fuckwit/nix-config
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

much stuff

Browse Source
This commit is contained in:
fuckwit
2024-03-25 21:25:44 +01:00
parent 053958a2ac
commit e711e0cbc0
7 changed files with 729 additions and 230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
nixos/primordial/configuration.nix
View File

@@ -11,6 +11,7 @@
in {
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets."gitea.env" = {};
sops.secrets."keycloak_db_pw" = {};
imports = [
./mail.nix
@@ -73,6 +74,7 @@ in {
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all all trust
host all all 127.0.0.1/32 md5
'';
};
@@ -181,6 +183,16 @@ in {
};
};
virtualHosts."sso.fuckwit.dev" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8004";
proxyWebsockets = true;
};
};
# virtualHosts."drone.fuckwit.dev" = {
# enableACME = true;
# addSSL = true;
@@ -235,6 +247,23 @@ in {
};
};
keycloak = {
enable = true;
database = {
type = "postgresql";
createLocally = true;
passwordFile = config.sops.secrets."keycloak_db_pw".path;
};
settings = {
hostname = "sso.fuckwit.dev";
http-host = "127.0.0.1";
http-port = 8004;
proxy = "edge";
};
};
# drone-server = {
# enable = true;
# config = {

5
nixos/primordial/secrets.yaml
View File

@@ -1,4 +1,5 @@
gitea.env: ENC[AES256_GCM,data:wkSPzLQtL3vGNIjG+jG6I3+R7wLBBdXeaCHbKxMbpVOldo8zrPLu8HdoryneRro58d7D9Cao9x+n5SvYNfGwHPgDJG8saXTeyEffIWIKNC+5+8fjiWwIkAvstckmZjSLitVxcwhifs49jmZgW/xQBPEPiAHzVkjeueV7p/Jm9WgyD2ycPrKUvNEYJ6DWZqQq9r10Y/KsRZsvRzF2cp6YeX7YGjW7E2wuQz9yy8gOFHxmoJxAc4zM7XaKZWKtow1UPCjTtxiY7qRkWK7KQt21Xf3FCsU=,iv:qQv7hbqh3Kl6sE/XW37D9AbYt4gLJw5BnfbbLIkzOd4=,tag:g6Cecvdb67W01HvIULNzsQ==,type:str]
keycloak_db_pw: ENC[AES256_GCM,data:1oBqzpFokAmjkT770YKYwzCllaGTprtDR9W4B/+V6ZUXPhJ1R9DNWZHqpQ==,iv:dK36GBiDj12HVjUkZqTVk/rR6s1sf6dmQTk1ZJQwi+I=,tag:6Ix9QSf+A0U82sG0z8wSmw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -14,8 +15,8 @@ sops:
V1h2NGxyNVc3WnF2ZFBpQm1oK1AzeGcK4GoD2E8nwOl/WKtgMgs0Y1Q8abRX4mpy
GdHGDQUWvySCisJo4JXsooYkLjOyKvir+vcVbX4nDd4L1W2OMULkrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-25T11:12:39Z"
mac: ENC[AES256_GCM,data:pMO0zLANiwXfcKaZT8lrQ6Wcy+CgmNW755hOdHTM6jREKJOoEC9QmrrsSA3dCAwAXR89TImY5IxrM929d8DD3zbBLnSU42ivuZqkWtgm4/sWjUvW4R9kUKZXiTwe2YhaNlsyLJN7JOMPEU4eaj2a3V6PecQ2IaJJmnww+Et2RNg=,iv:8+Y7k4GUMHZGLctHpWOaNj6ibPy1hyf36ckncnZbIlo=,tag:JUyJrYwXuvT9SncdlKfbBw==,type:str]
lastmodified: "2024-03-25T19:17:29Z"
mac: ENC[AES256_GCM,data:Qnou0/umwMX2XD7gDF6SceFI5tLjOO30OVhFSXhxc2yuFj/gB0R1bPplLm5j/wmxfRQDvvm2zLgGFMqt+8i4Z+6OYgbuwFcv4FR2E001aWVj1zh+F8pRZVTxqnsvegoKWQwoXkhZe5S/fjX9N09SMYhBkjLUh9fboGXajEpDws8=,iv:hTQgeyli/MPaUVxJSzhDK+ssxv78w7hRBtQ1pnZGASg=,tag:HDKQ2duHMYvGa74Vp0fIjw==,type:str]
pgp:
- created_at: "2024-01-25T11:10:44Z"
enc: |-