From 913bab2fbfd45c5eaf0d31accc0b24c01fc46263 Mon Sep 17 00:00:00 2001 From: Jade Date: Thu, 27 Apr 2023 01:48:20 +0200 Subject: [PATCH] afkjdlsjdlkfajlk keycloak --- flake.nix | 3 ++- modules/base-stuff.nix | 1 + modules/containers/default.nix | 3 +-- modules/containers/postgres.nix | 32 -------------------------------- modules/keycloak.nix | 11 ++++++++++- modules/postgres.nix | 6 ++++++ modules/proxy.nix | 29 ++++++++++++++++------------- 7 files changed, 36 insertions(+), 49 deletions(-) delete mode 100644 modules/containers/postgres.nix create mode 100644 modules/postgres.nix diff --git a/flake.nix b/flake.nix index 53ec584..7f81e1e 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,8 @@ imports = [ ./modules/base-stuff.nix ./modules/proxy.nix - ./modules/jitsi.nix + ./modules/postgres.nix + #./modules/jitsi.nix ./modules/containers ./modules/keycloak.nix ]; diff --git a/modules/base-stuff.nix b/modules/base-stuff.nix index 46a7c49..6e441a8 100644 --- a/modules/base-stuff.nix +++ b/modules/base-stuff.nix @@ -2,6 +2,7 @@ { networking.hostName = "katzen-cafe"; + networking.networkmanager.enable = true; networking.firewall = { allowedTCPPorts = [ 22 80 443 ]; }; diff --git a/modules/containers/default.nix b/modules/containers/default.nix index 0f678c6..5d86e87 100644 --- a/modules/containers/default.nix +++ b/modules/containers/default.nix @@ -1,7 +1,6 @@ { pkgs, ... }: { imports = [ - ./postgres.nix - ./phtanumb-wiki.nix + #./phtanumb-wiki.nix ]; } diff --git a/modules/containers/postgres.nix b/modules/containers/postgres.nix deleted file mode 100644 index 50c9324..0000000 --- a/modules/containers/postgres.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, ... }: -{ - containers.postgres = { - autoStart = true; - localAddress = "127.0.0.1"; - bindMounts = { - "/var/lib/postgresql" = { - hostPath = "/postgres"; - isReadOnly = false; - }; - }; - config = { config, pkgs, ... }: { - - services.postgresql = { - enable = true; - ensureUsers = [ - { - name = "keycloak"; - ensurePermissions = { - "DATABASE \"nextcloud\"" = "ALL PRIVILEGES"; - }; - } - ]; - ensureDatabases = [ - "keycloak" - ]; - }; - - system.stateVersion = "22.11"; - }; - }; -} diff --git a/modules/keycloak.nix b/modules/keycloak.nix index 6a64867..adf1120 100644 --- a/modules/keycloak.nix +++ b/modules/keycloak.nix @@ -7,10 +7,19 @@ http-port = 8097; proxy = "edge"; hostname = "auth.katzen.cafe"; + hostname-strict-backchannel = true; }; database = { - createLocally = false; + type = "postgresql"; + createLocally = true; + + username = "keycloak"; + passwordFile = "/run/keys/keycloakDbPw"; }; }; + deployment.keys."keycloakDbPw" = { + keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ]; + destDir = "/run/keys/"; + }; } diff --git a/modules/postgres.nix b/modules/postgres.nix new file mode 100644 index 0000000..8fdb97f --- /dev/null +++ b/modules/postgres.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + services.postgresql = { + enable = true; + }; +} diff --git a/modules/proxy.nix b/modules/proxy.nix index 87135da..5767c2c 100644 --- a/modules/proxy.nix +++ b/modules/proxy.nix @@ -4,15 +4,18 @@ acceptTerms = true; defaults = { email = "jade@schrottkatze.de"; - server = "https://acme-staging-v02.api.letsencrypt.org/directory"; webroot = "/var/lib/acme/acme-challenge"; }; certs = { - "meet.katzen.cafe" = { - group = "nginx"; - keyType = "rsa4096"; - }; - "wiki.phtanum-b.katzen.cafe" = { + #"meet.katzen.cafe" = { + #group = "nginx"; + #keyType = "rsa4096"; + #}; + #"wiki.phtanum-b.katzen.cafe" = { + #group = "nginx"; + #keyType = "rsa4096"; + #}; + "auth.katzen.cafe" = { group = "nginx"; keyType = "rsa4096"; }; @@ -21,13 +24,13 @@ services.nginx = { enable = true; virtualHosts = { - "wiki.phtanum-b.katzen.cafe" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8080"; - }; - }; + #"wiki.phtanum-b.katzen.cafe" = { + #forceSSL = true; + #enableACME = true; + #locations."/" = { + #proxyPass = "http://127.0.0.1:8080"; + #}; + #}; "auth.katzen.cafe" = { forceSSL = true; enableACME = true;