Compare commits

..

2 commits

Author SHA1 Message Date
ea6bbee518 Merge pull request 'feat: setup keycloak' (#7) from setup-keycloak into main
Some checks failed
/ check (push) Failing after 2m2s
Reviewed-on: #7
2024-05-25 15:23:19 +00:00
4a4bfd38c8 feat: setup keycloak
All checks were successful
/ check (pull_request) Successful in 2m39s
2024-05-25 17:19:54 +02:00
4 changed files with 48 additions and 0 deletions

View file

@ -15,6 +15,7 @@
./borg.nix
./disk-config.nix
./forgejo.nix
./keycloak.nix
./murmur.nix
./msmtp.nix
./upgrade.nix

41
hosts/ami/keycloak.nix Normal file
View file

@ -0,0 +1,41 @@
{
config,
pkgs,
...
}: let
port = 11328;
in {
age.secrets.keycloak-db-pass.file = ../../secrets/keycloak-db-pass.age;
services.keycloak = {
enable = true;
package = pkgs.unstable.keycloak;
database.passwordFile = config.age.secrets.keycloak-db-pass.path;
settings = {
hostname = "https://kc.buffet.sh/";
http-port = port;
proxy = "edge";
};
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."kc.buffet.sh" = {
useACMEHost = "buffet.sh";
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:${toString port}";
};
};
};
};
}

View file

@ -4,6 +4,7 @@ in {
"secrets/bitwarden.age".publicKeys = [buffet];
"secrets/borgpassword.age".publicKeys = [buffet];
"secrets/hetzner-dns.age".publicKeys = [buffet];
"secrets/keycloak-db-pass.age".publicKeys = [buffet];
"secrets/kitchen-runner-token.age".publicKeys = [buffet];
"secrets/msmtppassword.age".publicKeys = [buffet];
}

View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 zRvPWg dBE7+zBtxSbFggJdrs22PDU/rMaVJ8tV6FLPmSwOzA0
mAmmY0WFFzntI+uVOFaDZixtBPkAflllANFlcupM8sc
--- 8rVOupXTyOinTaMRntA+rBjr2xZ9FT0xzmNQReEZb1Q
Ñr84¦y„ó% Ó„Ñ ÓLkº|½ª®]è~£:œön¬ëÇÞÂd½mC2£\­$¯Áör†#ì•D)PöBàÀm-R¹Ukƒ°0Æ…Cò$`ê|U