Merge pull request 'feat/keycloak' (#24) from feat/keycloak into main

Reviewed-on: pub-solar/infra-new#24
Reviewed-by: teutat3s <teutates@mailbox.org>
This commit is contained in:
b12f 2023-10-28 23:35:07 +02:00
commit f49eb67d67
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
6 changed files with 177 additions and 1 deletions

View file

@ -80,6 +80,28 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"nixpkgs": [
"keycloak-theme-pub-solar",
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1688380630,
"narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=",
"owner": "numtide",
"repo": "devshell",
"rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -115,6 +137,24 @@
} }
}, },
"flake-utils": { "flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": { "locked": {
"lastModified": 1634851050, "lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
@ -150,6 +190,29 @@
"type": "github" "type": "github"
} }
}, },
"keycloak-theme-pub-solar": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1689875310,
"narHash": "sha256-gJxh8fVX24nZXBxstZcrzZhMRFG9jyOnQEfkgoRr39I=",
"ref": "main",
"rev": "c2c86bbf9855f16a231a596b75b443232a7b9395",
"revCount": 24,
"type": "git",
"url": "https://git.pub.solar/pub-solar/keycloak-theme"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.pub.solar/pub-solar/keycloak-theme"
}
},
"mastodon-fork": { "mastodon-fork": {
"locked": { "locked": {
"lastModified": 1698490885, "lastModified": 1698490885,
@ -242,6 +305,7 @@
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"home-manager": "home-manager", "home-manager": "home-manager",
"keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
"mastodon-fork": "mastodon-fork", "mastodon-fork": "mastodon-fork",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixos-flake": "nixos-flake", "nixos-flake": "nixos-flake",
@ -250,11 +314,41 @@
"unstable": "unstable" "unstable": "unstable"
} }
}, },
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"terranix": { "terranix": {
"inputs": { "inputs": {
"bats-assert": "bats-assert", "bats-assert": "bats-assert",
"bats-support": "bats-support", "bats-support": "bats-support",
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],

View file

@ -24,6 +24,9 @@
agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.nixpkgs.follows = "nixpkgs";
agenix.inputs.darwin.follows = "nix-darwin"; agenix.inputs.darwin.follows = "nix-darwin";
agenix.inputs.home-manager.follows = "home-manager"; agenix.inputs.home-manager.follows = "home-manager";
keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main";
keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs@{ self, terranix, ... }: outputs = inputs@{ self, terranix, ... }:

View file

@ -0,0 +1,48 @@
{
flake,
config,
lib,
pkgs,
...
}: {
age.secrets.keycloak-database-password = {
file = "${flake.self}/secrets/keycloak-database-password.age";
mode = "700";
#owner = "keycloak";
};
services.nginx.virtualHosts."auth.pub.solar" = {
enableACME = true;
forceSSL = true;
locations = {
"= /" = {
extraConfig = ''
return 302 /realms/pub.solar/account;
'';
};
"/" = {
extraConfig = ''
proxy_pass http://localhost:8080;
'';
};
};
};
# keycloak
services.keycloak = {
enable = true;
database.passwordFile = config.age.secrets.keycloak-database-password.path;
settings = {
hostname = "auth.pub.solar";
http-host = "127.0.0.1";
http-port = 8080;
proxy = "edge";
features = "declarative-user-profile";
};
themes = {
"pub.solar" = flake.inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
};
};
}

View file

@ -10,6 +10,7 @@
./nix.nix ./nix.nix
./apps/nginx.nix ./apps/nginx.nix
./apps/keycloak.nix
./apps/nginx-mastodon.nix ./apps/nginx-mastodon.nix
./apps/nginx-mastodon-files.nix ./apps/nginx-mastodon-files.nix
./apps/nginx-website.nix ./apps/nginx-website.nix

View file

@ -0,0 +1,28 @@
age-encryption.org/v1
-> ssh-ed25519 iDKjwg xPHRh2XZ454Vu8Bki4KhJkJnm2gSBXvUXoSfVUGEf1o
R4JxbF+81Enio+Kxg47js5DBFGXpfurYrwQm+NucSl4
-> ssh-ed25519 uYcDNw ccOstb41qo9sLYNVmSqZofatPaGu3WQ07e3GiQHHv2s
CSLL/6MJ7T6RKCPS43mI4qENXdKHZ+l8lNkThnL+0aA
-> ssh-rsa kFDS0A
WPdWUnSbcW0XlG69avmb7zZRBjlvUaspohLJA7mAEnB+4/Te/m96TMDka5HAagqj
aHD5Sta4hJWvLqk47A6BvRb7UAcY5UaeZE9wPLCkywqrjwHdP2U6yHO8eWCyRhOG
E6iGIslokw4JCrTdmpe7Lf/pJwlPnkQUMh699R0VDBWAbaSomuCvHw4pHLoC548B
eFSMf40XbOEnpyYKWhZCDYCMljW67QpZg7e1liCY2UY04Bhb1JvRB116lSXcrJtM
hqTyk/nPAMB88wjAABHpmK6nh+18FusH9KFTZnKrJHd/kxpxYESm8hltGm4GP9By
pd1bF16pEcQzJ3+kaEcWl10YYqJ4GuILAxZ5FPPPOlTyJZfo2CBNMXfKwNTS7Ks9
UkWvr+CI8Htj0BRoLqLXcExFRJWUmRxND0suKqUEcmGumBr5kFu/V+z+6DZ0aPck
50AO2Rbuog64p22DJ/s8B7AQwNFAzMGBblgRC5aNntB2OV++elAn+mdvLPjjoR8Q
zZz55rNhZaI6dl67RtrmXYZOn1V6+550ekS+n0ZxmhUdQMsEOwKJgiW6nYw/nv/2
JkxBhsY81XXLtUBW2MRb45BlctkSSTuLl7/ssmyKG6nfLXZv5xexi+jZp698WEKg
YsrHX8d5ECxmzHg0eUJ5753d8YuRgkgigUOBHho1/68
-> ssh-ed25519 YFSOsg Gak4h6r+RQhOOwKDrCZlbTRH6Bn+hGpnzDJ88c/LTE8
7fVZaeJEvl2CwoiigenL7MDthEx4K2W7w/dFfQfDo9k
-> ssh-ed25519 iHV63A 0fCHyaYaNW8wBMscEBjlzAPU/+BxCcs3lXmikLzmkyQ
yenFiGtXvNBpJzo1AasIsZaFgUErSfa1FG6ddk1CMcY
-> ssh-ed25519 BVsyTA z0IJ2RwEMD/OULwA3d0Cu22NxTzVtipSpnIdGyD+N2M
O3We2lCnanCIb49CUEdAkde8oEMprDdIOpf5CTuBN8M
-> zUyM-grease wD~@=bx; }g peF2/D[e DAu"<=rB
--- ZjX5sIPRv/FnsH8a8fiZ0oD5lR/gVeweGEm5nsvmeak
<EFBFBD><EFBFBD>p<><70><EFBFBD>"<11><><EFBFBD>RbG<62>?A<><Z<>y<EFBFBD>B<EFBFBD><42>
*-AL|<7C><><13><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>I<EFBFBD>トウ<EFBE84><EFBDB3><EFBFBD><EFBDAC><EFBFBD><EFBFBD><EFBE84><EFBFBD>メウ<EFBE92><EFBDB3><EFBFBD><EFBFBD><EFBFBD>ヲヲ<EFBDA6><EFBFBD><EFBDBB><EFBFBD><EFBE9B><EFBFBD>ツァ」<EFBDA7><EFBDA3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBDBE><EFBFBD>ュヨ<EFBDAD><EFBE96>

View file

@ -32,4 +32,6 @@ in {
"mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ baseKeys; "mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ baseKeys;
"mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; "mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
"keycloak-database-password.age".publicKeys = nachtigallKeys ++ baseKeys;
} }