add basic keycloak config
This commit is contained in:
parent
bea16d0652
commit
6525c45ca2
15
.sops.yaml
15
.sops.yaml
|
@ -1,18 +1,25 @@
|
|||
keys:
|
||||
- &birne age1jyxk2z69pm8hpz5zlf5lh05vrws2sprum3ucx2xjpq8efctcfdaq0jhs3w
|
||||
- &bennofs B8E1727497FC48AA14158BDF947F769D7B95EC2B
|
||||
- &felix F8634A1CFF7D61608503A70B24363525EA0E8A99
|
||||
- &revol-xut 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- &durian age18g49g3hv0lvck9k767qevnyuzzwc7fnzcvun4e453vruv5zmufjscwep3q
|
||||
|
||||
# private key stored in repo, used for test VM
|
||||
- &test age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
|
||||
creation_rules:
|
||||
- path_regex: secrets/birne\.yaml$
|
||||
- path_regex: secrets/durian\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *bennofs
|
||||
- *revol-xut
|
||||
- *felix
|
||||
age:
|
||||
- *birne
|
||||
- path_regex: secrets/birne\.test\.yaml$
|
||||
- *durian
|
||||
- path_regex: secrets\.test\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *bennofs
|
||||
- *revol-xut
|
||||
- *felix
|
||||
age:
|
||||
- *test
|
||||
|
|
|
@ -9,11 +9,11 @@
|
|||
outputs = { self, nixpkgs, sops-nix, fsr-infoscreen, ... }@inputs:
|
||||
let
|
||||
in {
|
||||
packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
|
||||
packages."x86_64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
|
||||
#packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
|
||||
#packages."x86_64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
|
||||
|
||||
nixosConfigurations = {
|
||||
birne = nixpkgs.lib.nixosSystem {
|
||||
/*birne = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./hosts/birne/configuration.nix
|
||||
|
@ -51,6 +51,7 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
*/
|
||||
durian = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
|
|
34
modules/keycloak.nix
Normal file
34
modules/keycloak.nix
Normal file
|
@ -0,0 +1,34 @@
|
|||
{pkgs, conifg, lib}: {
|
||||
|
||||
sops.secrets.postgres_keycloak.owner = config.systemd.services.keycloak.serviceConfig.User;
|
||||
|
||||
services = {
|
||||
keycloak = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
hostname = "keycloak.durian.tassilo-tanneberger.de";
|
||||
};
|
||||
|
||||
database = {
|
||||
username = "keycloak";
|
||||
type = "postgresql";
|
||||
passwordFile = ;
|
||||
name = "keycloak";
|
||||
host = "localhost";
|
||||
};
|
||||
};
|
||||
postgresql = {
|
||||
enable = true;
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "keycloak";
|
||||
ensurePermissions = {
|
||||
"DATABASE keycloak" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
];
|
||||
ensureDatabases = [ "keycloak" ];
|
||||
};
|
||||
};
|
||||
}
|
72
secrets/durian.yaml
Normal file
72
secrets/durian.yaml
Normal file
|
@ -0,0 +1,72 @@
|
|||
postgres_keycloak: ENC[AES256_GCM,data:Vi0NLjpYDvFGIYYL/VPdgOqAS51KXQynBFlBjK64elU=,iv:JY65V7b8zWSX4aNEK5pD7iyxnqIr8jexcG3pIBNbmvg=,tag:auDyPClH1VbWbFoWWK5E9w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age18g49g3hv0lvck9k767qevnyuzzwc7fnzcvun4e453vruv5zmufjscwep3q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBSFRzSkp2VWFEaVJJNVR0
|
||||
eXVWV2V5cGxxeHYvZWN3QktQUUdmc1J6a2tZCjVMUS9QWC9RejNVN21hNG40TnVm
|
||||
c2xZZEJjODVjSGFVaVVwOVpQb1VtdnMKLS0tIHpuelNDRW5DRGdhNTFISDFYQ0Fs
|
||||
bzNnbFZnZnZiY0xsbVlvUStBblBMWGcK7HSz9iFQiH0BJ3etF09opJreBoBtiBZ0
|
||||
L74EBGuEV4+dNWqY3QwAASmDYJJ8ocQMuAgctjsgstKBKUeOrkhDRg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-08-16T13:03:32Z"
|
||||
mac: ENC[AES256_GCM,data:2exwH5VVfOOZ4SCwOcwFhg8Pwtmm936Cfn6A91YfyWu7tTkFq3vzFj0P3mG7RI0CyCTg1ptHt9j2zGKzy+mSO8Cb5ohPAJE/cuVkI998+D84uPkjLHHOq1wJRZxza9RHFiENPK0AOx3jSlAeFZqmIQPExX3gVRyJManU32OVu4o=,iv:xUXek6g9ayI5E7Exxq9EapesSfkD+AM3LWSVHPv2rLM=,tag:MpfvDuNse4UvOmcXASga0A==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-08-16T13:01:34Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DntlvaG5T7wcSAQdAEzag/uoOQ96pEYOCJWCACCc0cBwukhtoBnuVh9QruRMw
|
||||
WqRCcL5rAyspKhNZLR/DZHVI+hvtuLfQ5e1gIo8nVGja5SNAYzipbOtk1PQ8izmb
|
||||
0l4BD8y26ciJfKLKp/aj50pSpIOuzJc1gdp6AeYie3exOQE3uSa3TQdH7LombzCe
|
||||
fbCDg7/3lF44uGOOS6zOt8Mve5in1K4hASZvPlJbL4gdyX5rXwtBBe8sI18lKI5c
|
||||
=E6ms
|
||||
-----END PGP MESSAGE-----
|
||||
fp: B8E1727497FC48AA14158BDF947F769D7B95EC2B
|
||||
- created_at: "2022-08-16T13:01:34Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJARAA12cCgMfAvv9p/g7AGdHIDRNZ3SGrIc56D+JMMC7gwobX
|
||||
bpCPwW0RMUGkU32bX9S3k/Yz6ZO10xa5mnG3zz0y2QpF9lNAK5mzgH02eQ/BHYSX
|
||||
e9L5mXgyT73L3dfOBHZ+GEn6RvHdEgPc0hISwXt93MP36nR5ycCZHS10uZ4U7nc4
|
||||
RkLJ//OIiwHo6jJguUFHeUyTXwIt+soLDLFz6LHdoNHZFoHw/MJatSD55dBMxn9W
|
||||
rrW9gwaF+cz3/NdfIE1EC8zZ7tq8FaHfPQCnMSobjiy+s0UnYWE9Z0GZhFPk0DH5
|
||||
uj1DZEi2WMxgPzeOXBZVN48WtcLXEs97VHIu367Y0fr3ORmX7J8ve3Uq9A2rupW6
|
||||
1vImLdmrnpFr2WDOBoXJ6LjFGgl/NWaz9eim10cQ9fCrFcSppFSIFvt/PHNH5QFo
|
||||
JAIhba/NbQAl7GbQ93nph3UO6mpy4X+mDXvTQWgmz7pkhgzauX0Sx49OQ+LCYU8q
|
||||
j2EKMnej4IMzrhkRUKtmgJROTIDXxAzwrFVW3Ai/dggDHCxXEXWCswHu+/z+HQWq
|
||||
uwR/Ec9ex7TNoYckW1W2+S1taDq0FEZFjzKNe7qnQfP/tTtdGIv+PKjm0XFzHnsz
|
||||
zG4O4D5uXtvjTVSXY+xLhtrzb0BKbDNWDAM8OYWnb+iecohH+cNI1srK5iOdlC/S
|
||||
XgHY34k4nvxISZ0FSSI6YJiuRPBJgtF8dR3AFSlW2isZU9JpXy2MNCDJG0JLgd3o
|
||||
JHGAUUDGxYFQb1sDRnTzftH4mhR82QofFt6fBHhqU/syzl+Ivkb5qcS1RYCCBiw=
|
||||
=3CbS
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2022-08-16T13:01:34Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA8uqUsBLHj6XARAAiaL3S9KgG5un21PoAC12o5lCFAe6vYfZNJw3JHadUblJ
|
||||
gWkSreWQ4L3XXux7MrsCADhzwxzC76v8oaDz8EpFvubENSYUw2TFoL+Xo7OFKpg2
|
||||
oem4mjEu4m/DNzPlWa1PYNpW/bIfgMwXjQ+TQ/PvYS5spFvfiQevsxKZYocDQpyP
|
||||
a5u+vJDyhlr5QDXdnfBJyUsgwPRl3bj/zegYQEzEb19o/tux2JUKEgFFzh9ZQdkU
|
||||
fL4A4qp5CYtG8Rly9Sv1pX5JpNDDoi1wM7VMcsDtQqNA1aWGrqcXhMQeZLNYXugA
|
||||
pAcvuIMq3Z+ER4xYSoosw7YTaXhC7HZU3/g3y5WVYPiQR7xhQt3M+u7ZU1Uhqz5P
|
||||
u7XSKzygicJchFiH5WXQfIE3uQU5M6h651dOckFuagIzLwU7Mrqsi9M+hVSc6zIa
|
||||
9g/23M8TCMgGWx7lNsaZqsRLDOYTr2wXaXczajxe3zLFJSDMU+NmXAJ8iYmrXAlJ
|
||||
ZNqyqpBS/1Az8BgabFuORvwvPdJMovCTXOoUvZdupyPbqArI1/yUSg21lL+R7L+p
|
||||
gwmh5qU0W1VhMNTD8sL5VrwlIpOedPBva28XpdGSyeL7IQsmWbmMrIrYnzl6i6UN
|
||||
lYG76j3mVcwWXWsD8cCiVHXGV6cINrwTBAXqfl1xpJM3WDu2iFUzJK6yFy5sYRDS
|
||||
XgHmYBVuuyQsBkUBIDyiTx2g/t9lXNBHL+uGQZneVr9cilBPUZtqv1w+KXlZTdz2
|
||||
7KXfK7KXF5rYyibw7qB0ODQYkYpGQkFEY2cMqlO9RbRkeQMrwgXV4kO2SlW2dPE=
|
||||
=nLwG
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F8634A1CFF7D61608503A70B24363525EA0E8A99
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
Loading…
Reference in a new issue