From d27328fd1f3715b89f375ecc547a4927c8f6364f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 15:05:30 +0200 Subject: [PATCH 1/8] feat: init keycloak --- flake.lock | 96 +++++++++++++++++++++++++++++- flake.nix | 3 + hosts/nachtigall/apps/keycloak.nix | 40 +++++++++++++ 3 files changed, 138 insertions(+), 1 deletion(-) create mode 100644 hosts/nachtigall/apps/keycloak.nix diff --git a/flake.lock b/flake.lock index 56eb596..9e7b689 100644 --- a/flake.lock +++ b/flake.lock @@ -80,6 +80,28 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "keycloak-theme-pub-solar", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1688380630, + "narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=", + "owner": "numtide", + "repo": "devshell", + "rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -115,6 +137,24 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1634851050, "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", @@ -150,6 +190,29 @@ "type": "github" } }, + "keycloak-theme-pub-solar": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1689875310, + "narHash": "sha256-gJxh8fVX24nZXBxstZcrzZhMRFG9jyOnQEfkgoRr39I=", + "ref": "main", + "rev": "c2c86bbf9855f16a231a596b75b443232a7b9395", + "revCount": 24, + "type": "git", + "url": "https://git.pub.solar/pub-solar/keycloak-theme" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.pub.solar/pub-solar/keycloak-theme" + } + }, "mastodon-fork": { "locked": { "lastModified": 1698490885, @@ -242,6 +305,7 @@ "deploy-rs": "deploy-rs", "flake-parts": "flake-parts", "home-manager": "home-manager", + "keycloak-theme-pub-solar": "keycloak-theme-pub-solar", "mastodon-fork": "mastodon-fork", "nix-darwin": "nix-darwin", "nixos-flake": "nixos-flake", @@ -250,11 +314,41 @@ "unstable": "unstable" } }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "bats-assert": "bats-assert", "bats-support": "bats-support", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], diff --git a/flake.nix b/flake.nix index 8b46b54..0bc7545 100644 --- a/flake.nix +++ b/flake.nix @@ -24,6 +24,9 @@ agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.darwin.follows = "nix-darwin"; agenix.inputs.home-manager.follows = "home-manager"; + + keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main"; + keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = inputs@{ self, terranix, ... }: diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix new file mode 100644 index 0000000..6ccefc1 --- /dev/null +++ b/hosts/nachtigall/apps/keycloak.nix @@ -0,0 +1,40 @@ +{ + flake, + config, + lib, + inputs, + pkgs, + ... +}: { + age.secrets.keycloak-database-password = { + file = "${flake.self}/secrets/keycloak-database-password.age"; + mode = "700"; + #owner = "keycloak"; + }; + + services.caddy.virtualHosts."auth.pub.solar" = { + # logFormat = lib.mkForce '' + # output discard + # ''; + extraConfig = '' + redir / /realms/pub.solar/account temporary + reverse_proxy :8080 + ''; + }; + + # keycloak + services.keycloak = { + enable = true; + database.passwordFile = config.age.secrets.keycloak-database-password.path; + settings = { + hostname = "auth.pub.solar"; + http-host = "127.0.0.1"; + http-port = 8080; + proxy = "edge"; + features = "declarative-user-profile"; + }; + themes = { + "pub.solar" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar; + }; + }; +} From 8e07034aad7a163bc6f2dd70ddb09849385a792f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 21:28:01 +0200 Subject: [PATCH 2/8] feat: add keycloak secrets and virtualhost --- hosts/nachtigall/apps/keycloak.nix | 20 ++++++++++-------- secrets/keycloak-database-password.age | 28 ++++++++++++++++++++++++++ secrets/secrets.nix | 2 ++ 3 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 secrets/keycloak-database-password.age diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index 6ccefc1..ec9d507 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -12,14 +12,18 @@ #owner = "keycloak"; }; - services.caddy.virtualHosts."auth.pub.solar" = { - # logFormat = lib.mkForce '' - # output discard - # ''; - extraConfig = '' - redir / /realms/pub.solar/account temporary - reverse_proxy :8080 - ''; + services.nginx.virtualHosts."auth.pub.solar".locations = { + "= /" = { + extraConfig = '' + return 302 /realms/pub.solar/account; + ''; + }; + + "/" = { + extraConfig = '' + proxy_pass http://localhost:8080; + ''; + }; }; # keycloak diff --git a/secrets/keycloak-database-password.age b/secrets/keycloak-database-password.age new file mode 100644 index 0000000..9bb496e --- /dev/null +++ b/secrets/keycloak-database-password.age @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg xPHRh2XZ454Vu8Bki4KhJkJnm2gSBXvUXoSfVUGEf1o +R4JxbF+81Enio+Kxg47js5DBFGXpfurYrwQm+NucSl4 +-> ssh-ed25519 uYcDNw ccOstb41qo9sLYNVmSqZofatPaGu3WQ07e3GiQHHv2s +CSLL/6MJ7T6RKCPS43mI4qENXdKHZ+l8lNkThnL+0aA +-> ssh-rsa kFDS0A +WPdWUnSbcW0XlG69avmb7zZRBjlvUaspohLJA7mAEnB+4/Te/m96TMDka5HAagqj +aHD5Sta4hJWvLqk47A6BvRb7UAcY5UaeZE9wPLCkywqrjwHdP2U6yHO8eWCyRhOG +E6iGIslokw4JCrTdmpe7Lf/pJwlPnkQUMh699R0VDBWAbaSomuCvHw4pHLoC548B +eFSMf40XbOEnpyYKWhZCDYCMljW67QpZg7e1liCY2UY04Bhb1JvRB116lSXcrJtM +hqTyk/nPAMB88wjAABHpmK6nh+18FusH9KFTZnKrJHd/kxpxYESm8hltGm4GP9By +pd1bF16pEcQzJ3+kaEcWl10YYqJ4GuILAxZ5FPPPOlTyJZfo2CBNMXfKwNTS7Ks9 +UkWvr+CI8Htj0BRoLqLXcExFRJWUmRxND0suKqUEcmGumBr5kFu/V+z+6DZ0aPck +50AO2Rbuog64p22DJ/s8B7AQwNFAzMGBblgRC5aNntB2OV++elAn+mdvLPjjoR8Q +zZz55rNhZaI6dl67RtrmXYZOn1V6+550ekS+n0ZxmhUdQMsEOwKJgiW6nYw/nv/2 +JkxBhsY81XXLtUBW2MRb45BlctkSSTuLl7/ssmyKG6nfLXZv5xexi+jZp698WEKg +YsrHX8d5ECxmzHg0eUJ5753d8YuRgkgigUOBHho1/68 +-> ssh-ed25519 YFSOsg Gak4h6r+RQhOOwKDrCZlbTRH6Bn+hGpnzDJ88c/LTE8 +7fVZaeJEvl2CwoiigenL7MDthEx4K2W7w/dFfQfDo9k +-> ssh-ed25519 iHV63A 0fCHyaYaNW8wBMscEBjlzAPU/+BxCcs3lXmikLzmkyQ +yenFiGtXvNBpJzo1AasIsZaFgUErSfa1FG6ddk1CMcY +-> ssh-ed25519 BVsyTA z0IJ2RwEMD/OULwA3d0Cu22NxTzVtipSpnIdGyD+N2M +O3We2lCnanCIb49CUEdAkde8oEMprDdIOpf5CTuBN8M +-> zUyM-grease wD~@=bx; }g peF2/D[e DAu"<=rB + +--- ZjX5sIPRv/FnsH8a8fiZ0oD5lR/gVeweGEm5nsvmeak +p"RbG?A+-V} \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 6b7ba1d..63a57f8 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -32,4 +32,6 @@ in { "mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ baseKeys; "mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; + + "keycloak-database-password.age".publicKeys = nachtigallKeys ++ baseKeys; } From 8da5f0b48ac5bd7fb9bc5302437b4c64186e4f3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 21:34:45 +0200 Subject: [PATCH 3/8] fix: enable SSL for keycloak --- hosts/nachtigall/apps/keycloak.nix | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index ec9d507..a336274 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -12,17 +12,22 @@ #owner = "keycloak"; }; - services.nginx.virtualHosts."auth.pub.solar".locations = { - "= /" = { - extraConfig = '' - return 302 /realms/pub.solar/account; - ''; - }; + services.nginx.virtualHosts."auth.pub.solar" = { + enableACME = true; + forceSSL = true; - "/" = { - extraConfig = '' - proxy_pass http://localhost:8080; - ''; + locations = { + "= /" = { + extraConfig = '' + return 302 /realms/pub.solar/account; + ''; + }; + + "/" = { + extraConfig = '' + proxy_pass http://localhost:8080; + ''; + }; }; }; From 5139cbe2db6a54f7611cc56b14c025a63ced9800 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 15:05:30 +0200 Subject: [PATCH 4/8] feat: init keycloak --- flake.lock | 96 +++++++++++++++++++++++++++++- flake.nix | 3 + hosts/nachtigall/apps/keycloak.nix | 40 +++++++++++++ 3 files changed, 138 insertions(+), 1 deletion(-) create mode 100644 hosts/nachtigall/apps/keycloak.nix diff --git a/flake.lock b/flake.lock index 56eb596..9e7b689 100644 --- a/flake.lock +++ b/flake.lock @@ -80,6 +80,28 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "keycloak-theme-pub-solar", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1688380630, + "narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=", + "owner": "numtide", + "repo": "devshell", + "rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -115,6 +137,24 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1634851050, "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", @@ -150,6 +190,29 @@ "type": "github" } }, + "keycloak-theme-pub-solar": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1689875310, + "narHash": "sha256-gJxh8fVX24nZXBxstZcrzZhMRFG9jyOnQEfkgoRr39I=", + "ref": "main", + "rev": "c2c86bbf9855f16a231a596b75b443232a7b9395", + "revCount": 24, + "type": "git", + "url": "https://git.pub.solar/pub-solar/keycloak-theme" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.pub.solar/pub-solar/keycloak-theme" + } + }, "mastodon-fork": { "locked": { "lastModified": 1698490885, @@ -242,6 +305,7 @@ "deploy-rs": "deploy-rs", "flake-parts": "flake-parts", "home-manager": "home-manager", + "keycloak-theme-pub-solar": "keycloak-theme-pub-solar", "mastodon-fork": "mastodon-fork", "nix-darwin": "nix-darwin", "nixos-flake": "nixos-flake", @@ -250,11 +314,41 @@ "unstable": "unstable" } }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "bats-assert": "bats-assert", "bats-support": "bats-support", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], diff --git a/flake.nix b/flake.nix index 8b46b54..0bc7545 100644 --- a/flake.nix +++ b/flake.nix @@ -24,6 +24,9 @@ agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.darwin.follows = "nix-darwin"; agenix.inputs.home-manager.follows = "home-manager"; + + keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main"; + keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = inputs@{ self, terranix, ... }: diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix new file mode 100644 index 0000000..6ccefc1 --- /dev/null +++ b/hosts/nachtigall/apps/keycloak.nix @@ -0,0 +1,40 @@ +{ + flake, + config, + lib, + inputs, + pkgs, + ... +}: { + age.secrets.keycloak-database-password = { + file = "${flake.self}/secrets/keycloak-database-password.age"; + mode = "700"; + #owner = "keycloak"; + }; + + services.caddy.virtualHosts."auth.pub.solar" = { + # logFormat = lib.mkForce '' + # output discard + # ''; + extraConfig = '' + redir / /realms/pub.solar/account temporary + reverse_proxy :8080 + ''; + }; + + # keycloak + services.keycloak = { + enable = true; + database.passwordFile = config.age.secrets.keycloak-database-password.path; + settings = { + hostname = "auth.pub.solar"; + http-host = "127.0.0.1"; + http-port = 8080; + proxy = "edge"; + features = "declarative-user-profile"; + }; + themes = { + "pub.solar" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar; + }; + }; +} From ce24876f3d35e106a17f2e884a41322a38c66424 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 21:28:01 +0200 Subject: [PATCH 5/8] feat: add keycloak secrets and virtualhost --- hosts/nachtigall/apps/keycloak.nix | 20 ++++++++++-------- secrets/keycloak-database-password.age | 28 ++++++++++++++++++++++++++ secrets/secrets.nix | 2 ++ 3 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 secrets/keycloak-database-password.age diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index 6ccefc1..ec9d507 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -12,14 +12,18 @@ #owner = "keycloak"; }; - services.caddy.virtualHosts."auth.pub.solar" = { - # logFormat = lib.mkForce '' - # output discard - # ''; - extraConfig = '' - redir / /realms/pub.solar/account temporary - reverse_proxy :8080 - ''; + services.nginx.virtualHosts."auth.pub.solar".locations = { + "= /" = { + extraConfig = '' + return 302 /realms/pub.solar/account; + ''; + }; + + "/" = { + extraConfig = '' + proxy_pass http://localhost:8080; + ''; + }; }; # keycloak diff --git a/secrets/keycloak-database-password.age b/secrets/keycloak-database-password.age new file mode 100644 index 0000000..9bb496e --- /dev/null +++ b/secrets/keycloak-database-password.age @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg xPHRh2XZ454Vu8Bki4KhJkJnm2gSBXvUXoSfVUGEf1o +R4JxbF+81Enio+Kxg47js5DBFGXpfurYrwQm+NucSl4 +-> ssh-ed25519 uYcDNw ccOstb41qo9sLYNVmSqZofatPaGu3WQ07e3GiQHHv2s +CSLL/6MJ7T6RKCPS43mI4qENXdKHZ+l8lNkThnL+0aA +-> ssh-rsa kFDS0A +WPdWUnSbcW0XlG69avmb7zZRBjlvUaspohLJA7mAEnB+4/Te/m96TMDka5HAagqj +aHD5Sta4hJWvLqk47A6BvRb7UAcY5UaeZE9wPLCkywqrjwHdP2U6yHO8eWCyRhOG +E6iGIslokw4JCrTdmpe7Lf/pJwlPnkQUMh699R0VDBWAbaSomuCvHw4pHLoC548B +eFSMf40XbOEnpyYKWhZCDYCMljW67QpZg7e1liCY2UY04Bhb1JvRB116lSXcrJtM +hqTyk/nPAMB88wjAABHpmK6nh+18FusH9KFTZnKrJHd/kxpxYESm8hltGm4GP9By +pd1bF16pEcQzJ3+kaEcWl10YYqJ4GuILAxZ5FPPPOlTyJZfo2CBNMXfKwNTS7Ks9 +UkWvr+CI8Htj0BRoLqLXcExFRJWUmRxND0suKqUEcmGumBr5kFu/V+z+6DZ0aPck +50AO2Rbuog64p22DJ/s8B7AQwNFAzMGBblgRC5aNntB2OV++elAn+mdvLPjjoR8Q +zZz55rNhZaI6dl67RtrmXYZOn1V6+550ekS+n0ZxmhUdQMsEOwKJgiW6nYw/nv/2 +JkxBhsY81XXLtUBW2MRb45BlctkSSTuLl7/ssmyKG6nfLXZv5xexi+jZp698WEKg +YsrHX8d5ECxmzHg0eUJ5753d8YuRgkgigUOBHho1/68 +-> ssh-ed25519 YFSOsg Gak4h6r+RQhOOwKDrCZlbTRH6Bn+hGpnzDJ88c/LTE8 +7fVZaeJEvl2CwoiigenL7MDthEx4K2W7w/dFfQfDo9k +-> ssh-ed25519 iHV63A 0fCHyaYaNW8wBMscEBjlzAPU/+BxCcs3lXmikLzmkyQ +yenFiGtXvNBpJzo1AasIsZaFgUErSfa1FG6ddk1CMcY +-> ssh-ed25519 BVsyTA z0IJ2RwEMD/OULwA3d0Cu22NxTzVtipSpnIdGyD+N2M +O3We2lCnanCIb49CUEdAkde8oEMprDdIOpf5CTuBN8M +-> zUyM-grease wD~@=bx; }g peF2/D[e DAu"<=rB + +--- ZjX5sIPRv/FnsH8a8fiZ0oD5lR/gVeweGEm5nsvmeak +p"RbG?A+-V} \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 6b7ba1d..63a57f8 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -32,4 +32,6 @@ in { "mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ baseKeys; "mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; + + "keycloak-database-password.age".publicKeys = nachtigallKeys ++ baseKeys; } From 16a5ee93ccb02d46ee6398272537ca5267204929 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 21:34:45 +0200 Subject: [PATCH 6/8] fix: enable SSL for keycloak --- hosts/nachtigall/apps/keycloak.nix | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index ec9d507..a336274 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -12,17 +12,22 @@ #owner = "keycloak"; }; - services.nginx.virtualHosts."auth.pub.solar".locations = { - "= /" = { - extraConfig = '' - return 302 /realms/pub.solar/account; - ''; - }; + services.nginx.virtualHosts."auth.pub.solar" = { + enableACME = true; + forceSSL = true; - "/" = { - extraConfig = '' - proxy_pass http://localhost:8080; - ''; + locations = { + "= /" = { + extraConfig = '' + return 302 /realms/pub.solar/account; + ''; + }; + + "/" = { + extraConfig = '' + proxy_pass http://localhost:8080; + ''; + }; }; }; From 4f7b30c2c3e36bbd43bd13106bb00f1c39b839c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 23:18:44 +0200 Subject: [PATCH 7/8] fix: use flake.inputs instead of inputs directly --- hosts/nachtigall/apps/keycloak.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index a336274..b589bdc 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -2,7 +2,6 @@ flake, config, lib, - inputs, pkgs, ... }: { @@ -43,7 +42,7 @@ features = "declarative-user-profile"; }; themes = { - "pub.solar" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar; + "pub.solar" = flake.inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar; }; }; } From 620c1715b43110fed246b3c20347f4125e98bbb4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 28 Oct 2023 23:33:07 +0200 Subject: [PATCH 8/8] fix: import keycloak module --- hosts/nachtigall/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index f25f489..603f93a 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -10,6 +10,7 @@ ./nix.nix ./apps/nginx.nix + ./apps/keycloak.nix ./apps/nginx-mastodon.nix ./apps/nginx-mastodon-files.nix ./apps/nginx-website.nix