gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(keycloak): add, broken

Browse source
This commit is contained in:
Kat Inskip 2024-03-13 15:21:08 -07:00
parent e63304937d
commit 7ff72a29ab
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
6 changed files with 223 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

25
nixos/keycloak.nix Normal file
View file

@ -0,0 +1,25 @@
{config, ...}: {
sops.secrets = let
commonSecret = {
sopsFile = ./secrets/keycloak.yaml;
owner = "keycloak";
};
in {
keycloak_db_password = commonSecret;
};
services.keycloak = {
enable = true;
database = {
host = "postgresql.local.${config.networking.domain}";
passwordFile = config.sops.secrets.keycloak_db_password.path;
createLocally = false;
};
settings = {
hostname = "sso.gensokyo.zone";
proxy = "edge";
};
};
}

102
nixos/secrets/keycloak.yaml Normal file
View file

@ -0,0 +1,102 @@
keycloak_db_password: ENC[AES256_GCM,data:NXYdwfMVzTTJukul3/g4LmddTQwAEBkSNHtMBElNIzE=,iv:MOTA4B7DH/WVVRVTTSGmLnYvqXXtZ7NkvgewJdsIzNs=,tag:XwVWTUU/IXuymSMr7r9ZuA==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3YjhmK0s5dGwzNklSL240
aDBJejRSbStMSmR2WUhRY3VWR1czNGZhTGdnCnNMQnFnY1BQSXVBeUxRUHpYZ040
Q0xRd1lWNURhbXkyeC93aGhtdFpNQkEKLS0tIFpKQ0VDZUVpQVZ2SGh5aG1HQmY2
NkJKMWx5UW9XcEdCS1VWMHVjOUN3UHMKPGiOa99tAp9cL+lxPwxz3M8fQXEw+pBi
5t6eSA8l+m23M0A6Vo5YVANuCr1+eqiTIlTOUN4eAlnPml0DQAafoQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTdE9IZXRacEo1UDFTVU9I
Vk9Lekd2dzNQSVJEdGJ1N3ByZ1R5Y1dOS2prCkNsbUJaUXNhaXhnM0h2RjdrV21Z
aHdkdUNyY2dpREZ5cFd2eC81RlA4VWMKLS0tIHdHT3NlU0R0VVpCVUZESE42b0lG
bVExOHVnUVpYV3NEdjB3b2wvc3BiR00KyuIiR1dt/sQQBzBJgDj0+4KX9iRL2T/g
8sO62nqhJF15/Db9zfY+vxMfhUNIDpZZI0n5cwUaXmW33bfuNk8QmQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKd1VDYW1QWHZ4MVI0aUpN
NVh0MTk4TzRGZzNsa096NFRXYXdFQzBURHdBCng4d1dsaFBWbml6djFsbEtTVkRI
enlLa01aTFE1MUNuMlVwMFllakVqc2sKLS0tIDFDSldKQ05TR2lUbVJtQTd1Q055
Vnltak1STTh3dXhkdTdTTE9zWGlhakUK3tJvWGVu5oJNMkFK/jx9lVNu46Kcl/RO
3MYsDowGsSP3v5A1HSnezyXCK1aH35H/8LpIdgBCBkygiW9yekRiIA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvYmhKQnpFTHdqNTBRcVkz
OEVVOU9VbFNzK011NXhza2pQNjg4WWVFTlc4Cnc0b3E5TmJmSkVpY0hWR255SGs4
SjVWZFBTUEY2WlR4N2VNRXRncEcrNzgKLS0tIGhuVlBha1pRZUc0UkZmUlVybjd6
OFFqVU1UNytZRDFjQlZINkdmSW5UOWsKL+FNUPVTkYoacYlphA69dcI7GY2wjau6
1RwM/TaKbRr1SGHShAVLumOfYUfafq9POXaFWe9TXKRdODb94E5szA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZWxzWkwrMkpXTDVBVXd0
bWN4NWVhdHFoaWp1SDF0eXRZWnNBMlEvQnhVCjQwbE4yblovSW1jR1NJMUI5cDRk
Y3N3WWV3RnJFUk5lREF3enhvNDNLaG8KLS0tICtzMWFyeW91b0duMStMcUptOUEy
OS9vazcwc1AxcFRKcVVxb2ZyQmtNZ3cKD25yeHHtUS5bkgdyakr/EwC7jynoQO98
sggQFnKDoP3RtyH7D5NRKvlEr3keqGwabrJSakNjgR5+goZxOP/NDQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjc3F4NDJUSk03bXo1RkZG
TWs5WVJBL1JoNjhtOWoxNzAwLzl0Sk9RaEJ3CkE5WWZJNE42aHJQaEgvWnQ1Qm9x
bXpDM1hMbG9XbFJuNGxRVjBwNWtEVnMKLS0tIGJuVmxnR2x5YUFQWEpoY2YyNjA1
Mjk4WDJtKzNZSERXY1BQa29EN3ZXZzQKY9oVaH3r3bKN5XPa2+7nRwXawqKJ764r
445sPSy+qJ8259hEbPsB2JmsLnGMX5FznTV2jLDgLmnAoINO5Z4Jeg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-13T22:02:55Z"
mac: ENC[AES256_GCM,data:q1h4LUioWwInrLw5bc3GyYxdAbiUgtm/mBE+rcdSSw+XOEPq5lrhJjlXFzS3CxsTxphhbNpYJZEsgiEI6uJ25mvW1s0jqCACvIyW6KcitME63m7WEctUWzJCFghY5xRIpnUg0Z6l6H+g1lZNfNCgbiHSXYbp1UvlFkA8gd+kWvI=,iv:clSMHC+h/BebuEtbaciqOUrSVKjkY8tIuhwRr9kvXwU=,tag:Mre6I4gH1NBkFvIUfArLYg==,type:str]
pgp:
- created_at: "2024-03-13T21:57:29Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ/+LmF+Uwy+i4i6EYoPAOqsoEnRre2aww4GafP6hDqU1o+f
XI45/GGsP8RZqpo8GuGDQnJaUHxxZQnpkoQzVSzg648GptuvTpCqcneR9ucVKgtt
rIWi6YaR9ju/kSRN1woxQkerE5C/OfRUMdgC1pAkULzQBd5j9/3zaY3BJX+UpfZ/
EFTCmlG33xBGo60WuB1L0wRCaQvJ908pp7AsKnZ/czI+mmn/FeqT0W3e/cJ8RDIc
nfVfXIsmjbfxedpSMzkZu0YqFj2TDEyS+b8Bw7MIojb6xLHT6cvX8rk3WSSswXwM
/fdiHI2DWicIiuDdFotqAR2saBKHULq+lf81G97V64fzR4SfcWLQEtUMQAr3A1qX
TM18MvRgBAdp4LbJ6llve53hosqKTu7DSmoIneTROrygE92JQeIV8o3Qhykb5Z09
4nm3m0x78wTWyhwHFBBt+Gy6oXfjC3IzMQdT+3yconqBkP5UFFqEljt2KQ8zIQwZ
7GkujP8NfOikThmPnnG5oDQ6O9uoKiS6zzL8SYgOb39aR9akmTKzGBeTtydD53dq
3vgb59xiLzeUfBy/bY2F+CJ4J1nICPeKa91J7UmtlCTASwK2FUes3HvdozXUCcQm
QBCh/u99lW4uD8AO8TUtag5OSh3mTE+qmkMAOkiHxQQkntwcBYFzsDoYMOKNZqXS
XAFgRThoOhK8z5BxH8Xvn34PcgUvRv17a3HGwI/5+TOgV048AV7P1I42pzeuFjBd
fd7/ybp6M3+/FXCin27s3XGV5mBFEwxYSeCjLSYvWpNCKsjAWihFFnUAytU4
=LsWx
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
- created_at: "2024-03-13T21:57:29Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA2W9MER3HLb7AQgA3GJSAxJZvZf7ymoszCEW13Pmx+Y0tfiaV2IyCN2b3GFl
dRplZHAx8eudQva558YJeDpepDIVAsfLzrUXjQznKiJo11svg5+SI0ZVVGl8qj/r
vGgvqYpnoFSQw+GI7H22dclbfWlLY18JZ8vYU1y9Kf0fxNqTQa9ubbeX05k1+t0N
Bfle8SQdaZzHg0qUSU8E6UxRatJ1MuDvhFgjeOFGuZvogQXDZ5tN6itl+zBIc4CO
dQSZ7PRu7sniNn5kngGWOad9FB51vOn/O0DXOX6n3smg4FdMETj7RHPuI88hpe/a
Uws5ekbgskMhMyKXvWMsnZkQEmdKPpFxNtpsmCzxTtJcAYI5yxjfbrobgs+BZNbH
G41v+UDfi/9p8rdg1UZFN49wLZ3t7zTg3J1uxgUu+eVn31NWcKHkTQJZAHfHGKLX
JNDtiPGdz9SV0VmN+dnV03gKjC3KovnT4rG6vpo=
=kp1X
-----END PGP MESSAGE-----
fp: 65BD3044771CB6FB
unencrypted_suffix: _unencrypted
version: 3.8.1