Compare commits
1 commit
5294cd68f8
...
7d34b4d0da
Author | SHA1 | Date | |
---|---|---|---|
Rouven Seifert | 7d34b4d0da |
27
modules/keycloak.nix
Normal file
27
modules/keycloak.nix
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{ config, ... }:
|
||||||
|
let
|
||||||
|
domain = "sso.${config.networking.domain}";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
sops.secrets."keykloak/db" = { };
|
||||||
|
services.keycloak = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
http-port = 8086;
|
||||||
|
https-port = 19000;
|
||||||
|
hostname = domain;
|
||||||
|
proxy = "edge";
|
||||||
|
};
|
||||||
|
# The module requires a password for the DB and works best with its own DB config
|
||||||
|
# Does an automatic Postgresql configuration
|
||||||
|
database = {
|
||||||
|
passwordFile = config.sops.secrets."keycloak/db".path;
|
||||||
|
};
|
||||||
|
initialAdminPassword = "plschangeme";
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,6 +2,8 @@ nextcloud_adminpass: ENC[AES256_GCM,data:v6FYsO/RklPSz5uf6aYQDhdudHb0962I1WxJM3V
|
||||||
hedgedoc_session_secret: ENC[AES256_GCM,data:WFbqr6VX12rpiPuIPlQnwOMdHM1B0yk2PYuuanbqREE=,iv:Iih4/GNs9qN+AM6fdaTJLmmPQIzxIwXHUZttP1Up6qs=,tag:IVZQId4yxbePVQqJB9+3iw==,type:str]
|
hedgedoc_session_secret: ENC[AES256_GCM,data:WFbqr6VX12rpiPuIPlQnwOMdHM1B0yk2PYuuanbqREE=,iv:Iih4/GNs9qN+AM6fdaTJLmmPQIzxIwXHUZttP1Up6qs=,tag:IVZQId4yxbePVQqJB9+3iw==,type:str]
|
||||||
nix-serve:
|
nix-serve:
|
||||||
key: ENC[AES256_GCM,data:GptsUgeXOOrwJctoMZ+mWXcw9DwJ0f0LOlLyMlH/877N4uA5/NtNKIaFHl3z2GWPRBnDLBzDEO1Q6EDuWbakr+Uq4zTJm2MOV6Qf4kM0BlNpXGIdjvh7tD2La7GV4ID+CT8U6p0E,iv:3A/Yy4PHsq9VdhW4SKIYdpd1enQ5cDiKLk5S9VrH0b4=,tag:WZzbct7LZmOhEvx9KVQ8WA==,type:str]
|
key: ENC[AES256_GCM,data:GptsUgeXOOrwJctoMZ+mWXcw9DwJ0f0LOlLyMlH/877N4uA5/NtNKIaFHl3z2GWPRBnDLBzDEO1Q6EDuWbakr+Uq4zTJm2MOV6Qf4kM0BlNpXGIdjvh7tD2La7GV4ID+CT8U6p0E,iv:3A/Yy4PHsq9VdhW4SKIYdpd1enQ5cDiKLk5S9VrH0b4=,tag:WZzbct7LZmOhEvx9KVQ8WA==,type:str]
|
||||||
|
keycloak:
|
||||||
|
db: ENC[AES256_GCM,data:DVf/pVCHHUed2cQleECk0paBTZ/6Q3NE,iv:j3sWWNL0dqPJBLUx10+jJ7QvdAHvGM55KKDwG2aQEs0=,tag:6VTeE+Prsm+LPemzbEtVYg==,type:str]
|
||||||
dex:
|
dex:
|
||||||
environment: ENC[AES256_GCM,data:XpwG/q68wEis4lfrO9wKmKhXDAqzUaMSQHc0lA+Q5TDOzCdseQms9Y51qHD/IxVIcpx14W/hJxuD9jXas8/arD3ZUJ/sUYWDBqAVJGclMz9UjlmJip8Auoro4KIHjOfbO5asGJvStQZ2/pEwcjwwXOp27pMIIrJY6FiKy8ak+QWCLgRYYcosbohUOk9B15i0GvBUbeOX3SypHdNGg59yRnDBl5n9Jf4R0pugaL27zVCCTtFQIv2gQekkGOy62sx5DEocHM/IAHpD36/UerfIeAMZXYqFwIVWlcW4E7NsU/+QTFhtGrK3SdgBdZwFTxBDErh7PfzRS+eRB9eePO5G+Ow27PBOH/JLdy+N6zVB4tOjiNcBCIIzifpWozcxiHHqATUzN6cA85Pnb6icaAXA+pUk5Y7KTRvDqtZnRGraXkvfy+3fNgWFsErphLNIrHrVfOKxZHnF1myDltlre6BPoKoTH0T43CUriv8u7Z3sw/HziU991u72ZxqwBzWNEc6cYsSidKgVMWYcGyXX9zOl+nsRnIuEX5sZFB2z/VXqiuJoP8+agaUgKIU4eLtltOk=,iv:/it0Kg0+2BpdiJFI2GBiC2VJgeHC/GbjniDKVqL1xSo=,tag:Y06ICn5wHGV3jUZTRt1k4w==,type:str]
|
environment: ENC[AES256_GCM,data:XpwG/q68wEis4lfrO9wKmKhXDAqzUaMSQHc0lA+Q5TDOzCdseQms9Y51qHD/IxVIcpx14W/hJxuD9jXas8/arD3ZUJ/sUYWDBqAVJGclMz9UjlmJip8Auoro4KIHjOfbO5asGJvStQZ2/pEwcjwwXOp27pMIIrJY6FiKy8ak+QWCLgRYYcosbohUOk9B15i0GvBUbeOX3SypHdNGg59yRnDBl5n9Jf4R0pugaL27zVCCTtFQIv2gQekkGOy62sx5DEocHM/IAHpD36/UerfIeAMZXYqFwIVWlcW4E7NsU/+QTFhtGrK3SdgBdZwFTxBDErh7PfzRS+eRB9eePO5G+Ow27PBOH/JLdy+N6zVB4tOjiNcBCIIzifpWozcxiHHqATUzN6cA85Pnb6icaAXA+pUk5Y7KTRvDqtZnRGraXkvfy+3fNgWFsErphLNIrHrVfOKxZHnF1myDltlre6BPoKoTH0T43CUriv8u7Z3sw/HziU991u72ZxqwBzWNEc6cYsSidKgVMWYcGyXX9zOl+nsRnIuEX5sZFB2z/VXqiuJoP8+agaUgKIU4eLtltOk=,iv:/it0Kg0+2BpdiJFI2GBiC2VJgeHC/GbjniDKVqL1xSo=,tag:Y06ICn5wHGV3jUZTRt1k4w==,type:str]
|
||||||
portunus:
|
portunus:
|
||||||
|
@ -48,8 +50,8 @@ sops:
|
||||||
c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I
|
c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I
|
||||||
vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag==
|
vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-03-21T14:49:39Z"
|
lastmodified: "2024-05-02T11:20:32Z"
|
||||||
mac: ENC[AES256_GCM,data:UOSGdgzqdp8G9e0SfzUxUDWPfv5a6YXhPy2//4njeFQwBmBFs/2d1jtn7CWr7y/1WcbuCjr03SudfO/yquNiELZqfIi41b0Qu6PplQE5khQR4RT7jpJ8b7HGmAnvAxhM5X835cXntU7FXna+1QWwzIKpPGVtKQ7m36CbgSgY2Gw=,iv:sRCLtoxeYaNS0Ga+ncUWxPh0MsqJUfHpamHQpGrm7lY=,tag:vLsJYdmKCNqOr5y5ZYVaDg==,type:str]
|
mac: ENC[AES256_GCM,data:0GUoloHyDEnX/u7SWSSwT/WA0rOJIidtYMFmVkTO3xkWHZqwILDhvW93hGoxDqTQle/MIXcN20nD3530DfhODLOWEfOuiYEJstR9Zx3LIa9MdJgjFj777zEhqfQ10oQ6VbQEmYNBX+7GvXNMbwFYQMU9xTggF0DGTCr+KPjSJ44=,iv:DHdAZQYMGLOGBN5D6hd/WCvNzkS1x9eQMFCBNJZ05zo=,tag:vNQTRueukDtg9g/Vgp0huw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-02-29T15:23:23Z"
|
- created_at: "2024-02-29T15:23:23Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
Loading…
Reference in a new issue