forked from pub-solar/infra
keycloak: use backups module
Co-authored-by: b12f <b12f@noreply.git.pub.solar> Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
This commit is contained in:
parent
e857c6198b
commit
88b76beb5c
|
@ -48,9 +48,21 @@
|
|||
owner = "root";
|
||||
};
|
||||
|
||||
pub-solar-os.auth.enable = true;
|
||||
age.secrets.keycloak-database-password = {
|
||||
file = "${flake.self}/secrets/keycloak-database-password.age";
|
||||
mode = "600";
|
||||
#owner = "keycloak";
|
||||
};
|
||||
|
||||
nixpkgs.config.permittedInsecurePackages = [ "keycloak-23.0.6" ];
|
||||
pub-solar-os.auth = {
|
||||
enable = true;
|
||||
database-password-file = config.age.secrets.keycloak-database-password.path;
|
||||
};
|
||||
|
||||
pub-solar-os.backups.repos.storagebox = {
|
||||
passwordFile = config.age.secrets."restic-repo-storagebox".path;
|
||||
repository = "sftp:u377325@u377325.your-storagebox.de:/backups";
|
||||
};
|
||||
|
||||
systemd.services.postgresql = {
|
||||
after = [ "var-lib-postgresql.mount" ];
|
||||
|
|
|
@ -6,23 +6,22 @@
|
|||
...
|
||||
}:
|
||||
{
|
||||
options.pub-solar-os.auth = {
|
||||
enable = lib.mkEnableOption "Enable keycloak to run on the node";
|
||||
options.pub-solar-os.auth = with lib; {
|
||||
enable = mkEnableOption "Enable keycloak to run on the node";
|
||||
|
||||
realm = lib.mkOption {
|
||||
realm = mkOption {
|
||||
description = "Name of the realm";
|
||||
type = lib.types.str;
|
||||
type = types.str;
|
||||
default = config.pub-solar-os.networking.domain;
|
||||
};
|
||||
|
||||
database-password-file = mkOption {
|
||||
description = "Database password file path";
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf config.pub-solar-os.auth.enable {
|
||||
age.secrets.keycloak-database-password = {
|
||||
file = "${flake.self}/secrets/keycloak-database-password.age";
|
||||
mode = "600";
|
||||
#owner = "keycloak";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."auth.${config.pub-solar-os.networking.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
@ -46,7 +45,7 @@
|
|||
# keycloak
|
||||
services.keycloak = {
|
||||
enable = true;
|
||||
database.passwordFile = config.age.secrets.keycloak-database-password.path;
|
||||
database.passwordFile = config.pub-solar-os.auth.database-password-file;
|
||||
settings = {
|
||||
hostname = "auth.${config.pub-solar-os.networking.domain}";
|
||||
http-host = "127.0.0.1";
|
||||
|
@ -59,14 +58,12 @@
|
|||
};
|
||||
};
|
||||
|
||||
services.restic.backups.keycloak-storagebox = {
|
||||
pub-solar-os.backups.backups.keycloak = {
|
||||
paths = [ "/tmp/keycloak-backup.sql" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* 03:00:00 Etc/UTC";
|
||||
};
|
||||
initialize = true;
|
||||
passwordFile = config.age.secrets."restic-repo-storagebox".path;
|
||||
repository = "sftp:u377325@u377325.your-storagebox.de:/backups";
|
||||
backupPrepareCommand = ''
|
||||
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql
|
||||
'';
|
||||
|
|
Loading…
Reference in a new issue