diff options
| author | Soispha <soispha@vhack.eu> | 2023-07-08 15:36:32 +0200 |
|---|---|---|
| committer | Soispha <soispha@vhack.eu> | 2023-07-08 16:01:58 +0200 |
| commit | 265eb9d228935f7b3b5c8ba6a583489b9f74f8b2 (patch) | |
| tree | 5c073e5aaf64b606fb085bfda12656c14a63d9fb | |
| parent | Feat(flake): Add agenix module (diff) | |
| download | nixos-server-265eb9d228935f7b3b5c8ba6a583489b9f74f8b2.tar.gz nixos-server-265eb9d228935f7b3b5c8ba6a583489b9f74f8b2.zip | |
Fix(system/services/keycloak): Use agenix to store passwd
| -rw-r--r-- | system/secrets/default.nix | 6 | ||||
| -rw-r--r-- | system/secrets/keycloak/passwd.tix | 16 | ||||
| -rw-r--r-- | system/secrets/secrets.nix | 5 | ||||
| -rw-r--r-- | system/services/keycloak/default.nix | 2 |
4 files changed, 28 insertions, 1 deletions
diff --git a/system/secrets/default.nix b/system/secrets/default.nix index da21482..ac42c1c 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -1,6 +1,12 @@ {...}: { age = { secrets = { + keycloak = { + file = ./keycloak/passwd.tix; + mode = "700"; + owner = "root"; + group = "root"; + }; }; }; } diff --git a/system/secrets/keycloak/passwd.tix b/system/secrets/keycloak/passwd.tix new file mode 100644 index 0000000..bbd85fe --- /dev/null +++ b/system/secrets/keycloak/passwd.tix @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZG9GTVE1aGdGYm5mcGUz +Zng0bkNsR1I3WTY4R3ZEUU5aeWUveWprZmtRCkhkM01YeExLQXU0aFNsYjdyaWU5 +dUl2cG44UzErTmZvREFjT0YzWVdVOEkKLT4gc3NoLWVkMjU1MTkgSlEwdllBIEtl +Zy9CV0xGeUY4Znc2cVB3aXZZU1lKNnJGMWp5bWhkcUd1OU5VMmMyVzAKZ1BYQS9w +Y3lWUmFESWo2b2JwRllaL1h5UnR5QUs3KzFIeUZkT0VJd2NlMAotPiBzJFVhMC1n +cmVhc2UgIQoyUW5kWnlkWXgrL0grTFZseStLT2JXejB6Zll3L0cvR25JdzZHM1dw +dDA3WldTb3VFNXpJaGtMNkJqQlg1d3BLCjRWazRuWCtBaUEKLS0tIHNoQ0VuMnhN +WHR1RHBBSGUxbDdiZVMxZHJDRWVYTnkzdzJIVFFxaEJMQUUKHdLLruclUkvEmmUS +GLwdVG5Lw4tubF41ws7ZPgGJFdZcKOdaj47tBDhzt/l6MwFSYg+4sdRdut3WQrdV +4yDWFbPUtjps8eYkke9DZolH8mszdO92h0Vj4FyOhZNkjo/XXG1mLry+NgTI35O8 +Nh41DWL/8n8PhI9vIalcsixowS2Tq6iIGidg36KCOza/jtL5iB85Ro95hqdiAoS4 +irYV/CAtetKKmeN4Y3v0w4P9bEXxPYh+CwBn6YMp0M97BEzBXCbxrUKyCeuH5hpF +N1uSU6MimtyOyLaN/9I8O5FYtOse2RU1uuh7Pt9zOUB0fcsF85GWxx2p2QZg+hEc +8p2aayR8MHmxIpchjI9VQchcGZ9Qez54PAuq3whXsTy/MpBgkw== +-----END AGE ENCRYPTED FILE----- diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index a6e6c73..cc51718 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -4,6 +4,11 @@ let server1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO208EumnJ4kROzrOU3H1xPQQGHuqKP6KuRt/ofhUsoX"; in { + "keycloak/passwd.tix".publicKeys = [ + soispha + #sils + server1 + ]; } # vim: ts=2 diff --git a/system/services/keycloak/default.nix b/system/services/keycloak/default.nix index dfeabc3..5f21b90 100644 --- a/system/services/keycloak/default.nix +++ b/system/services/keycloak/default.nix @@ -31,7 +31,7 @@ createLocally = true; username = "keycloak"; - passwordFile = "/srv/keycloak/password"; + passwordFile = "${config.age.secrets.keycloak.path}"; }; settings = { |