001_momo_koeln: Install caddy and keycloak #214
26
hosts/host_001_momo_koeln/caddy.nix
Normal file
26
hosts/host_001_momo_koeln/caddy.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
# Changing the Caddyfile should only trigger a reload, not a restart
|
||||||
|
systemd.services.caddy.reloadTriggers = [
|
||||||
|
config.services.caddy.configFile
|
||||||
|
];
|
||||||
|
|
||||||
|
services.caddy = {
|
||||||
|
enable = true;
|
||||||
|
email = "wg-tooling@list.momo.koeln";
|
||||||
|
virtualHosts = {
|
||||||
|
"auth.momo.koeln" = {
|
||||||
|
logFormat = ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
reverse_proxy :8080
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [80 443];
|
||||||
|
}
|
|
@ -5,6 +5,9 @@
|
||||||
[
|
[
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|
||||||
|
./caddy.nix
|
||||||
|
./keycloak.nix
|
||||||
|
|||||||
];
|
];
|
||||||
|
|
||||||
pub-solar.core.lite = true;
|
pub-solar.core.lite = true;
|
||||||
|
|
25
hosts/host_001_momo_koeln/keycloak.nix
Normal file
25
hosts/host_001_momo_koeln/keycloak.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
age.secrets.keycloak-database-password = {
|
||||||
|
file = "${self}/secrets/keycloak-database-password.age";
|
||||||
|
mode = "700";
|
||||||
|
};
|
||||||
|
|
||||||
|
# keycloak
|
||||||
|
services.keycloak = {
|
||||||
|
enable = true;
|
||||||
|
database.passwordFile = config.age.secrets.keycloak-database-password.path;
|
||||||
|
settings = {
|
||||||
|
hostname = "auth.momo.koeln";
|
||||||
|
http-host = "127.0.0.1";
|
||||||
|
http-port = 8080;
|
||||||
|
proxy = "edge";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
BIN
secrets/keycloak-database-password.age
Normal file
BIN
secrets/keycloak-database-password.age
Normal file
Binary file not shown.
|
@ -1,8 +1,21 @@
|
||||||
let
|
let
|
||||||
# set ssh public keys here for your system and user
|
# set ssh public keys here for your system and user
|
||||||
system = "";
|
host_001_momo_koeln = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7XTCHfX6ta8EtkdOcZLnpdhMmXDfTebVMs4NC8JEPj root@nixos";
|
||||||
user = "";
|
axeman = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU @axeman";
|
||||||
allKeys = [system user];
|
b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw==";
|
||||||
|
teutat3s-dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
|
||||||
|
hensoko_nitrokey_1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135";
|
||||||
|
hensoko_harrison = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb hensoko@harrison";
|
||||||
|
hensoko_norman = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work";
|
||||||
|
allKeys = [
|
||||||
|
axeman
|
||||||
|
b12f-bbcom
|
||||||
|
hensoko_nitrokey_1
|
||||||
|
hensoko_harrison
|
||||||
|
hensoko_norman
|
||||||
|
host_001_momo_koeln
|
||||||
|
teutat3s-dumpyourvms
|
||||||
|
];
|
||||||
in {
|
in {
|
||||||
"secret.age".publicKeys = allKeys;
|
"keycloak-database-password.age".publicKeys = allKeys;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue
Typo:
./keycloak.nix