From 8ea250e38715764dc15fdc83ea865672135ce863 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Wed, 8 May 2024 11:47:07 +0200 Subject: [PATCH] mediawiki: enable keycloak --- modules/wiki/fsr.nix | 7 +------ secrets/quitte.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/modules/wiki/fsr.nix b/modules/wiki/fsr.nix index 59c4da8..2ce0100 100644 --- a/modules/wiki/fsr.nix +++ b/modules/wiki/fsr.nix @@ -67,7 +67,7 @@ in $wgPluggableAuth_Config["iFSR Login"] = [ "plugin" => "OpenIDConnect", "data" => [ - "providerURL" => "${config.services.portunus.domain}/dex", + "providerURL" => "https://sso.ifsr.de/realms/internal", "clientID" => "wiki", "clientsecret" => file_get_contents('${config.sops.secrets."mediawiki/oidc_secret".path}'), ], @@ -94,11 +94,6 @@ in }; }; - portunus.dex.oidcClients = [{ - id = "wiki"; - callbackURL = "https://${domain}/Spezial:PluggableAuthLogin"; - }]; - nginx = { recommendedProxySettings = true; virtualHosts.${domain} = { diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml index 6f26813..efe9ca9 100644 --- a/secrets/quitte.yaml +++ b/secrets/quitte.yaml @@ -5,7 +5,7 @@ nix-serve: keycloak: db: ENC[AES256_GCM,data:DVf/pVCHHUed2cQleECk0paBTZ/6Q3NE,iv:j3sWWNL0dqPJBLUx10+jJ7QvdAHvGM55KKDwG2aQEs0=,tag:6VTeE+Prsm+LPemzbEtVYg==,type:str] dex: - environment: ENC[AES256_GCM,data:M3fTrCJt8ncFRkZ77QPrDstoU/pO2r8AeYVu+VMWxnHT6VTtqVSQfgfb8LEryjInt8xbsSjGbsMqA4wbIkf8p2P5hvcKeZYSnmR+N3hz/NZamdzW4VqpBah7Yoe7wO0mi5ECDtp6xVZObzaS0E23N79vhXHWR63w4DalLQGNPJQVmgoib0wvGbVoCEIOBGHVb42nuyrtYInOoLYH58NVt/iU8HlKBUXWXtWa7M540RulahRxq44JxR9qg4TqhqlI0HPXJqMGRvHT80sq0fkA+TLi5O//4evKsYDJSajd4dp3QRPc8IpckE/YgIuj+6q3HMll5brOx2UKXu1nNLOoZbmx0XjXwgnh7+mun71dTM3C7DnM+vBYX671dukoeJ3vWTLRJn7bmlFET2NbxK5utGvGTUElzTqoS038GLjlkLOmalD+uEhQ6aoEVo2adNa5anRgwJkVcBxojuCMSLstTY/29lAQhk3ShG9kok6C52Ks1/YQz1rkfdUx3Tb0,iv:beNf5wvPTv7d7IzGZKTlLJUTaeFM43zzoBi8517pC+A=,tag:2kIM93eW8HFLVztzXSyo1w==,type:str] + environment: ENC[AES256_GCM,data:cF7LKrMRBn1ZGSgN3mWw6ecZdonoRd2Ac+pIOYJ9KAvsapB4qDA1lJwMeFkZ9eJJLn8wj5k+DUfgfzxB7KPBpUzuMIvvN2mD3mlqrfMhi2yJVW1uwDLwV7urFCw6BZl9hsCGBfQ6/yC0KN8tC2k2K++E6rTZ5DOYRMWFJ5P/33BFqs0KuRA3Zduqf/u6mFyE3IgXukK0bGlMfbEwq46XGF1OQHJnCREMnL+UxM+9ah2ndXjCGHw3MP/BKt3DmJn/FqPywOB7/X/75z/K2o7M10GzoR3C0UPxK9eqiNPtZNCbbEmJ06N6oubxsq3w9HCk6/Dn31QYSpcOp6KJ89DE1DMklrJ8/C35HVnmUm0KILGv1FY8hjx+ZS5TVwW+uR8NEPM83rW4d4cebFf+QIoOUl/YHarSrUp9YfD1YnR3a8kb2Gb1cVkCVUAfuIU=,iv:1SuFyGIbag1q5bdqBdVS1KEuc4WhOaOhAvNll2tk3b8=,tag:Xg+rq+U7+6cfTgLrtRtPeg==,type:str] portunus: admin-password: ENC[AES256_GCM,data:fESE6vrKhtslQO6ZJGv0T9t+leOSrgkY291orkwY+HPnOh26g2PSMX3j,iv:qmbCmjg0WsbOzfv6LsKcY3S1ssVXmaRB3lE6ZWzKSww=,tag:t8cP8XRTtto3EnNLEdz0yw==,type:str] search-password: ENC[AES256_GCM,data:xtbWS98IkQbnBu67sN413VNHZLg6eedbStE2uZ2pljS30uoM3coO2d32,iv:lKMTNnQJJfjAG7aX+G0eNnL36Cxmn+cWMRAlTovMJ4Y=,tag:FQGRBqsmY2c9VVIdBvGwCw==,type:str] @@ -17,7 +17,7 @@ grafana: oidc_secret: ENC[AES256_GCM,data:oH+VCL4e4wve6RyVwlTXPSmirbf+STD5FxUj9OjGDLs=,iv:PhVVCy5JyRa+fOrYAsnjDL+97zYASmKcBzB8t9ZVWIU=,tag:JzGO/FeKem4vd7ApvZ2Zcg==,type:str] mediawiki: initial_admin: ENC[AES256_GCM,data:JzW2rgXQHXxj1e3vFhkXVkWSgrA3Y88KWlQ81hqUHw2UvnBH4GWtMXbZ,iv:zqKUyEaIOa/7hpwzjJPwk5gfqbEYJrE7Oc1Zqcqm3vo=,tag:T1gObIGtI4uVdpONvIXofA==,type:str] - oidc_secret: ENC[AES256_GCM,data:xK5XSAwa1NOLx+hQqcgrCdQZ/zXErkRL+UV7HCBqF/0=,iv:Vbdus4jzJPAyG4ymIPVjudeHofyqNpIStecVnbyYA6s=,tag:+8xYpJbWWAbswitDHMGCCA==,type:str] + oidc_secret: ENC[AES256_GCM,data:dVycm0FcwfD0xJof58kIOkx77F6dIbpD1EHoF+CKuSM=,iv:zI6mmI4ZO2MJqzi7w+MUSOsiDkubX1GwOYdIRz3TpNo=,tag:A1Qd8ESakLjJki2epj8+Vg==,type:str] mautrix-telegram_env: ENC[AES256_GCM,data:FyMtJChtir8Ip8S7zlBSvKccjt+7Hl0StHzxmKO7VdwNNA650HHfni9o7akIY52+r86tvP3D/bqHaBZqkq61ZNICnFJuYIkROvt1035uej1cdjlHeCrZBttI2w3ZkkKT/RZq5BOLt52o/fnw5Jlt+3yr6Kzd5mvcz6a2e5V96kFjaib6mMdg/Y6axiXvOSeFOHCjs6Js+ab7MDe90KUM3aLtBezXx9YTeU7RiqEiZl21dxzPIwilj8bhEB0RRIb1,iv:1ojF2NyQfaZbKwlHQND7LEOLWT1SWCpGPQTm2+0Y+xo=,tag:RavBAv49Ldm4rH+2DDGstQ==,type:str] postfix_ldap_aliases: ENC[AES256_GCM,data:beJTXpJYlAz4vyv2rAyuMtU2gkwf4JNnsFAG0oKLWuKQZnX/EyqyGTFK7hOs12qye26H9Ysl5vP12iDyVXU4cyYmBOMSOiIS4opPVs7yjp/FH0u6DXHExzd8qs5vwa+D+c9j05kLVZ85EGneDma4ITNBjo/JMjyXCHB0e8EZTFyfR8+fq+qvuyOUmLBfJSO5BK96u370DJ7EmIPLDiCUSO2MCD86yfFEq5J++ljeuKLxUtisqFWDPNeNq3YGjz0EHUgcqqDwzLwEEXyvn5FEI00nR0qBgSBTSWRDrndo5O2k3JMfZWW9UhXXS4kPwCYEkQSM240cwLNV/Rb9XceH2wxzL8PcfTNiy2vd,iv:lb9u3ryu1+G95OIizX17ft+fGK2CA2xt9DhYhtKda1c=,tag:CsS2Q32AgAyS5eZ7Z/Kf8g==,type:str] vaultwarden_env: ENC[AES256_GCM,data:JFySiTHahlUFsM+FcuSJPnGYMijphrnZpFFdoNe7DYxWjIgPRWdfH9WC/a5GsK2xCJXllXAASHNxgkYRrdPw2KaCiUR/QhAjtUmyv2NsIBcMYStafDUEK9emddR+ACedScsgS0FtP8f3cz1enTBi+DkYgL8lMAoCw5p8vMRyE9mVOLpTUDOO7T4=,iv:992REuXzHAxxhy2BbeCGNhTZkn8eSi8N2RyBXqqy7U0=,tag:iP5AFQqzoR66AkTGfYAUZg==,type:str] @@ -52,8 +52,8 @@ sops: c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-07T22:01:28Z" - mac: ENC[AES256_GCM,data:zL8TYp7ivjwjMpjC8FizCxq/OmdiD1hcKn8dnrrx/Lm07e/cjBf6MweJWBYLKwpigMOPeY7CvmCBW8EXvVao38n0zzNIoj1zFZRhnaxDoa961OkJ2WHduM9DCwvSN03wL8lOhT8dgBjsjR3Jzennfx5Mn2Q5cosfBBDWpaLl9sY=,iv:K5OKJSoXagU5CIzvJ37ikj3haTjMtQG0LBTCXqH4FYc=,tag:1n/MHnQCBlOIjNAXQJGanw==,type:str] + lastmodified: "2024-05-08T09:47:03Z" + mac: ENC[AES256_GCM,data:G5aVpO+IYdJH7i4RJWS/2Etb52iC0mj9EpTIsIys8LBrCd5x8aEh/ugDaO9J3ksZb92qBjr/mX84XGJJPdM3ZRoD6q1ECmz7/wtWQTibodzKPXK4xdnB/IfAWYSvxpwedvlt655qeJ0wYFj5iWC1hAGhm5XHsExE/C/U7VKBMVg=,iv:B07ncx34lrhaIN/1fseuJOBjYDXIeIvUQKgdqhxIkj8=,tag:dFMGZS/uxQ8s9+9KDrhjmQ==,type:str] pgp: - created_at: "2024-02-29T15:23:23Z" enc: |-