diff options
| -rw-r--r-- | system/secrets/default.nix | 6 | ||||
| -rw-r--r-- | system/secrets/keycloak/passwd.age | 17 | ||||
| -rw-r--r-- | system/secrets/secrets.nix | 1 | ||||
| -rw-r--r-- | system/services/default.nix | 1 | ||||
| -rw-r--r-- | system/services/keycloak/default.nix | 45 |
5 files changed, 0 insertions, 70 deletions
diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 624f530..66b3865 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -1,12 +1,6 @@ {...}: { age = { secrets = { - keycloak = { - file = ./keycloak/passwd.age; - mode = "700"; - owner = "root"; - group = "root"; - }; matrix-synapse_registration_shared_secret = { file = ./matrix-synapse/passwd.age; mode = "700"; diff --git a/system/secrets/keycloak/passwd.age b/system/secrets/keycloak/passwd.age deleted file mode 100644 index b5c36cd..0000000 --- a/system/secrets/keycloak/passwd.age +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGeFZ2Uk10Z1lrNUV6SWtu -UFZLVFR2dWJsMnNZTkE0Q3loa1c0c3ZwTjJvCjhHcm9XVk1jWENYNG5VNVV2RlZp -SVZROEFrU2tNV1dDYmNOdmEzanoyd2sKLT4gWDI1NTE5IHFOTEhFUUtGOWMzWjVO -MGs2a0tsYlZSZGI3NXdBRktKNDgxdzRmQTI1emsKeVJzbHJhR3h5NDVwM2pqcFFW -UzROY2toa0ZBL1p2elRmeHdUTFNhRm91bwotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -NG42WHBrcVh0cjJYKzMwR3FkTHN0VTZUY0xyZVQvMjR3azdtZ0V4M0dpRQpxSzlj -anVRVndxdWhaQldZeHJ0WVFCNzZJMHFnaG5KRDRQa003enoyME1FCi0+ICZ2LjlB -SS1ncmVhc2Ugfj51dWUyIG5XOExyNmR2IFNVdmkKK3QwSmRRCi0tLSBqb3FPRWtV -dUdLcWV4R1VnOGZmNGxBY0dVbTRZN094V0dIeWpZTWp1V1QwCpu/WQunSMxbtxwz -uiFrDcdAa3H3+2gIFHmktFbHZX9XNC2ri99G7nqQ9SoBvnpRFhhAiw0LSWnq2lqr -rMQeug/z0sooWO6R2H17aLHXwxz82Spm7eUlc3nMz243U0SChz7OnPDgHBgLztqJ -3zOMub3inn83jR7Pg+GjEuI26tqZUp6107CKzvBWI8ePsa7MW19UdmEVplewxrDq -fjNsmid3+NNJ0LjC3gGUppHtTJW9ikTvaDMtS5Ysn94JoS6xRzVgE2LBswGBiQBJ -ZDV+9het3ijDyljk3pjPRDKoWPEctT/cWLczEMK5vHqVt3pr/IAWqJTfXVkebP6Q -6QdZrUKl/xxKmApVRx9K0wQAhfwlKKTHpW3hFFNivZtSg0hSaF4= ------END AGE ENCRYPTED FILE----- diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index e5dc418..25b5ed2 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -10,7 +10,6 @@ let server1 ]; in { - "keycloak/passwd.age".publicKeys = allSecrets; "matrix-synapse/passwd.age".publicKeys = allSecrets; "invidious/hmac.age".publicKeys = allSecrets; "invidious/settings.age".publicKeys = allSecrets; diff --git a/system/services/default.nix b/system/services/default.nix index f44165b..0c60f41 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -4,7 +4,6 @@ ./fail2ban ./invidious ./invidious-router - ./keycloak ./libreddit ./mail ./mastodon diff --git a/system/services/keycloak/default.nix b/system/services/keycloak/default.nix deleted file mode 100644 index 5f21b90..0000000 --- a/system/services/keycloak/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{config, ...}: { - services.nginx = { - enable = true; - - # enable recommended settings - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - - virtualHosts = { - "auth.vhack.eu" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}/"; - }; - }; - }; - }; - }; - - services.postgresql.enable = true; - - services.keycloak = { - enable = true; - - database = { - type = "postgresql"; - createLocally = true; - - username = "keycloak"; - passwordFile = "${config.age.secrets.keycloak.path}"; - }; - - settings = { - hostname = "auth.vhack.eu"; - http-relative-path = "/"; - http-port = 38080; - proxy = "passthrough"; - http-enabled = true; - }; - }; -} |