Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-25 21:30:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

deploy keycloak on core-security

Browse source
This commit is contained in:
Julien Malka 2023-05-21 18:11:38 +02:00
parent ffff5e8a2b
commit dcd58e5fac
Signed by: Luj
GPG key ID: 6FC74C847011FD83
2 changed files with 75 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
machines/core-security/default.nix
View file

@ -116,6 +116,37 @@ VfXtULncAiEA2gmqdr+ugFz5tvPdKwanroTiMTUMhhCRYVlQlyTApyQ=
environmentFile = "/var/lib/vaultwarden.env";
};
services.keycloak = {
enable = true;
database.createLocally = true;
database.passwordFile = "/run/secrets/keycloak";
settings = {
hostname = "auth.julienmalka.me";
http-port = 8080;
hostname-strict-backchannel = true;
proxy = "edge";
};
};
services.nginx.virtualHosts."auth.julienmalka.me" = {
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
extraConfig = ''
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
'';
};
};
sops.secrets.keycloak = {
owner = "root";
sopsFile = ../../secrets/keycloak-db;
format = "binary";
};
system.stateVersion = "22.11"; # Did you read the comment?
}

44
secrets/keycloak-db Normal file
View file

@ -0,0 +1,44 @@
{
"data": "ENC[AES256_GCM,data:D7ucMFiqPY/VAEVUN3qXrEXsmg/jvEwOOryupgEfbT3+hQy3QL26Hdg8fQ4u5Tgww+xGk5CpQVi6AWz1hg==,iv:IlR1+Bx/sdnc0gRrtqtMp9UOtAi4hQLQo6fBM4bZerQ=,tag:GFux9xmAfum3n35WXOJMeQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1caua5n9k045x2vmh4ymau8yvxtmjk7fq83jtky5rlyy2a6f44ucsjwgevq",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLb3AzWnpVb1U3UnR6MlUv\namdCd3JxMjRhYmt2MTZXa0tFRGU5RWZUdHpFCnRORjd5b2dNTElUei9DOXFoUWU3\nanpIU3RjakxKQXNLT1ZBcGZUYnFaRlUKLS0tIEF4RlVJYUtObjIrd2dleHhLSldr\ncGRnSFBTNms5WWEwSDhkSmtLelAvYkkKZL/qJjDeIEmkJjEiyHZJ7kcjzRHx9zkU\nN4jeJdxNfMH7DZnmmzMEiKqjaQTtWEPCyhTp1ufliMkpQCrjSyBmjA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFYVJvcFAyQVFQVWZ2Zmhr\nS2I1Ri9mQU5xdTVRQzJldGFkRVBiWUU2TEJVCnpCOVdNY2s0R2lDZUQ2aW1HdUd3\nVmV4VDY0dzQ4d3ZpSURmTnlOaHErak0KLS0tIE50SlBtdnhVUDBDaDJCK0l0OVFv\nTTFsYkhQMUtWUlJlUjk2eWdUVE40djQKT+JAC9gViCYRrZ+4EBmGdyKwu/cr5KHq\nmYzigIdSmKdWj5+7kLQQ2ncXZkv/49iyCyKnSgLwPS+BK6d0DSEG7g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m6efmv7zr9kks4h3w2su74sda5keshghwtw57mzn4sl7kvr7j5sqhs7mdc",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1SlU5cnF5VW5ZQi9wdURL\ndmVnUk9HSWdqTTl2VmJGbFpoWERZSDIzK0ZnCmhkSU5GMDlqa0xJRnp2NWZyZUM3\ncXBiN0Q1WlhsVExZaE0zdWRCaXUvWTQKLS0tIHB6dnRnOWR4Rm9EMTlQREJSdnl2\nY2EvWUJrNTJqZWs3VnAvU0orS2RTNXcKH5M7q6s4q8tyJcnxhadm4v8a9twqFlm5\n/lNKuzacL0qSwqMm3ScSzeB1DpNVp0uiPODbBU/J1wwjHWsKT/lolA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qlwzeg37fwwn2l6fm3quvkn787nn0m89xrjtrhgf9uedtfv2kqlqnec976",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbXdERkt1dG5Ua2E5K1VH\neTJGemNyU1djNllML1hqaSsxREVZdjRFT1RJCmpKeExBWncwdEIyamtWMVZ3ZGNn\ndjRVTFM5RXRwTWZEUFJUaVVoSnNEancKLS0tIHJoaHQ4SjR3OXZqb2pWT0ZaaTZs\nempxdGJnL1ZZam5PelZqZnJvYkpKUFkK91trdmOCiMWTMSKHMl8YstSIpQBjg1By\nCqF/xb6nACSEe+lwrtCIPV2VrEKnhnqBOgXhD1EH4/fTd0SSU2mK2g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1z5n73rq83mjt6xsmanvgylks5gpmawhqfcz6dtwkc5cu0rlje5js4zzy9s",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxRzlGUE9xVGU3UU9pdTk3\nbm5tK2V5Y1NIQUVmREw1NXBLd0JpTmJ2NUNJCnYyOUFmWE1MdENhV0pTaGIzcC9J\nTHVUek1JZFpvWmVnMFYvWC95UUNVazQKLS0tIDZkajB5Sm5hQ3E3d2Viem5oQ1Ft\naHNlSTFKVXdFUjlzb1IxY3N4MitJUXcKMhbvBGKXTGsNGKklEJ9AV4fypbPolr47\nx+zCCGVnIQIfPeIX7kWazXB+wVcXIsl509mb+pjoMzLivDXXH9ACIQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10d49ptrmad2n7rke6helvmmm86gf06gj9gtfxsh334f3hfr0eewqqa2a7w",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQTFd6OE1FZ1RyOVZaTDl6\nM3N5NXQxQStzNHQya2VUNkJCVnBLeHZ2N3lVCmtPWGxqd3JweXFwbU11V1Y3TEFF\nNXJVQkEzb1VXYmRERUtqdU5ZWm5INmMKLS0tIE8rWG9mbyswL0dMZXN4UkhLbkJQ\nY1NIN20xUWJsRkFZWS8xVG5DSnF1Z3MKZCNerScPXhY090T3+WKhVjgOL5seD4T2\nGvXujHdX7LssPIbjSONKMI4TJpBuYl568ewuYwSnNUD7LYllpUPm7w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qedjtr4llnmue2r08ec64mtkl8hpkdsn5mpfh26l3pngmxdm2ymq2tfh80",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwOERLUlJ1WDkyejFJanYx\nZk0ydGViOWNjSG5iRXJuRkdyK0tUc3VldlhNClRiSHBEa1V4R0NxdnNQQncyeS95\nZE5yTDVMRHh3aDZFYlJOWE5Ua0I5NGcKLS0tIE1nM2FGTDM4clB2c284TXFoU3Q4\nZm5tendmQnQ5eUE1dmZQQTdxWE9rOGcK6sGsMZdpcqMGSposf1cyL7vCflnd/XbW\npk3k2FYMLTY991cFTJk6adw/LbSllYACtD/SfPdvbrdL/B1u1D3JOA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-05-21T13:40:47Z",
"mac": "ENC[AES256_GCM,data:mkkEdn9aT1UJzhLNTcnpxs3rYKd/1krZV+2O6LaWzIn8xOvNo9omKWRpMFgCwQX78f4aWfwJn5LlrPSV/Lgq4WjAm0WnMDS5MH/s3SLS87QlCjCYqhTh8hY4+HNFr/Ef68+rf0rW8w9z4RkS+ZrWuFRYp6WPZrwmSZlhCwrDbhw=,iv:fgR+RUye1K8E79ghfL7LPlc/hdXmmbjJE7BmstBpvXI=,tag:VWHXsILgvch2fbYJwROA0A==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}