From 8e07034aad7a163bc6f2dd70ddb09849385a792f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 21:28:01 +0200 Subject: [PATCH] feat: add keycloak secrets and virtualhost --- hosts/nachtigall/apps/keycloak.nix | 20 ++++++++++-------- secrets/keycloak-database-password.age | 28 ++++++++++++++++++++++++++ secrets/secrets.nix | 2 ++ 3 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 secrets/keycloak-database-password.age diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index 6ccefc1a..ec9d5073 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -12,14 +12,18 @@ #owner = "keycloak"; }; - services.caddy.virtualHosts."auth.pub.solar" = { - # logFormat = lib.mkForce '' - # output discard - # ''; - extraConfig = '' - redir / /realms/pub.solar/account temporary - reverse_proxy :8080 - ''; + services.nginx.virtualHosts."auth.pub.solar".locations = { + "= /" = { + extraConfig = '' + return 302 /realms/pub.solar/account; + ''; + }; + + "/" = { + extraConfig = '' + proxy_pass http://localhost:8080; + ''; + }; }; # keycloak diff --git a/secrets/keycloak-database-password.age b/secrets/keycloak-database-password.age new file mode 100644 index 00000000..9bb496e4 --- /dev/null +++ b/secrets/keycloak-database-password.age @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg xPHRh2XZ454Vu8Bki4KhJkJnm2gSBXvUXoSfVUGEf1o +R4JxbF+81Enio+Kxg47js5DBFGXpfurYrwQm+NucSl4 +-> ssh-ed25519 uYcDNw ccOstb41qo9sLYNVmSqZofatPaGu3WQ07e3GiQHHv2s +CSLL/6MJ7T6RKCPS43mI4qENXdKHZ+l8lNkThnL+0aA +-> ssh-rsa kFDS0A +WPdWUnSbcW0XlG69avmb7zZRBjlvUaspohLJA7mAEnB+4/Te/m96TMDka5HAagqj +aHD5Sta4hJWvLqk47A6BvRb7UAcY5UaeZE9wPLCkywqrjwHdP2U6yHO8eWCyRhOG +E6iGIslokw4JCrTdmpe7Lf/pJwlPnkQUMh699R0VDBWAbaSomuCvHw4pHLoC548B +eFSMf40XbOEnpyYKWhZCDYCMljW67QpZg7e1liCY2UY04Bhb1JvRB116lSXcrJtM +hqTyk/nPAMB88wjAABHpmK6nh+18FusH9KFTZnKrJHd/kxpxYESm8hltGm4GP9By +pd1bF16pEcQzJ3+kaEcWl10YYqJ4GuILAxZ5FPPPOlTyJZfo2CBNMXfKwNTS7Ks9 +UkWvr+CI8Htj0BRoLqLXcExFRJWUmRxND0suKqUEcmGumBr5kFu/V+z+6DZ0aPck +50AO2Rbuog64p22DJ/s8B7AQwNFAzMGBblgRC5aNntB2OV++elAn+mdvLPjjoR8Q +zZz55rNhZaI6dl67RtrmXYZOn1V6+550ekS+n0ZxmhUdQMsEOwKJgiW6nYw/nv/2 +JkxBhsY81XXLtUBW2MRb45BlctkSSTuLl7/ssmyKG6nfLXZv5xexi+jZp698WEKg +YsrHX8d5ECxmzHg0eUJ5753d8YuRgkgigUOBHho1/68 +-> ssh-ed25519 YFSOsg Gak4h6r+RQhOOwKDrCZlbTRH6Bn+hGpnzDJ88c/LTE8 +7fVZaeJEvl2CwoiigenL7MDthEx4K2W7w/dFfQfDo9k +-> ssh-ed25519 iHV63A 0fCHyaYaNW8wBMscEBjlzAPU/+BxCcs3lXmikLzmkyQ +yenFiGtXvNBpJzo1AasIsZaFgUErSfa1FG6ddk1CMcY +-> ssh-ed25519 BVsyTA z0IJ2RwEMD/OULwA3d0Cu22NxTzVtipSpnIdGyD+N2M +O3We2lCnanCIb49CUEdAkde8oEMprDdIOpf5CTuBN8M +-> zUyM-grease wD~@=bx; }g peF2/D[e DAu"<=rB + +--- ZjX5sIPRv/FnsH8a8fiZ0oD5lR/gVeweGEm5nsvmeak +p"RbG?A+-V} \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 6b7ba1d8..63a57f8d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -32,4 +32,6 @@ in { "mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ baseKeys; "mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; + + "keycloak-database-password.age".publicKeys = nachtigallKeys ++ baseKeys; }