From 73480026b00685bc178acb00b55d917c67caad3f Mon Sep 17 00:00:00 2001 From: sils Date: Tue, 6 Jun 2023 13:45:03 +0200 Subject: Feat(system/file_system_layout): Add bindmount for postgresql --- system/file_system_layouts/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/system/file_system_layouts/default.nix b/system/file_system_layouts/default.nix index 31b0b0b..4cd9ff1 100644 --- a/system/file_system_layouts/default.nix +++ b/system/file_system_layouts/default.nix @@ -44,6 +44,10 @@ in { device = "/srv/acme"; options = ["bind"]; }; + "/var/lib/postgresql" = { + device = "/srv/postgresql"; + options = ["bind"]; + }; }; }; } -- cgit 1.4.1 From 97baac0506a80db98de37a0f5c22560fcfea4e50 Mon Sep 17 00:00:00 2001 From: sils Date: Tue, 6 Jun 2023 13:46:21 +0200 Subject: Feat(system/services/keycloak): Add keycloak --- system/services/keycloak/default.nix | 45 ++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 system/services/keycloak/default.nix diff --git a/system/services/keycloak/default.nix b/system/services/keycloak/default.nix new file mode 100644 index 0000000..837233e --- /dev/null +++ b/system/services/keycloak/default.nix @@ -0,0 +1,45 @@ +{config, ...}: { + services.nginx = { + enable = true; + + # enable recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + + virtualHosts = { + "auth.vhack.eu" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}/"; + }; + }; + }; + }; + }; + + services.postgresql.enable = true; + + services.keycloak = { + enable = true; + + database = { + type = "postgresql"; + createLocally = true; + + username = "keycloak"; + passwordFile = builtins.readFile /srv/password; + }; + + settings = { + hostname = "auth.vhack.eu"; + http-relative-path = "/"; + http-port = 38080; + proxy = "passthrough"; + http-enabled = true; + }; + }; +} -- cgit 1.4.1 From 425415780d4169dc9f23a575977de7e9d66f3f74 Mon Sep 17 00:00:00 2001 From: sils Date: Tue, 6 Jun 2023 13:47:27 +0200 Subject: Feat(system/services): Enable keycloak --- system/services/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/system/services/default.nix b/system/services/default.nix index d80bdab..99b8fb6 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -2,6 +2,7 @@ imports = [ ./acme # ./firewall + ./keycloak #./minecraft ./nginx ./nix -- cgit 1.4.1 From 816e85bb0db52f972fbcd2bfb7a00adc4862caf9 Mon Sep 17 00:00:00 2001 From: sils Date: Tue, 6 Jun 2023 13:49:50 +0200 Subject: Fix(system/services/keycloak): Change value of 'passwordFile' to path --- system/services/keycloak/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/services/keycloak/default.nix b/system/services/keycloak/default.nix index 837233e..6b161fa 100644 --- a/system/services/keycloak/default.nix +++ b/system/services/keycloak/default.nix @@ -31,7 +31,7 @@ createLocally = true; username = "keycloak"; - passwordFile = builtins.readFile /srv/password; + passwordFile = "/srv/password"; }; settings = { -- cgit 1.4.1 From 85c28d5d5350300083e328311cf60e9fee299c77 Mon Sep 17 00:00:00 2001 From: sils Date: Tue, 6 Jun 2023 13:59:58 +0200 Subject: Fix(system/services/keycloak): Correct path to passwordfile --- system/services/keycloak/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/services/keycloak/default.nix b/system/services/keycloak/default.nix index 6b161fa..dfeabc3 100644 --- a/system/services/keycloak/default.nix +++ b/system/services/keycloak/default.nix @@ -31,7 +31,7 @@ createLocally = true; username = "keycloak"; - passwordFile = "/srv/password"; + passwordFile = "/srv/keycloak/password"; }; settings = { -- cgit 1.4.1