jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

keycloak #1

Merged
jawz merged 29 commits from keycloak into main 2025-12-25 18:54:49 -06:00
Conversation 0 Commits 29 Files Changed 14 +8 -2
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit b5a5d42910 - Show all commits

5
modules/servers/oauth2-proxy.nix
View File

@@ -14,6 +14,10 @@ in
sopsFile = ../../secrets/env.yaml; sopsFile = ../../secrets/env.yaml;
restartUnits = [ "oauth2-proxy.service" ]; restartUnits = [ "oauth2-proxy.service" ];
}; };
sops.secrets.oauth2-proxy-cookie = {
sopsFile = ../../secrets/secrets.yaml;
restartUnits = [ "oauth2-proxy.service" ];
};
services.oauth2-proxy = { services.oauth2-proxy = {
inherit (cfg) enable; inherit (cfg) enable;
provider = "keycloak-oidc"; provider = "keycloak-oidc";
@@ -29,6 +33,7 @@ in
expire = "168h"; expire = "168h";
refresh = "1h"; refresh = "1h";
domain = ".lebubu.org"; domain = ".lebubu.org";
secret = config.sops.secrets.oauth2-proxy-cookie.path;
}; };
extraConfig = { extraConfig = {
skip-auth-route = [ "^/ping$" ]; skip-auth-route = [ "^/ping$" ];

5
secrets/secrets.yaml
View File

@@ -15,6 +15,7 @@ unpackerr:
sonarr-api: ENC[AES256_GCM,data:74/aSs7Q2tcDh9hPGm88h2hIneOcJ+P9HaCqoeuL6FQ=,iv:1AOpCii7ED1EyOFNCzvgRp5tR2ic1U6oRi7yg0hUcLk=,tag:k1miUivDQPxRgBWhXi9f+w==,type:str] sonarr-api: ENC[AES256_GCM,data:74/aSs7Q2tcDh9hPGm88h2hIneOcJ+P9HaCqoeuL6FQ=,iv:1AOpCii7ED1EyOFNCzvgRp5tR2ic1U6oRi7yg0hUcLk=,tag:k1miUivDQPxRgBWhXi9f+w==,type:str]
radarr-api: ENC[AES256_GCM,data:bZiJNk/ewREIBss+z4daVwL1UyI4rt8GxVmC/bpTNvc=,iv:li2kMzOgdWtLLr4l244P082Z0jwDB2aEC6iRYt3o/HY=,tag:mi9SY/pT2qTIzR/ngp8bGg==,type:str] radarr-api: ENC[AES256_GCM,data:bZiJNk/ewREIBss+z4daVwL1UyI4rt8GxVmC/bpTNvc=,iv:li2kMzOgdWtLLr4l244P082Z0jwDB2aEC6iRYt3o/HY=,tag:mi9SY/pT2qTIzR/ngp8bGg==,type:str]
postgres-password: ENC[AES256_GCM,data:V0g4T1cLUFnTN94zZZR83/KVJFUDGEWVEn6nyijnver4QCELUFkNr99s9g==,iv:1ymHA0JaVC2/aHdg4TmJmuKOG8JGZRRvynrgQIGdTss=,tag:xsCVpc+HBaNeswYvzo0PaA==,type:str] postgres-password: ENC[AES256_GCM,data:V0g4T1cLUFnTN94zZZR83/KVJFUDGEWVEn6nyijnver4QCELUFkNr99s9g==,iv:1ymHA0JaVC2/aHdg4TmJmuKOG8JGZRRvynrgQIGdTss=,tag:xsCVpc+HBaNeswYvzo0PaA==,type:str]
oauth2-proxy-cookie: ENC[AES256_GCM,data:eWEgnIGcdq1aRXWokmVO9DDb+t2oAxNCwFeyOUITzHQ=,iv:x5CROKQ5arUMESWQsroC15xbtMA6/HvnArhBiGwAx6k=,tag:U5yYk1ztExZsou7gVvA8Og==,type:str]
sops: sops:
age: age:
- recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37 - recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
@@ -53,7 +54,7 @@ sops:
RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM
QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw== QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-10T08:27:18Z" lastmodified: "2025-12-10T10:25:19Z"
mac: ENC[AES256_GCM,data:Q9mdmt8HI+yzOu3IiEbxtZ7jg/2+6EHtHyRAJndrlwKCbTM59Nqza3YJ5+EpOrQw+ydYhiG2gXZ8qU/f70s0XdDUlpo/EgOkYoLDCgqFQ8TQu7R7Fwjv9Lw27IomGyCtTouWLfIQC1lZV1I1Df61P8HiPzUmV3pEr87o7qD0f/w=,iv:Cst3qxD65ijqmB+ftLNdpRGmRjSjqW7MrSskd33Ght8=,tag:+zgclBJw/PYTQYzPMAFQUA==,type:str] mac: ENC[AES256_GCM,data:nltQOPjhpJ0+xPBpA8SZOxbV9HeahxS7xG6I+sdYHhNxPsjYnpyTlIf281NdnRaefcGbtcsXDBo3sDeiOjL6zfknQ88nMEyR0tFNXAjb0K1aPAtDfwoZR69hftWafJi9RWNCEFg0W3L/CSLPCB57Xqr3NSKtDeftCBcJ1kYpXmQ=,iv:loSoBoLIId6TNxh5PHrmYO9tVaF/HIJpE4U7fMphqCQ=,tag:WWZ3Fq5dB3eRK4jhKWUGNg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0