networkException/katzen-cafe
1
0
Fork 0
forked from katzen-cafe/katzen-cafe
Code Pull requests Activity

afkjdlsjdlkfajlk keycloak

Browse source
This commit is contained in:
Schrottkatze 2023-04-27 01:48:20 +02:00
parent bce60dc872
commit 913bab2fbf
7 changed files with 36 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
flake.nix
View file

@ -26,7 +26,8 @@
imports = [ imports = [
./modules/base-stuff.nix ./modules/base-stuff.nix
./modules/proxy.nix ./modules/proxy.nix
./modules/jitsi.nix ./modules/postgres.nix
#./modules/jitsi.nix
./modules/containers ./modules/containers
./modules/keycloak.nix ./modules/keycloak.nix
]; ];

1
modules/base-stuff.nix
View file

@ -2,6 +2,7 @@
{ {
networking.hostName = "katzen-cafe"; networking.hostName = "katzen-cafe";
networking.networkmanager.enable = true;
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 22 80 443 ]; allowedTCPPorts = [ 22 80 443 ];
}; };

3
modules/containers/default.nix
View file

@ -1,7 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = [ imports = [
./postgres.nix #./phtanumb-wiki.nix
./phtanumb-wiki.nix
]; ];
} }

32
modules/containers/postgres.nix
View file

@ -1,32 +0,0 @@
{ pkgs, ... }:
{
containers.postgres = {
autoStart = true;
localAddress = "127.0.0.1";
bindMounts = {
"/var/lib/postgresql" = {
hostPath = "/postgres";
isReadOnly = false;
};
};
config = { config, pkgs, ... }: {
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "keycloak";
ensurePermissions = {
"DATABASE \"nextcloud\"" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [
"keycloak"
];
};
system.stateVersion = "22.11";
};
};
}

11
modules/keycloak.nix
View file

@ -7,10 +7,19 @@
http-port = 8097; http-port = 8097;
proxy = "edge"; proxy = "edge";
hostname = "auth.katzen.cafe"; hostname = "auth.katzen.cafe";
hostname-strict-backchannel = true;
}; };
database = { database = {
createLocally = false; type = "postgresql";
createLocally = true;
username = "keycloak";
passwordFile = "/run/keys/keycloakDbPw";
}; };
}; };
deployment.keys."keycloakDbPw" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ];
destDir = "/run/keys/";
};
} }

6
modules/postgres.nix Normal file
View file

@ -0,0 +1,6 @@
{ pkgs, ... }:
{
services.postgresql = {
enable = true;
};
}

29
modules/proxy.nix
View file

@ -4,15 +4,18 @@
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
email = "jade@schrottkatze.de"; email = "jade@schrottkatze.de";
server = "https://acme-staging-v02.api.letsencrypt.org/directory";
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenge";
}; };
certs = { certs = {
"meet.katzen.cafe" = { #"meet.katzen.cafe" = {
group = "nginx"; #group = "nginx";
keyType = "rsa4096"; #keyType = "rsa4096";
}; #};
"wiki.phtanum-b.katzen.cafe" = { #"wiki.phtanum-b.katzen.cafe" = {
#group = "nginx";
#keyType = "rsa4096";
#};
"auth.katzen.cafe" = {
group = "nginx"; group = "nginx";
keyType = "rsa4096"; keyType = "rsa4096";
}; };
@ -21,13 +24,13 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"wiki.phtanum-b.katzen.cafe" = { #"wiki.phtanum-b.katzen.cafe" = {
forceSSL = true; #forceSSL = true;
enableACME = true; #enableACME = true;
locations."/" = { #locations."/" = {
proxyPass = "http://127.0.0.1:8080"; #proxyPass = "http://127.0.0.1:8080";
}; #};
}; #};
"auth.katzen.cafe" = { "auth.katzen.cafe" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;