wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

add basic keycloak config

Browse source
This commit is contained in:
revol-xut 2022-08-16 15:18:28 +02:00
parent bea16d0652
commit 6525c45ca2
No known key found for this signature in database
GPG key ID: 4F56FF7759627D07
4 changed files with 121 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.sops.yaml
View file

@ -1,18 +1,25 @@
keys:
- &birne age1jyxk2z69pm8hpz5zlf5lh05vrws2sprum3ucx2xjpq8efctcfdaq0jhs3w
- &bennofs B8E1727497FC48AA14158BDF947F769D7B95EC2B
- &felix F8634A1CFF7D61608503A70B24363525EA0E8A99
- &revol-xut 91EBE87016391323642A6803B966009D57E69CC6
- &durian age18g49g3hv0lvck9k767qevnyuzzwc7fnzcvun4e453vruv5zmufjscwep3q
# private key stored in repo, used for test VM
- &test age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
creation_rules:
- path_regex: secrets/birne\.yaml$
- path_regex: secrets/durian\.yaml$
key_groups:
- pgp:
- *bennofs
- *revol-xut
- *felix
age:
- *birne
- path_regex: secrets/birne\.test\.yaml$
- *durian
- path_regex: secrets\.test\.yaml$
key_groups:
- pgp:
- *bennofs
- *revol-xut
- *felix
age:
- *test

7
flake.nix
View file

@ -9,11 +9,11 @@
outputs = { self, nixpkgs, sops-nix, fsr-infoscreen, ... }@inputs:
let
in {
packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
packages."x86_64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
#packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
#packages."x86_64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
nixosConfigurations = {
birne = nixpkgs.lib.nixosSystem {
/*birne = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/birne/configuration.nix
@ -51,6 +51,7 @@
}
];
};
*/
durian = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [

34
modules/keycloak.nix Normal file
View file

@ -0,0 +1,34 @@
{pkgs, conifg, lib}: {
sops.secrets.postgres_keycloak.owner = config.systemd.services.keycloak.serviceConfig.User;
services = {
keycloak = {
enable = true;
settings = {
hostname = "keycloak.durian.tassilo-tanneberger.de";
};
database = {
username = "keycloak";
type = "postgresql";
passwordFile = ;
name = "keycloak";
host = "localhost";
};
};
postgresql = {
enable = true;
ensureUsers = [
{
name = "keycloak";
ensurePermissions = {
"DATABASE keycloak" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [ "keycloak" ];
};
};
}

72
secrets/durian.yaml Normal file
View file

@ -0,0 +1,72 @@
postgres_keycloak: ENC[AES256_GCM,data:Vi0NLjpYDvFGIYYL/VPdgOqAS51KXQynBFlBjK64elU=,iv:JY65V7b8zWSX4aNEK5pD7iyxnqIr8jexcG3pIBNbmvg=,tag:auDyPClH1VbWbFoWWK5E9w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18g49g3hv0lvck9k767qevnyuzzwc7fnzcvun4e453vruv5zmufjscwep3q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBSFRzSkp2VWFEaVJJNVR0
eXVWV2V5cGxxeHYvZWN3QktQUUdmc1J6a2tZCjVMUS9QWC9RejNVN21hNG40TnVm
c2xZZEJjODVjSGFVaVVwOVpQb1VtdnMKLS0tIHpuelNDRW5DRGdhNTFISDFYQ0Fs
bzNnbFZnZnZiY0xsbVlvUStBblBMWGcK7HSz9iFQiH0BJ3etF09opJreBoBtiBZ0
L74EBGuEV4+dNWqY3QwAASmDYJJ8ocQMuAgctjsgstKBKUeOrkhDRg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-08-16T13:03:32Z"
mac: ENC[AES256_GCM,data:2exwH5VVfOOZ4SCwOcwFhg8Pwtmm936Cfn6A91YfyWu7tTkFq3vzFj0P3mG7RI0CyCTg1ptHt9j2zGKzy+mSO8Cb5ohPAJE/cuVkI998+D84uPkjLHHOq1wJRZxza9RHFiENPK0AOx3jSlAeFZqmIQPExX3gVRyJManU32OVu4o=,iv:xUXek6g9ayI5E7Exxq9EapesSfkD+AM3LWSVHPv2rLM=,tag:MpfvDuNse4UvOmcXASga0A==,type:str]
pgp:
- created_at: "2022-08-16T13:01:34Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4DntlvaG5T7wcSAQdAEzag/uoOQ96pEYOCJWCACCc0cBwukhtoBnuVh9QruRMw
WqRCcL5rAyspKhNZLR/DZHVI+hvtuLfQ5e1gIo8nVGja5SNAYzipbOtk1PQ8izmb
0l4BD8y26ciJfKLKp/aj50pSpIOuzJc1gdp6AeYie3exOQE3uSa3TQdH7LombzCe
fbCDg7/3lF44uGOOS6zOt8Mve5in1K4hASZvPlJbL4gdyX5rXwtBBe8sI18lKI5c
=E6ms
-----END PGP MESSAGE-----
fp: B8E1727497FC48AA14158BDF947F769D7B95EC2B
- created_at: "2022-08-16T13:01:34Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJARAA12cCgMfAvv9p/g7AGdHIDRNZ3SGrIc56D+JMMC7gwobX
bpCPwW0RMUGkU32bX9S3k/Yz6ZO10xa5mnG3zz0y2QpF9lNAK5mzgH02eQ/BHYSX
e9L5mXgyT73L3dfOBHZ+GEn6RvHdEgPc0hISwXt93MP36nR5ycCZHS10uZ4U7nc4
RkLJ//OIiwHo6jJguUFHeUyTXwIt+soLDLFz6LHdoNHZFoHw/MJatSD55dBMxn9W
rrW9gwaF+cz3/NdfIE1EC8zZ7tq8FaHfPQCnMSobjiy+s0UnYWE9Z0GZhFPk0DH5
uj1DZEi2WMxgPzeOXBZVN48WtcLXEs97VHIu367Y0fr3ORmX7J8ve3Uq9A2rupW6
1vImLdmrnpFr2WDOBoXJ6LjFGgl/NWaz9eim10cQ9fCrFcSppFSIFvt/PHNH5QFo
JAIhba/NbQAl7GbQ93nph3UO6mpy4X+mDXvTQWgmz7pkhgzauX0Sx49OQ+LCYU8q
j2EKMnej4IMzrhkRUKtmgJROTIDXxAzwrFVW3Ai/dggDHCxXEXWCswHu+/z+HQWq
uwR/Ec9ex7TNoYckW1W2+S1taDq0FEZFjzKNe7qnQfP/tTtdGIv+PKjm0XFzHnsz
zG4O4D5uXtvjTVSXY+xLhtrzb0BKbDNWDAM8OYWnb+iecohH+cNI1srK5iOdlC/S
XgHY34k4nvxISZ0FSSI6YJiuRPBJgtF8dR3AFSlW2isZU9JpXy2MNCDJG0JLgd3o
JHGAUUDGxYFQb1sDRnTzftH4mhR82QofFt6fBHhqU/syzl+Ivkb5qcS1RYCCBiw=
=3CbS
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2022-08-16T13:01:34Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA8uqUsBLHj6XARAAiaL3S9KgG5un21PoAC12o5lCFAe6vYfZNJw3JHadUblJ
gWkSreWQ4L3XXux7MrsCADhzwxzC76v8oaDz8EpFvubENSYUw2TFoL+Xo7OFKpg2
oem4mjEu4m/DNzPlWa1PYNpW/bIfgMwXjQ+TQ/PvYS5spFvfiQevsxKZYocDQpyP
a5u+vJDyhlr5QDXdnfBJyUsgwPRl3bj/zegYQEzEb19o/tux2JUKEgFFzh9ZQdkU
fL4A4qp5CYtG8Rly9Sv1pX5JpNDDoi1wM7VMcsDtQqNA1aWGrqcXhMQeZLNYXugA
pAcvuIMq3Z+ER4xYSoosw7YTaXhC7HZU3/g3y5WVYPiQR7xhQt3M+u7ZU1Uhqz5P
u7XSKzygicJchFiH5WXQfIE3uQU5M6h651dOckFuagIzLwU7Mrqsi9M+hVSc6zIa
9g/23M8TCMgGWx7lNsaZqsRLDOYTr2wXaXczajxe3zLFJSDMU+NmXAJ8iYmrXAlJ
ZNqyqpBS/1Az8BgabFuORvwvPdJMovCTXOoUvZdupyPbqArI1/yUSg21lL+R7L+p
gwmh5qU0W1VhMNTD8sL5VrwlIpOedPBva28XpdGSyeL7IQsmWbmMrIrYnzl6i6UN
lYG76j3mVcwWXWsD8cCiVHXGV6cINrwTBAXqfl1xpJM3WDu2iFUzJK6yFy5sYRDS
XgHmYBVuuyQsBkUBIDyiTx2g/t9lXNBHL+uGQZneVr9cilBPUZtqv1w+KXlZTdz2
7KXfK7KXF5rYyibw7qB0ODQYkYpGQkFEY2cMqlO9RbRkeQMrwgXV4kO2SlW2dPE=
=nLwG
-----END PGP MESSAGE-----
fp: F8634A1CFF7D61608503A70B24363525EA0E8A99
unencrypted_suffix: _unencrypted
version: 3.7.3