forked from pub-solar/infra
Merge pull request 'feat/keycloak' (#24) from feat/keycloak into main
Reviewed-on: pub-solar/infra-new#24 Reviewed-by: teutat3s <teutates@mailbox.org>
This commit is contained in:
commit
f49eb67d67
96
flake.lock
96
flake.lock
|
@ -80,6 +80,28 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"devshell": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"keycloak-theme-pub-solar",
|
||||
"nixpkgs"
|
||||
],
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688380630,
|
||||
"narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=",
|
||||
"owner": "numtide",
|
||||
"repo": "devshell",
|
||||
"rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "devshell",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -115,6 +137,24 @@
|
|||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1634851050,
|
||||
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
|
||||
|
@ -150,6 +190,29 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"keycloak-theme-pub-solar": {
|
||||
"inputs": {
|
||||
"devshell": "devshell",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689875310,
|
||||
"narHash": "sha256-gJxh8fVX24nZXBxstZcrzZhMRFG9jyOnQEfkgoRr39I=",
|
||||
"ref": "main",
|
||||
"rev": "c2c86bbf9855f16a231a596b75b443232a7b9395",
|
||||
"revCount": 24,
|
||||
"type": "git",
|
||||
"url": "https://git.pub.solar/pub-solar/keycloak-theme"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.pub.solar/pub-solar/keycloak-theme"
|
||||
}
|
||||
},
|
||||
"mastodon-fork": {
|
||||
"locked": {
|
||||
"lastModified": 1698490885,
|
||||
|
@ -242,6 +305,7 @@
|
|||
"deploy-rs": "deploy-rs",
|
||||
"flake-parts": "flake-parts",
|
||||
"home-manager": "home-manager",
|
||||
"keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
|
||||
"mastodon-fork": "mastodon-fork",
|
||||
"nix-darwin": "nix-darwin",
|
||||
"nixos-flake": "nixos-flake",
|
||||
|
@ -250,11 +314,41 @@
|
|||
"unstable": "unstable"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"terranix": {
|
||||
"inputs": {
|
||||
"bats-assert": "bats-assert",
|
||||
"bats-support": "bats-support",
|
||||
"flake-utils": "flake-utils",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
|
|
|
@ -24,6 +24,9 @@
|
|||
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
agenix.inputs.darwin.follows = "nix-darwin";
|
||||
agenix.inputs.home-manager.follows = "home-manager";
|
||||
|
||||
keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main";
|
||||
keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs = inputs@{ self, terranix, ... }:
|
||||
|
|
48
hosts/nachtigall/apps/keycloak.nix
Normal file
48
hosts/nachtigall/apps/keycloak.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{
|
||||
flake,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
age.secrets.keycloak-database-password = {
|
||||
file = "${flake.self}/secrets/keycloak-database-password.age";
|
||||
mode = "700";
|
||||
#owner = "keycloak";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."auth.pub.solar" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations = {
|
||||
"= /" = {
|
||||
extraConfig = ''
|
||||
return 302 /realms/pub.solar/account;
|
||||
'';
|
||||
};
|
||||
|
||||
"/" = {
|
||||
extraConfig = ''
|
||||
proxy_pass http://localhost:8080;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# keycloak
|
||||
services.keycloak = {
|
||||
enable = true;
|
||||
database.passwordFile = config.age.secrets.keycloak-database-password.path;
|
||||
settings = {
|
||||
hostname = "auth.pub.solar";
|
||||
http-host = "127.0.0.1";
|
||||
http-port = 8080;
|
||||
proxy = "edge";
|
||||
features = "declarative-user-profile";
|
||||
};
|
||||
themes = {
|
||||
"pub.solar" = flake.inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -10,6 +10,7 @@
|
|||
./nix.nix
|
||||
./apps/nginx.nix
|
||||
|
||||
./apps/keycloak.nix
|
||||
./apps/nginx-mastodon.nix
|
||||
./apps/nginx-mastodon-files.nix
|
||||
./apps/nginx-website.nix
|
||||
|
|
28
secrets/keycloak-database-password.age
Normal file
28
secrets/keycloak-database-password.age
Normal file
|
@ -0,0 +1,28 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 iDKjwg xPHRh2XZ454Vu8Bki4KhJkJnm2gSBXvUXoSfVUGEf1o
|
||||
R4JxbF+81Enio+Kxg47js5DBFGXpfurYrwQm+NucSl4
|
||||
-> ssh-ed25519 uYcDNw ccOstb41qo9sLYNVmSqZofatPaGu3WQ07e3GiQHHv2s
|
||||
CSLL/6MJ7T6RKCPS43mI4qENXdKHZ+l8lNkThnL+0aA
|
||||
-> ssh-rsa kFDS0A
|
||||
WPdWUnSbcW0XlG69avmb7zZRBjlvUaspohLJA7mAEnB+4/Te/m96TMDka5HAagqj
|
||||
aHD5Sta4hJWvLqk47A6BvRb7UAcY5UaeZE9wPLCkywqrjwHdP2U6yHO8eWCyRhOG
|
||||
E6iGIslokw4JCrTdmpe7Lf/pJwlPnkQUMh699R0VDBWAbaSomuCvHw4pHLoC548B
|
||||
eFSMf40XbOEnpyYKWhZCDYCMljW67QpZg7e1liCY2UY04Bhb1JvRB116lSXcrJtM
|
||||
hqTyk/nPAMB88wjAABHpmK6nh+18FusH9KFTZnKrJHd/kxpxYESm8hltGm4GP9By
|
||||
pd1bF16pEcQzJ3+kaEcWl10YYqJ4GuILAxZ5FPPPOlTyJZfo2CBNMXfKwNTS7Ks9
|
||||
UkWvr+CI8Htj0BRoLqLXcExFRJWUmRxND0suKqUEcmGumBr5kFu/V+z+6DZ0aPck
|
||||
50AO2Rbuog64p22DJ/s8B7AQwNFAzMGBblgRC5aNntB2OV++elAn+mdvLPjjoR8Q
|
||||
zZz55rNhZaI6dl67RtrmXYZOn1V6+550ekS+n0ZxmhUdQMsEOwKJgiW6nYw/nv/2
|
||||
JkxBhsY81XXLtUBW2MRb45BlctkSSTuLl7/ssmyKG6nfLXZv5xexi+jZp698WEKg
|
||||
YsrHX8d5ECxmzHg0eUJ5753d8YuRgkgigUOBHho1/68
|
||||
-> ssh-ed25519 YFSOsg Gak4h6r+RQhOOwKDrCZlbTRH6Bn+hGpnzDJ88c/LTE8
|
||||
7fVZaeJEvl2CwoiigenL7MDthEx4K2W7w/dFfQfDo9k
|
||||
-> ssh-ed25519 iHV63A 0fCHyaYaNW8wBMscEBjlzAPU/+BxCcs3lXmikLzmkyQ
|
||||
yenFiGtXvNBpJzo1AasIsZaFgUErSfa1FG6ddk1CMcY
|
||||
-> ssh-ed25519 BVsyTA z0IJ2RwEMD/OULwA3d0Cu22NxTzVtipSpnIdGyD+N2M
|
||||
O3We2lCnanCIb49CUEdAkde8oEMprDdIOpf5CTuBN8M
|
||||
-> zUyM-grease wD~@=bx; }g peF2/D[e DAu"<=rB
|
||||
|
||||
--- ZjX5sIPRv/FnsH8a8fiZ0oD5lR/gVeweGEm5nsvmeak
|
||||
<EFBFBD><EFBFBD>p<><70><EFBFBD>"<11><><EFBFBD>RbG<62>?A<><Z<>y<EFBFBD>B<EFBFBD><42>
|
||||
*-AL|<7C><><13><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>I<EFBFBD>トウ<EFBE84><EFBDB3>ャ<EFBFBD><EFBDAC><EFBFBD>ト<EFBFBD><EFBE84><EFBFBD>メウ<EFBE92><EFBDB3><EFBFBD><EFBFBD><EFBFBD>ヲヲ<EFBDA6>サ<EFBFBD><EFBDBB>ロ<EFBFBD><EFBE9B><EFBFBD>ツァ」<EFBDA7><EFBDA3><EFBFBD><EFBFBD><EFBFBD>セ<EFBFBD><EFBDBE>ォ<EFBFBD>ュヨ<EFBDAD><EFBE96>
|
|
@ -32,4 +32,6 @@ in {
|
|||
"mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
|
||||
"mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
|
||||
"keycloak-database-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue