add basic keycloak config
This commit is contained in:
revol-xut
parent
bea16d0652
commit
6525c45ca2
15
.sops.yaml
15
.sops.yaml
|
|
@ -1,18 +1,25 @@
|
||||||
keys:
|
keys:
|
||||||
- &birne age1jyxk2z69pm8hpz5zlf5lh05vrws2sprum3ucx2xjpq8efctcfdaq0jhs3w
|
- &bennofs B8E1727497FC48AA14158BDF947F769D7B95EC2B
|
||||||
|
- &felix F8634A1CFF7D61608503A70B24363525EA0E8A99
|
||||||
- &revol-xut 91EBE87016391323642A6803B966009D57E69CC6
|
- &revol-xut 91EBE87016391323642A6803B966009D57E69CC6
|
||||||
|
- &durian age18g49g3hv0lvck9k767qevnyuzzwc7fnzcvun4e453vruv5zmufjscwep3q
|
||||||
|
|
||||||
# private key stored in repo, used for test VM
|
# private key stored in repo, used for test VM
|
||||||
- &test age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
|
- &test age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/birne\.yaml$
|
- path_regex: secrets/durian\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
|
- *bennofs
|
||||||
- *revol-xut
|
- *revol-xut
|
||||||
|
- *felix
|
||||||
age:
|
age:
|
||||||
- *birne
|
- *durian
|
||||||
- path_regex: secrets/birne\.test\.yaml$
|
- path_regex: secrets\.test\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
|
- *bennofs
|
||||||
- *revol-xut
|
- *revol-xut
|
||||||
|
- *felix
|
||||||
age:
|
age:
|
||||||
- *test
|
- *test
|
||||||
|
|
|
||||||
|
|
@ -9,11 +9,11 @@
|
||||||
outputs = { self, nixpkgs, sops-nix, fsr-infoscreen, ... }@inputs:
|
outputs = { self, nixpkgs, sops-nix, fsr-infoscreen, ... }@inputs:
|
||||||
let
|
let
|
||||||
in {
|
in {
|
||||||
packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
|
#packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
|
||||||
packages."x86_64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
|
#packages."x86_64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
|
||||||
|
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
birne = nixpkgs.lib.nixosSystem {
|
/*birne = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/birne/configuration.nix
|
./hosts/birne/configuration.nix
|
||||||
|
|
@ -51,6 +51,7 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
*/
|
||||||
durian = nixpkgs.lib.nixosSystem {
|
durian = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
|
|
|
||||||
34
modules/keycloak.nix
Normal file
34
modules/keycloak.nix
Normal file
|
|
@ -0,0 +1,34 @@
|
||||||
|
{pkgs, conifg, lib}: {
|
||||||
|
|
||||||
|
sops.secrets.postgres_keycloak.owner = config.systemd.services.keycloak.serviceConfig.User;
|
||||||
|
|
||||||
|
services = {
|
||||||
|
keycloak = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
hostname = "keycloak.durian.tassilo-tanneberger.de";
|
||||||
|
};
|
||||||
|
|
||||||
|
database = {
|
||||||
|
username = "keycloak";
|
||||||
|
type = "postgresql";
|
||||||
|
passwordFile = ;
|
||||||
|
name = "keycloak";
|
||||||
|
host = "localhost";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
postgresql = {
|
||||||
|
enable = true;
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "keycloak";
|
||||||
|
ensurePermissions = {
|
||||||
|
"DATABASE keycloak" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
ensureDatabases = [ "keycloak" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
72
secrets/durian.yaml
Normal file
72
secrets/durian.yaml
Normal file
|
|
@ -0,0 +1,72 @@
|
||||||
|
postgres_keycloak: ENC[AES256_GCM,data:Vi0NLjpYDvFGIYYL/VPdgOqAS51KXQynBFlBjK64elU=,iv:JY65V7b8zWSX4aNEK5pD7iyxnqIr8jexcG3pIBNbmvg=,tag:auDyPClH1VbWbFoWWK5E9w==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age18g49g3hv0lvck9k767qevnyuzzwc7fnzcvun4e453vruv5zmufjscwep3q
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBSFRzSkp2VWFEaVJJNVR0
|
||||||
|
eXVWV2V5cGxxeHYvZWN3QktQUUdmc1J6a2tZCjVMUS9QWC9RejNVN21hNG40TnVm
|
||||||
|
c2xZZEJjODVjSGFVaVVwOVpQb1VtdnMKLS0tIHpuelNDRW5DRGdhNTFISDFYQ0Fs
|
||||||
|
bzNnbFZnZnZiY0xsbVlvUStBblBMWGcK7HSz9iFQiH0BJ3etF09opJreBoBtiBZ0
|
||||||
|
L74EBGuEV4+dNWqY3QwAASmDYJJ8ocQMuAgctjsgstKBKUeOrkhDRg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-08-16T13:03:32Z"
|
||||||
|
mac: ENC[AES256_GCM,data:2exwH5VVfOOZ4SCwOcwFhg8Pwtmm936Cfn6A91YfyWu7tTkFq3vzFj0P3mG7RI0CyCTg1ptHt9j2zGKzy+mSO8Cb5ohPAJE/cuVkI998+D84uPkjLHHOq1wJRZxza9RHFiENPK0AOx3jSlAeFZqmIQPExX3gVRyJManU32OVu4o=,iv:xUXek6g9ayI5E7Exxq9EapesSfkD+AM3LWSVHPv2rLM=,tag:MpfvDuNse4UvOmcXASga0A==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2022-08-16T13:01:34Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DntlvaG5T7wcSAQdAEzag/uoOQ96pEYOCJWCACCc0cBwukhtoBnuVh9QruRMw
|
||||||
|
WqRCcL5rAyspKhNZLR/DZHVI+hvtuLfQ5e1gIo8nVGja5SNAYzipbOtk1PQ8izmb
|
||||||
|
0l4BD8y26ciJfKLKp/aj50pSpIOuzJc1gdp6AeYie3exOQE3uSa3TQdH7LombzCe
|
||||||
|
fbCDg7/3lF44uGOOS6zOt8Mve5in1K4hASZvPlJbL4gdyX5rXwtBBe8sI18lKI5c
|
||||||
|
=E6ms
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B8E1727497FC48AA14158BDF947F769D7B95EC2B
|
||||||
|
- created_at: "2022-08-16T13:01:34Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA/YLzOYaRIJJARAA12cCgMfAvv9p/g7AGdHIDRNZ3SGrIc56D+JMMC7gwobX
|
||||||
|
bpCPwW0RMUGkU32bX9S3k/Yz6ZO10xa5mnG3zz0y2QpF9lNAK5mzgH02eQ/BHYSX
|
||||||
|
e9L5mXgyT73L3dfOBHZ+GEn6RvHdEgPc0hISwXt93MP36nR5ycCZHS10uZ4U7nc4
|
||||||
|
RkLJ//OIiwHo6jJguUFHeUyTXwIt+soLDLFz6LHdoNHZFoHw/MJatSD55dBMxn9W
|
||||||
|
rrW9gwaF+cz3/NdfIE1EC8zZ7tq8FaHfPQCnMSobjiy+s0UnYWE9Z0GZhFPk0DH5
|
||||||
|
uj1DZEi2WMxgPzeOXBZVN48WtcLXEs97VHIu367Y0fr3ORmX7J8ve3Uq9A2rupW6
|
||||||
|
1vImLdmrnpFr2WDOBoXJ6LjFGgl/NWaz9eim10cQ9fCrFcSppFSIFvt/PHNH5QFo
|
||||||
|
JAIhba/NbQAl7GbQ93nph3UO6mpy4X+mDXvTQWgmz7pkhgzauX0Sx49OQ+LCYU8q
|
||||||
|
j2EKMnej4IMzrhkRUKtmgJROTIDXxAzwrFVW3Ai/dggDHCxXEXWCswHu+/z+HQWq
|
||||||
|
uwR/Ec9ex7TNoYckW1W2+S1taDq0FEZFjzKNe7qnQfP/tTtdGIv+PKjm0XFzHnsz
|
||||||
|
zG4O4D5uXtvjTVSXY+xLhtrzb0BKbDNWDAM8OYWnb+iecohH+cNI1srK5iOdlC/S
|
||||||
|
XgHY34k4nvxISZ0FSSI6YJiuRPBJgtF8dR3AFSlW2isZU9JpXy2MNCDJG0JLgd3o
|
||||||
|
JHGAUUDGxYFQb1sDRnTzftH4mhR82QofFt6fBHhqU/syzl+Ivkb5qcS1RYCCBiw=
|
||||||
|
=3CbS
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||||
|
- created_at: "2022-08-16T13:01:34Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA8uqUsBLHj6XARAAiaL3S9KgG5un21PoAC12o5lCFAe6vYfZNJw3JHadUblJ
|
||||||
|
gWkSreWQ4L3XXux7MrsCADhzwxzC76v8oaDz8EpFvubENSYUw2TFoL+Xo7OFKpg2
|
||||||
|
oem4mjEu4m/DNzPlWa1PYNpW/bIfgMwXjQ+TQ/PvYS5spFvfiQevsxKZYocDQpyP
|
||||||
|
a5u+vJDyhlr5QDXdnfBJyUsgwPRl3bj/zegYQEzEb19o/tux2JUKEgFFzh9ZQdkU
|
||||||
|
fL4A4qp5CYtG8Rly9Sv1pX5JpNDDoi1wM7VMcsDtQqNA1aWGrqcXhMQeZLNYXugA
|
||||||
|
pAcvuIMq3Z+ER4xYSoosw7YTaXhC7HZU3/g3y5WVYPiQR7xhQt3M+u7ZU1Uhqz5P
|
||||||
|
u7XSKzygicJchFiH5WXQfIE3uQU5M6h651dOckFuagIzLwU7Mrqsi9M+hVSc6zIa
|
||||||
|
9g/23M8TCMgGWx7lNsaZqsRLDOYTr2wXaXczajxe3zLFJSDMU+NmXAJ8iYmrXAlJ
|
||||||
|
ZNqyqpBS/1Az8BgabFuORvwvPdJMovCTXOoUvZdupyPbqArI1/yUSg21lL+R7L+p
|
||||||
|
gwmh5qU0W1VhMNTD8sL5VrwlIpOedPBva28XpdGSyeL7IQsmWbmMrIrYnzl6i6UN
|
||||||
|
lYG76j3mVcwWXWsD8cCiVHXGV6cINrwTBAXqfl1xpJM3WDu2iFUzJK6yFy5sYRDS
|
||||||
|
XgHmYBVuuyQsBkUBIDyiTx2g/t9lXNBHL+uGQZneVr9cilBPUZtqv1w+KXlZTdz2
|
||||||
|
7KXfK7KXF5rYyibw7qB0ODQYkYpGQkFEY2cMqlO9RbRkeQMrwgXV4kO2SlW2dPE=
|
||||||
|
=nLwG
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F8634A1CFF7D61608503A70B24363525EA0E8A99
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
||||||
Loading…
Reference in a new issue