From c7968c0080e54c39505ab352c886456c6b5cdf1e Mon Sep 17 00:00:00 2001 From: Victor Date: Fri, 23 Sep 2022 11:17:57 +0200 Subject: [PATCH] setup keycloak --- nixos/hosts/olympus/default.nix | 2 +- .../hosts/olympus/keycloak/configuration.nix | 29 +++++++++++++++++-- nixos/hosts/olympus/nginx/configuration.nix | 5 ++-- 3 files changed, 29 insertions(+), 7 deletions(-) diff --git a/nixos/hosts/olympus/default.nix b/nixos/hosts/olympus/default.nix index 863d898..636647a 100644 --- a/nixos/hosts/olympus/default.nix +++ b/nixos/hosts/olympus/default.nix @@ -147,7 +147,7 @@ { hostname = "keycloak"; ip = "10.42.42.29"; - mac = ""; + mac = "A6:09:1D:A8:81:28"; } { hostname = "nuc"; diff --git a/nixos/hosts/olympus/keycloak/configuration.nix b/nixos/hosts/olympus/keycloak/configuration.nix index e660f64..d1ad626 100644 --- a/nixos/hosts/olympus/keycloak/configuration.nix +++ b/nixos/hosts/olympus/keycloak/configuration.nix @@ -2,8 +2,8 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: - +{ config, pkgs, lib, ... }: +let vs = config.vault-secrets.secrets; in { imports = [ ]; @@ -18,5 +18,28 @@ # Additional packages environment.systemPackages = with pkgs; [ ]; - networking.firewall.allowedTCPPorts = [ ]; + networking.firewall.allowedTCPPorts = [ + config.services.keycloak.settings.http-port + ]; + + environment.noXlibs = lib.mkForce false; + + vault-secrets.secrets.keycloak = { }; + + # If loadCredential doesn't work: + # https://github.com/NixOS/nixpkgs/issues/157449#issuecomment-1208501368 + services.keycloak = { + enable = true; + database = { + type = "postgresql"; + host = "localhost"; + createLocally = true; + passwordFile = "${vs.keycloak}/databasePassword"; + }; + settings = { + hostname = "id.0x76.dev"; + proxy = "edge"; + hostname-strict-backchannel = true; + }; + }; } diff --git a/nixos/hosts/olympus/nginx/configuration.nix b/nixos/hosts/olympus/nginx/configuration.nix index 38246ce..25a45d9 100644 --- a/nixos/hosts/olympus/nginx/configuration.nix +++ b/nixos/hosts/olympus/nginx/configuration.nix @@ -51,13 +51,13 @@ in # 0x76.dev virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/"; - virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/"; + # virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/"; virtualHosts."md.0x76.dev" = proxy "http://hedgedoc.olympus:3000/"; virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000"; virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000"; virtualHosts."grafana.0x76.dev" = proxy "http://victoriametrics.olympus:2342"; virtualHosts."outline.0x76.dev" = proxy "http://outline.olympus:3000"; - # virtualHosts."mail.0x76.dev" = proxy "http://mailserver.olympus:80"; + virtualHosts."id.0x76.dev" = proxy "http://keycloak.olympus:80"; # Redshifts virtualHosts."andreea.redshifts.xyz" = proxy "http://zmeura.olympus:8008"; @@ -104,7 +104,6 @@ in # Kubernetes endpoints virtualHosts."0x76.dev" = k8s_proxy; virtualHosts."drone.0x76.dev" = k8s_proxy; - virtualHosts."id.0x76.dev" = k8s_proxy; virtualHosts."msg.0x76.dev" = k8s_proxy; virtualHosts."zookeeper.0x76.dev" = k8s_proxy; virtualHosts."wooloofan.club" = k8s_proxy;