Merge pull request 'feat: setup keycloak' (#7) from setup-keycloak into main
Some checks failed
/ check (push) Failing after 2m2s
Some checks failed
/ check (push) Failing after 2m2s
Reviewed-on: #7
This commit is contained in:
commit
ea6bbee518
4 changed files with 48 additions and 0 deletions
|
@ -15,6 +15,7 @@
|
|||
./borg.nix
|
||||
./disk-config.nix
|
||||
./forgejo.nix
|
||||
./keycloak.nix
|
||||
./murmur.nix
|
||||
./msmtp.nix
|
||||
./upgrade.nix
|
||||
|
|
41
hosts/ami/keycloak.nix
Normal file
41
hosts/ami/keycloak.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
port = 11328;
|
||||
in {
|
||||
age.secrets.keycloak-db-pass.file = ../../secrets/keycloak-db-pass.age;
|
||||
|
||||
services.keycloak = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.keycloak;
|
||||
database.passwordFile = config.age.secrets.keycloak-db-pass.path;
|
||||
|
||||
settings = {
|
||||
hostname = "https://kc.buffet.sh/";
|
||||
http-port = port;
|
||||
proxy = "edge";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts."kc.buffet.sh" = {
|
||||
useACMEHost = "buffet.sh";
|
||||
forceSSL = true;
|
||||
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://localhost:${toString port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -4,6 +4,7 @@ in {
|
|||
"secrets/bitwarden.age".publicKeys = [buffet];
|
||||
"secrets/borgpassword.age".publicKeys = [buffet];
|
||||
"secrets/hetzner-dns.age".publicKeys = [buffet];
|
||||
"secrets/keycloak-db-pass.age".publicKeys = [buffet];
|
||||
"secrets/kitchen-runner-token.age".publicKeys = [buffet];
|
||||
"secrets/msmtppassword.age".publicKeys = [buffet];
|
||||
}
|
||||
|
|
5
secrets/keycloak-db-pass.age
Normal file
5
secrets/keycloak-db-pass.age
Normal file
|
@ -0,0 +1,5 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 zRvPWg dBE7+zBtxSbFggJdrs22PDU/rMaVJ8tV6FLPmSwOzA0
|
||||
mAmmY0WFFzntI+uVOFaDZixtBPkAflllANFlcupM8sc
|
||||
--- 8rVOupXTyOinTaMRntA+rBjr2xZ9FT0xzmNQReEZb1Q
|
||||
Ñr84¦y„ó% Ó„ÑÓLkº|½ª®]è~£:œö–‹n¬ëÇÞÂd½mC2£\‘‘$¯Áör†#‹u°ì•D)PöBàÀm-R¹Ukƒ°0Æ…Cò$`ê|U
|
Loading…
Reference in a new issue