Update forgejo package used to non-lts

camelot: add keycloak
2024-12-10 22:46:45 +01:00 · 2024-12-10 22:12:56 +01:00
7 changed files with 73 additions and 5 deletions
--- a/configurations/camelot/default.nix
+++ b/configurations/camelot/default.nix
@ -46,10 +46,16 @@
      owner = config.users.users.gotosocial.name;
      group = config.users.users.gotosocial.group;
    };
+
+    keycloakDbPassword.file = ../../secrets/keycloak-db.age;
  };

  my.server.blog.enable = true;
  my.server.papermc.enable = true;
+  my.server.sso = {
+    enable = true;
+    dbPasswordFile = config.age.secrets.keycloakDbPassword.path;
+  };

  my.users = {
    dala = {
--- a/configurations/camelot/forgejo.nix
+++ b/configurations/camelot/forgejo.nix
@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
  forgejoUrl = "git.dalaran.fr";
  forgejoPort = config.services.forgejo.settings.server.HTTP_PORT;
@ -19,6 +19,7 @@ in

  services.forgejo = {
    enable = true;
+    package = pkgs.forgejo;

    database = {
      type = "postgres";
--- a/flake.lock
+++ b/flake.lock
@ -79,11 +79,11 @@
    },
    "extra-config": {
      "locked": {
-        "lastModified": 1733060531,
-        "narHash": "sha256-lUPSW3t46rJQThatY2nP/JoKZ9SSfeaIGfBh8srh4MU=",
+        "lastModified": 1733857702,
+        "narHash": "sha256-Bo8w+Pi7tS5z3yAuaTkW9+Eh7+0YiSV+HuCAf2m2w1I=",
        "ref": "refs/heads/main",
-        "rev": "58022348c9436d1e0aa611a67b1efd1f092cab2a",
-        "revCount": 8,
+        "rev": "f6fed9c40dbea65d6aa80b53fc3c1be62c1d8ac2",
+        "revCount": 9,
        "type": "git",
        "url": "ssh://forgejo@git.dalaran.fr/dala/nixos-config-extra.git"
      },
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@ -5,5 +5,6 @@
    ./nginx.nix
    ./blog.nix
    ./minecraft.nix
+    ./keycloak.nix
  ];
 }
--- a/modules/server/keycloak.nix
+++ b/modules/server/keycloak.nix
@ -0,0 +1,51 @@
+{
+  lib,
+  config,
+  extraInfo,
+  ...
+}:
+let
+  cfg = config.my.server.sso;
+in
+with lib;
+{
+  options = {
+    my.server.sso = {
+      enable = mkEnableOption "SSO using Keycloak";
+      dbPasswordFile = mkOption {
+        type = types.str;
+        description = "Path to the file containing the database password";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.keycloak = {
+      enable = true;
+      database = {
+        type = "postgresql";
+        createLocally = true;
+
+        passwordFile = cfg.dbPasswordFile;
+      };
+
+      settings = {
+        hostname = "https://${extraInfo.keycloakURI}";
+        hostname-admin-url = "https://${extraInfo.keycloakURI}";
+        http-port = 8081;
+        proxy-headers = "forwarded";
+        http-enabled = true;
+      };
+    };
+
+    services.nginx.virtualHosts.${extraInfo.keycloakURI} = mkIf config.services.nginx.enable {
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/" = {
+        recommendedProxySettings = true;
+        proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}";
+      };
+    };
+  };
+}
--- a/secrets/keycloak-db.age
+++ b/secrets/keycloak-db.age
@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 1urzmQ Kh6LceNk07sV7+nLKOZbVpMQfBmqmzLRwNgjfxvYaB0
+J7M/Z3Vh7LGDBfMk4HiCycJ0dDth0/0LA3WKBg0/USs
+--- //E0cCHqAOwKYfKjm0lq73LQexIn+pxL14kyj/p3P1k
+öÛMŽpñÃ«ˆˆå<0C>{½n„]Æ-Õø¨lxšRWK¾)öeŸ1\_(tÆœ(½5w§A¹¹ñ
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -21,6 +21,10 @@ in
    camelot
  ];

+  "keycloak-db.age".publicKeys = [
+    camelot
+  ];
+
  "okeanos-wg0.age".publicKeys = [
    okeanos
  ];
Author	SHA1	Message	Date
Victor Mignot	95e1866e0f	Update forgejo package used to non-lts	2024-12-10 22:46:45 +01:00
Victor Mignot	c7e4e6b4a0	camelot: add keycloak	2024-12-10 22:12:56 +01:00