bekkalokk: setup keycloak
This commit is contained in:
parent
0e75e0a5b9
commit
dcbe6871da
@ -5,6 +5,8 @@
|
||||
|
||||
../../base.nix
|
||||
|
||||
./services/keycloak.nix
|
||||
|
||||
# TODO: set up authentication for the following:
|
||||
# ./services/website/website.nix
|
||||
# ./services/website/nginx.nix
|
||||
|
24
hosts/bekkalokk/services/keycloak.nix
Normal file
24
hosts/bekkalokk/services/keycloak.nix
Normal file
@ -0,0 +1,24 @@
|
||||
{ pkgs, config, values, ... }:
|
||||
{
|
||||
sops.secrets."keys/postgres/keycloak" = {
|
||||
owner = "keycloak";
|
||||
group = "keycloak";
|
||||
restartUnits = [ "keycloak.service" ];
|
||||
};
|
||||
|
||||
services.keycloak = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
hostname = "auth.pvv.ntnu.no";
|
||||
# hostname-strict-backchannel = true;
|
||||
};
|
||||
|
||||
database = {
|
||||
host = values.hosts.bicep.ipv4;
|
||||
createLocally = false;
|
||||
passwordFile = config.sops.secrets."keys/postgres/keycloak".path;
|
||||
caCert = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
};
|
||||
};
|
||||
}
|
@ -6,6 +6,7 @@ keys:
|
||||
postgres:
|
||||
gitea: ENC[AES256_GCM,data:lG4P8kzp7Zq94WftN7p1RJqM65esPuTFZ2JJWkFFXTzlid2DRZPsG2FGIA==,iv:JvHQUgwwb7wJTNMxjLjOUw5sKKWlyMJafVaUOLUu9Sk=,tag:qE0+gDFU/YtghqCv/d2Qgw==,type:str]
|
||||
mediawiki: ENC[AES256_GCM,data:p+s/uQ3ywQY9RpImFWTxjt1orzl905i9kTQPzsAIs6hAK5t3B00XVzKZgQ==,iv:xp3PRrjCGFxCsRZOlJGIonBOKWJ+3/1CByc4q7O3vDw=,tag:bfKlU2Pcoq0cQjbhp+UXag==,type:str]
|
||||
keycloak: ENC[AES256_GCM,data:A3cbJTfP97yT35ov/yuWaD+b3wD2I8H+2GkW1ONp3YiNEsmKFjROx2rpwA==,iv:kMbuPtvy/49soEH9jxdY/X0BFDoiK7EyZ56xMkwjMUg=,tag:Ttp8BbJqfPWaeH5iaOwcQQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -39,8 +40,8 @@ sops:
|
||||
RHN4RDJWWGV2ZDJzVUo1VVorNzhlMGMKCwdWOZOnibpbB5mZSCBGhj+yUZvk/vuK
|
||||
hsiDo74vmsmNZ/zmN6cw60hNwhZ4NgtfXcKG8Axe+1rPUwEcrvWHIQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-28T23:33:14Z"
|
||||
mac: ENC[AES256_GCM,data:c7YytaXdAPQmCiZHH2cojJqcZna2ilGXzpnkgxgYUOSQ0n3tryOK45uVp2JDN9OJ9gS5QsLf62AlqidE0wkYYuRC6HZnwhmlMuoY3kl2sr0/Y4kJqGeODRlZoGzUIOahHkphK1Y5GBs8GW6OYk46U54wi9+BF062pYxuOCoPwD4=,iv:ZLueZpRdaD/7uvmimDUELCAtM3e9169vmoXcHz4OKfQ=,tag:Ya8tMbUBhuypXJeZ8GQmWA==,type:str]
|
||||
lastmodified: "2023-05-06T21:36:22Z"
|
||||
mac: ENC[AES256_GCM,data:F9XujlDa5o0N07UfA4QTjApiJQyaT/l6jVSmekwx8exLWGKfMIVs3KKt8ZIT8MmmCg1+GPYHV1MzC+OCImj1q0uYDkqG/Of5KAKYrizz2GwmVa8pSyV/b+tFdBNKxlVjH+YWwxkMltCoZNzaYJDALAfUv07Xp8mnKaXdkS7SQBQ=,iv:LAmhmXDui8gkYKjL8gk9HPRFlcKAviQ9g9prp7yDptQ=,tag:GNffyDqt+mm3umUtnTU9hw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-01-28T23:37:44Z"
|
||||
enc: |
|
Loading…
Reference in New Issue
Block a user