logo { + font-size: 23px; + width: 30px; + height: 25px; + float: left; +} + +.kc-social-gray { + color: #737679; /* default - IE compatibility */ + color: var(--pf-global--Color--200); +} + +.kc-social-item { + margin-bottom: 0.5rem; /* default - IE compatibility */ + margin-bottom: var(--pf-global--spacer--sm); + font-size: 15px; + text-align: center; +} + +.kc-social-provider-name { + position: relative; + top: 3px; +} + +.kc-social-icon-text { + left: -15px; +} + +.kc-social-grid { + display:grid; + grid-column-gap: 10px; + grid-row-gap: 5px; + grid-column-end: span 6; + --pf-l-grid__item--GridColumnEnd: span 6; +} + +.kc-social-grid .kc-social-icon-text { + left: -10px; +} + +.kc-login-tooltip { + position: relative; + display: inline-block; +} + +.kc-social-section { + text-align: center; +} + +.kc-social-section hr{ + margin-bottom: 10px +} + +.kc-login-tooltip .kc-tooltip-text{ + top:-3px; + left:160%; + background-color: black; + visibility: hidden; + color: #fff; + + min-width:130px; + text-align: center; + border-radius: 2px; + box-shadow:0 1px 8px rgba(0,0,0,0.6); + padding: 5px; + + position: absolute; + opacity:0; + transition:opacity 0.5s; +} + +/* Show tooltip */ +.kc-login-tooltip:hover .kc-tooltip-text { + visibility: visible; + opacity:0.7; +} + +/* Arrow for tooltip */ +.kc-login-tooltip .kc-tooltip-text::after { + content: ; + position: absolute; + top: 15px; + right: 100%; + margin-top: -5px; + border-width: 5px; + border-style: solid; + border-color: transparent black transparent transparent; +} + +@media (min-width: 768px) { + #kc-container-wrapper { + position: absolute; + width: 100%; + } + + .login-pf .container { + padding-right: 80px; + } + + #kc-locale { + position: relative; + text-align: right; + z-index: 9999; + } +} + +@media (max-width: 767px) { + + .login-pf body { + background: white; + } + + #kc-header { + padding-left: 15px; + padding-right: 15px; + float: none; + text-align: left; + } + + #kc-header-wrapper { + font-size: 16px; + font-weight: bold; + padding: 20px 60px 0 0; + color: #72767b; + letter-spacing: 0; + } + + div.kc-logo-text { + margin: 0; + width: 150px; + height: 32px; + background-size: 100%; + } + + #kc-form { + float: none; + } + + #kc-info-wrapper { + border-top: 1px solid rgba(255, 255, 255, 0.1); + background-color: transparent; + } + + .login-pf .container { + padding-top: 15px; + padding-bottom: 15px; + } + + #kc-locale { + position: absolute; + width: 200px; + top: 20px; + right: 20px; + text-align: right; + z-index: 9999; + } +} + +@media (min-height: 646px) { + #kc-container-wrapper { + bottom: 12%; + } +} + +@media (max-height: 645px) { + #kc-container-wrapper { + padding-top: 50px; + top: 20%; + } +} + +.card-pf form.form-actions .btn { + float: right; + margin-left: 10px; +} + +#kc-form-buttons { + margin-top: 20px; +} + +.login-pf-page .login-pf-brand { + margin-top: 20px; + max-width: 360px; + width: 40%; +} + +/* Internet Explorer 11 compatibility workaround for select-authenticator screen */ +@media all and (-ms-high-contrast: none), +(-ms-high-contrast: active) { + .select-auth-box-parent { + border-top: 1px solid #f0f0f0; + padding-top: 1rem; + padding-bottom: 1rem; + cursor: pointer; + } + + .select-auth-box-headline { + font-size: 16px; + color: #06c; + font-weight: bold; + } + + .select-auth-box-desc { + font-size: 14px; + } + + .pf-l-stack { + flex-basis: 100%; + } +} +/* End of IE11 workaround for select-authenticator screen */ + +.select-auth-box-arrow{ + display: flex; + align-items: center; + margin-right: 2rem; +} + +.select-auth-box-icon{ + display: flex; + flex: 0 0 2em; + justify-content: center; + margin-right: 1rem; + margin-left: 3rem; +} + +.select-auth-box-parent{ + border-top: 1px solid var(--pf-global--palette--black-200); + padding-top: 1rem; + padding-bottom: 1rem; + cursor: pointer; +} + +.select-auth-box-parent:hover{ + background-color: #f7f8f8; +} + +.select-auth-container { +} + +.select-auth-box-headline { + font-size: var(--pf-global--FontSize--md); + color: var(--pf-global--primary-color--100); + font-weight: bold; +} + +.select-auth-box-desc { + font-size: var(--pf-global--FontSize--sm); +} + +.select-auth-box-paragraph { + text-align: center; + font-size: var(--pf-global--FontSize--md); + margin-bottom: 5px; +} + +.card-pf { + margin: 0 auto; + box-shadow: var(--pf-global--BoxShadow--lg); + padding: 0 20px; + max-width: 500px; + border-top: 4px solid; + border-color: #0066CC; /* default - IE compatibility */ + border-color: var(--pf-global--primary-color--100); +} + +/*phone*/ +@media (max-width: 767px) { + .login-pf-page .card-pf { + max-width: none; + margin-left: 0; + margin-right: 0; + padding-top: 0; + border-top: 0; + box-shadow: 0 0; + } + + .kc-social-grid { + grid-column-end: 12; + --pf-l-grid__item--GridColumnEnd: span 12; + } + + .kc-social-grid .kc-social-icon-text { + left: -15px; + } +} + +.login-pf-page .login-pf-signup { + font-size: 15px; + color: #72767b; +} +#kc-content-wrapper .row { + margin-left: 0; + margin-right: 0; +} + +.login-pf-page.login-pf-page-accounts { + margin-left: auto; + margin-right: auto; +} + +.login-pf-page .btn-primary { + margin-top: 0; +} + +.login-pf-page .list-view-pf .list-group-item { + border-bottom: 1px solid #ededed; +} + +.login-pf-page .list-view-pf-description { + width: 100%; +} + +#kc-form-login div.form-group:last-of-type, +#kc-register-form div.form-group:last-of-type, +#kc-update-profile-form div.form-group:last-of-type { + margin-bottom: 0px; +} + +.no-bottom-margin { + margin-bottom: 0; +} + +#kc-back { + margin-top: 5px; +} + +/* Recovery codes */ +.kc-recovery-codes-warning { + margin-bottom: 32px; +} +.kc-recovery-codes-warning .pf-c-alert__description p { + font-size: 0.875rem; +} +.kc-recovery-codes-list { + list-style: none; + columns: 2; + margin: 16px 0; + padding: 16px 16px 8px 16px; + border: 1px solid #D2D2D2; +} +.kc-recovery-codes-list li { + margin-bottom: 8px; + font-size: 11px; +} +.kc-recovery-codes-list li span { + color: #6A6E73; + width: 16px; + text-align: right; + display: inline-block; + margin-right: 1px; +} + +.kc-recovery-codes-actions { + margin-bottom: 24px; +} +.kc-recovery-codes-actions button { + padding-left: 0; +} +.kc-recovery-codes-actions button i { + margin-right: 8px; +} + +.kc-recovery-codes-confirmation { + align-items: baseline; + margin-bottom: 16px; +} +/* End Recovery codes */ + + diff --git a/modules/keycloak/theme/login/resources/img/background.jpg b/modules/keycloak/theme/login/resources/img/background.jpg new file mode 100644 index 0000000..ab17873 Binary files /dev/null and b/modules/keycloak/theme/login/resources/img/background.jpg differ diff --git a/modules/keycloak/theme/login/theme.properties b/modules/keycloak/theme/login/theme.properties new file mode 100644 index 0000000..c0d3ad2 --- /dev/null +++ b/modules/keycloak/theme/login/theme.properties @@ -0,0 +1,4 @@ +parent=keycloak +import=common/keycloak + +styles=css/login.css diff --git a/overlays/default.nix b/overlays/default.nix index 1e9d2e3..05bbb9d 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -2,6 +2,7 @@ _final: prev: let inherit (prev) fetchurl; inherit (prev) fetchFromGitHub; + inherit (prev) callPackage; in { # AGDSN is running an outdated version that we have to comply to @@ -34,4 +35,6 @@ in }); }) ]; + + keycloak_ifsr_theme = callPackage ../modules/keycloak/theme.nix {}; }