hosts/host_001_momo_koeln/caddy.nix

@@ -0,0 +1,26 @@
+{
+  config,
+  ...
+}: {
+  # Changing the Caddyfile should only trigger a reload, not a restart
+  systemd.services.caddy.reloadTriggers = [
+    config.services.caddy.configFile
+  ];
+
+  services.caddy = {
+    enable = true;
+    email = "wg-tooling@list.momo.koeln";
+    virtualHosts = {
+      "auth.momo.koeln" = {
+        logFormat = ''
+          output discard
+        '';
+        extraConfig = ''
+          reverse_proxy :8080
+        '';
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [80 443];
+}

hosts/host_001_momo_koeln/configuration.nix

@@ -5,6 +5,9 @@
     [
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
+
+      ./caddy.nix
+      ./keycloak.nix
     ];
 
   pub-solar.core.lite = true;

hosts/host_001_momo_koeln/keycloak.nix

@@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  self,
+  ...
+}: {
+  age.secrets.keycloak-database-password = {
+    file = "${self}/secrets/keycloak-database-password.age";
+    mode = "700";
+  };
+
+  # keycloak
+  services.keycloak = {
+    enable = true;
+    database.passwordFile = config.age.secrets.keycloak-database-password.path;
+    settings = {
+      hostname = "auth.momo.koeln";
+      http-host = "127.0.0.1";
+      http-port = 8080;
+      proxy = "edge";
+    };
+  };
+}

secrets/secrets.nix

@@ -1,8 +1,21 @@
 let
   # set ssh public keys here for your system and user
-  system = "";
+  host_001_momo_koeln = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7XTCHfX6ta8EtkdOcZLnpdhMmXDfTebVMs4NC8JEPj root@nixos";
-  user = "";
+  axeman = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU @axeman";
-  allKeys = [system user];
+  b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw==";
+  teutat3s-dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
+  hensoko_nitrokey_1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135";
+  hensoko_harrison = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb hensoko@harrison";
+  hensoko_norman = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work";
+  allKeys = [
+    axeman
+    b12f-bbcom
+    hensoko_nitrokey_1
+    hensoko_harrison
+    hensoko_norman
+    host_001_momo_koeln
+    teutat3s-dumpyourvms
+  ];
 in {
-  "secret.age".publicKeys = allKeys;
+  "keycloak-database-password.age".publicKeys = allKeys;
 }