Compare commits

...

1 commit

Author SHA1 Message Date
Rouven Seifert 7d34b4d0da
keycloak: init 2024-05-02 13:21:16 +02:00
2 changed files with 31 additions and 2 deletions

27
modules/keycloak.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, ... }:
let
domain = "sso.${config.networking.domain}";
in
{
sops.secrets."keykloak/db" = { };
services.keycloak = {
enable = true;
settings = {
http-port = 8086;
https-port = 19000;
hostname = domain;
proxy = "edge";
};
# The module requires a password for the DB and works best with its own DB config
# Does an automatic Postgresql configuration
database = {
passwordFile = config.sops.secrets."keycloak/db".path;
};
initialAdminPassword = "plschangeme";
};
services.nginx.virtualHosts."${domain}" = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}";
};
};
}

View file

@ -2,6 +2,8 @@ nextcloud_adminpass: ENC[AES256_GCM,data:v6FYsO/RklPSz5uf6aYQDhdudHb0962I1WxJM3V
hedgedoc_session_secret: ENC[AES256_GCM,data:WFbqr6VX12rpiPuIPlQnwOMdHM1B0yk2PYuuanbqREE=,iv:Iih4/GNs9qN+AM6fdaTJLmmPQIzxIwXHUZttP1Up6qs=,tag:IVZQId4yxbePVQqJB9+3iw==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:WFbqr6VX12rpiPuIPlQnwOMdHM1B0yk2PYuuanbqREE=,iv:Iih4/GNs9qN+AM6fdaTJLmmPQIzxIwXHUZttP1Up6qs=,tag:IVZQId4yxbePVQqJB9+3iw==,type:str]
nix-serve: nix-serve:
key: ENC[AES256_GCM,data:GptsUgeXOOrwJctoMZ+mWXcw9DwJ0f0LOlLyMlH/877N4uA5/NtNKIaFHl3z2GWPRBnDLBzDEO1Q6EDuWbakr+Uq4zTJm2MOV6Qf4kM0BlNpXGIdjvh7tD2La7GV4ID+CT8U6p0E,iv:3A/Yy4PHsq9VdhW4SKIYdpd1enQ5cDiKLk5S9VrH0b4=,tag:WZzbct7LZmOhEvx9KVQ8WA==,type:str] key: ENC[AES256_GCM,data:GptsUgeXOOrwJctoMZ+mWXcw9DwJ0f0LOlLyMlH/877N4uA5/NtNKIaFHl3z2GWPRBnDLBzDEO1Q6EDuWbakr+Uq4zTJm2MOV6Qf4kM0BlNpXGIdjvh7tD2La7GV4ID+CT8U6p0E,iv:3A/Yy4PHsq9VdhW4SKIYdpd1enQ5cDiKLk5S9VrH0b4=,tag:WZzbct7LZmOhEvx9KVQ8WA==,type:str]
keycloak:
db: ENC[AES256_GCM,data:DVf/pVCHHUed2cQleECk0paBTZ/6Q3NE,iv:j3sWWNL0dqPJBLUx10+jJ7QvdAHvGM55KKDwG2aQEs0=,tag:6VTeE+Prsm+LPemzbEtVYg==,type:str]
dex: dex:
environment: ENC[AES256_GCM,data:XpwG/q68wEis4lfrO9wKmKhXDAqzUaMSQHc0lA+Q5TDOzCdseQms9Y51qHD/IxVIcpx14W/hJxuD9jXas8/arD3ZUJ/sUYWDBqAVJGclMz9UjlmJip8Auoro4KIHjOfbO5asGJvStQZ2/pEwcjwwXOp27pMIIrJY6FiKy8ak+QWCLgRYYcosbohUOk9B15i0GvBUbeOX3SypHdNGg59yRnDBl5n9Jf4R0pugaL27zVCCTtFQIv2gQekkGOy62sx5DEocHM/IAHpD36/UerfIeAMZXYqFwIVWlcW4E7NsU/+QTFhtGrK3SdgBdZwFTxBDErh7PfzRS+eRB9eePO5G+Ow27PBOH/JLdy+N6zVB4tOjiNcBCIIzifpWozcxiHHqATUzN6cA85Pnb6icaAXA+pUk5Y7KTRvDqtZnRGraXkvfy+3fNgWFsErphLNIrHrVfOKxZHnF1myDltlre6BPoKoTH0T43CUriv8u7Z3sw/HziU991u72ZxqwBzWNEc6cYsSidKgVMWYcGyXX9zOl+nsRnIuEX5sZFB2z/VXqiuJoP8+agaUgKIU4eLtltOk=,iv:/it0Kg0+2BpdiJFI2GBiC2VJgeHC/GbjniDKVqL1xSo=,tag:Y06ICn5wHGV3jUZTRt1k4w==,type:str] environment: ENC[AES256_GCM,data:XpwG/q68wEis4lfrO9wKmKhXDAqzUaMSQHc0lA+Q5TDOzCdseQms9Y51qHD/IxVIcpx14W/hJxuD9jXas8/arD3ZUJ/sUYWDBqAVJGclMz9UjlmJip8Auoro4KIHjOfbO5asGJvStQZ2/pEwcjwwXOp27pMIIrJY6FiKy8ak+QWCLgRYYcosbohUOk9B15i0GvBUbeOX3SypHdNGg59yRnDBl5n9Jf4R0pugaL27zVCCTtFQIv2gQekkGOy62sx5DEocHM/IAHpD36/UerfIeAMZXYqFwIVWlcW4E7NsU/+QTFhtGrK3SdgBdZwFTxBDErh7PfzRS+eRB9eePO5G+Ow27PBOH/JLdy+N6zVB4tOjiNcBCIIzifpWozcxiHHqATUzN6cA85Pnb6icaAXA+pUk5Y7KTRvDqtZnRGraXkvfy+3fNgWFsErphLNIrHrVfOKxZHnF1myDltlre6BPoKoTH0T43CUriv8u7Z3sw/HziU991u72ZxqwBzWNEc6cYsSidKgVMWYcGyXX9zOl+nsRnIuEX5sZFB2z/VXqiuJoP8+agaUgKIU4eLtltOk=,iv:/it0Kg0+2BpdiJFI2GBiC2VJgeHC/GbjniDKVqL1xSo=,tag:Y06ICn5wHGV3jUZTRt1k4w==,type:str]
portunus: portunus:
@ -48,8 +50,8 @@ sops:
c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I
vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag== vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-21T14:49:39Z" lastmodified: "2024-05-02T11:20:32Z"
mac: ENC[AES256_GCM,data:UOSGdgzqdp8G9e0SfzUxUDWPfv5a6YXhPy2//4njeFQwBmBFs/2d1jtn7CWr7y/1WcbuCjr03SudfO/yquNiELZqfIi41b0Qu6PplQE5khQR4RT7jpJ8b7HGmAnvAxhM5X835cXntU7FXna+1QWwzIKpPGVtKQ7m36CbgSgY2Gw=,iv:sRCLtoxeYaNS0Ga+ncUWxPh0MsqJUfHpamHQpGrm7lY=,tag:vLsJYdmKCNqOr5y5ZYVaDg==,type:str] mac: ENC[AES256_GCM,data:0GUoloHyDEnX/u7SWSSwT/WA0rOJIidtYMFmVkTO3xkWHZqwILDhvW93hGoxDqTQle/MIXcN20nD3530DfhODLOWEfOuiYEJstR9Zx3LIa9MdJgjFj777zEhqfQ10oQ6VbQEmYNBX+7GvXNMbwFYQMU9xTggF0DGTCr+KPjSJ44=,iv:DHdAZQYMGLOGBN5D6hd/WCvNzkS1x9eQMFCBNJZ05zo=,tag:vNQTRueukDtg9g/Vgp0huw==,type:str]
pgp: pgp:
- created_at: "2024-02-29T15:23:23Z" - created_at: "2024-02-29T15:23:23Z"
enc: |- enc: |-