afkjdlsjdlkfajlk keycloak

This commit is contained in:
Schrottkatze 2023-04-27 01:48:20 +02:00
parent bce60dc872
commit 913bab2fbf
7 changed files with 36 additions and 49 deletions

View file

@ -26,7 +26,8 @@
imports = [
./modules/base-stuff.nix
./modules/proxy.nix
./modules/jitsi.nix
./modules/postgres.nix
#./modules/jitsi.nix
./modules/containers
./modules/keycloak.nix
];

View file

@ -2,6 +2,7 @@
{
networking.hostName = "katzen-cafe";
networking.networkmanager.enable = true;
networking.firewall = {
allowedTCPPorts = [ 22 80 443 ];
};

View file

@ -1,7 +1,6 @@
{ pkgs, ... }:
{
imports = [
./postgres.nix
./phtanumb-wiki.nix
#./phtanumb-wiki.nix
];
}

View file

@ -1,32 +0,0 @@
{ pkgs, ... }:
{
containers.postgres = {
autoStart = true;
localAddress = "127.0.0.1";
bindMounts = {
"/var/lib/postgresql" = {
hostPath = "/postgres";
isReadOnly = false;
};
};
config = { config, pkgs, ... }: {
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "keycloak";
ensurePermissions = {
"DATABASE \"nextcloud\"" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [
"keycloak"
];
};
system.stateVersion = "22.11";
};
};
}

View file

@ -7,10 +7,19 @@
http-port = 8097;
proxy = "edge";
hostname = "auth.katzen.cafe";
hostname-strict-backchannel = true;
};
database = {
createLocally = false;
type = "postgresql";
createLocally = true;
username = "keycloak";
passwordFile = "/run/keys/keycloakDbPw";
};
};
deployment.keys."keycloakDbPw" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ];
destDir = "/run/keys/";
};
}

6
modules/postgres.nix Normal file
View file

@ -0,0 +1,6 @@
{ pkgs, ... }:
{
services.postgresql = {
enable = true;
};
}

View file

@ -4,15 +4,18 @@
acceptTerms = true;
defaults = {
email = "jade@schrottkatze.de";
server = "https://acme-staging-v02.api.letsencrypt.org/directory";
webroot = "/var/lib/acme/acme-challenge";
};
certs = {
"meet.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
};
"wiki.phtanum-b.katzen.cafe" = {
#"meet.katzen.cafe" = {
#group = "nginx";
#keyType = "rsa4096";
#};
#"wiki.phtanum-b.katzen.cafe" = {
#group = "nginx";
#keyType = "rsa4096";
#};
"auth.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
};
@ -21,13 +24,13 @@
services.nginx = {
enable = true;
virtualHosts = {
"wiki.phtanum-b.katzen.cafe" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
};
};
#"wiki.phtanum-b.katzen.cafe" = {
#forceSSL = true;
#enableACME = true;
#locations."/" = {
#proxyPass = "http://127.0.0.1:8080";
#};
#};
"auth.katzen.cafe" = {
forceSSL = true;
enableACME = true;