bekkalokk: setup keycloak
This commit is contained in:
parent
0e75e0a5b9
commit
dcbe6871da
|
@ -5,6 +5,8 @@
|
||||||
|
|
||||||
../../base.nix
|
../../base.nix
|
||||||
|
|
||||||
|
./services/keycloak.nix
|
||||||
|
|
||||||
# TODO: set up authentication for the following:
|
# TODO: set up authentication for the following:
|
||||||
# ./services/website/website.nix
|
# ./services/website/website.nix
|
||||||
# ./services/website/nginx.nix
|
# ./services/website/nginx.nix
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
{ pkgs, config, values, ... }:
|
||||||
|
{
|
||||||
|
sops.secrets."keys/postgres/keycloak" = {
|
||||||
|
owner = "keycloak";
|
||||||
|
group = "keycloak";
|
||||||
|
restartUnits = [ "keycloak.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.keycloak = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
hostname = "auth.pvv.ntnu.no";
|
||||||
|
# hostname-strict-backchannel = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
database = {
|
||||||
|
host = values.hosts.bicep.ipv4;
|
||||||
|
createLocally = false;
|
||||||
|
passwordFile = config.sops.secrets."keys/postgres/keycloak".path;
|
||||||
|
caCert = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -6,6 +6,7 @@ keys:
|
||||||
postgres:
|
postgres:
|
||||||
gitea: ENC[AES256_GCM,data:lG4P8kzp7Zq94WftN7p1RJqM65esPuTFZ2JJWkFFXTzlid2DRZPsG2FGIA==,iv:JvHQUgwwb7wJTNMxjLjOUw5sKKWlyMJafVaUOLUu9Sk=,tag:qE0+gDFU/YtghqCv/d2Qgw==,type:str]
|
gitea: ENC[AES256_GCM,data:lG4P8kzp7Zq94WftN7p1RJqM65esPuTFZ2JJWkFFXTzlid2DRZPsG2FGIA==,iv:JvHQUgwwb7wJTNMxjLjOUw5sKKWlyMJafVaUOLUu9Sk=,tag:qE0+gDFU/YtghqCv/d2Qgw==,type:str]
|
||||||
mediawiki: ENC[AES256_GCM,data:p+s/uQ3ywQY9RpImFWTxjt1orzl905i9kTQPzsAIs6hAK5t3B00XVzKZgQ==,iv:xp3PRrjCGFxCsRZOlJGIonBOKWJ+3/1CByc4q7O3vDw=,tag:bfKlU2Pcoq0cQjbhp+UXag==,type:str]
|
mediawiki: ENC[AES256_GCM,data:p+s/uQ3ywQY9RpImFWTxjt1orzl905i9kTQPzsAIs6hAK5t3B00XVzKZgQ==,iv:xp3PRrjCGFxCsRZOlJGIonBOKWJ+3/1CByc4q7O3vDw=,tag:bfKlU2Pcoq0cQjbhp+UXag==,type:str]
|
||||||
|
keycloak: ENC[AES256_GCM,data:A3cbJTfP97yT35ov/yuWaD+b3wD2I8H+2GkW1ONp3YiNEsmKFjROx2rpwA==,iv:kMbuPtvy/49soEH9jxdY/X0BFDoiK7EyZ56xMkwjMUg=,tag:Ttp8BbJqfPWaeH5iaOwcQQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -39,8 +40,8 @@ sops:
|
||||||
RHN4RDJWWGV2ZDJzVUo1VVorNzhlMGMKCwdWOZOnibpbB5mZSCBGhj+yUZvk/vuK
|
RHN4RDJWWGV2ZDJzVUo1VVorNzhlMGMKCwdWOZOnibpbB5mZSCBGhj+yUZvk/vuK
|
||||||
hsiDo74vmsmNZ/zmN6cw60hNwhZ4NgtfXcKG8Axe+1rPUwEcrvWHIQ==
|
hsiDo74vmsmNZ/zmN6cw60hNwhZ4NgtfXcKG8Axe+1rPUwEcrvWHIQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-01-28T23:33:14Z"
|
lastmodified: "2023-05-06T21:36:22Z"
|
||||||
mac: ENC[AES256_GCM,data:c7YytaXdAPQmCiZHH2cojJqcZna2ilGXzpnkgxgYUOSQ0n3tryOK45uVp2JDN9OJ9gS5QsLf62AlqidE0wkYYuRC6HZnwhmlMuoY3kl2sr0/Y4kJqGeODRlZoGzUIOahHkphK1Y5GBs8GW6OYk46U54wi9+BF062pYxuOCoPwD4=,iv:ZLueZpRdaD/7uvmimDUELCAtM3e9169vmoXcHz4OKfQ=,tag:Ya8tMbUBhuypXJeZ8GQmWA==,type:str]
|
mac: ENC[AES256_GCM,data:F9XujlDa5o0N07UfA4QTjApiJQyaT/l6jVSmekwx8exLWGKfMIVs3KKt8ZIT8MmmCg1+GPYHV1MzC+OCImj1q0uYDkqG/Of5KAKYrizz2GwmVa8pSyV/b+tFdBNKxlVjH+YWwxkMltCoZNzaYJDALAfUv07Xp8mnKaXdkS7SQBQ=,iv:LAmhmXDui8gkYKjL8gk9HPRFlcKAviQ9g9prp7yDptQ=,tag:GNffyDqt+mm3umUtnTU9hw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-01-28T23:37:44Z"
|
- created_at: "2023-01-28T23:37:44Z"
|
||||||
enc: |
|
enc: |
|
Loading…
Reference in New Issue