Compare commits

...

2 Commits

4 changed files with 33 additions and 5 deletions

View File

@ -2,7 +2,6 @@
let let
cfg = config.services.keycloak.settings; cfg = config.services.keycloak.settings;
in { in {
environment.noXlibs = false;
sops.secrets."keycloak/postgres" = { }; sops.secrets."keycloak/postgres" = { };
services.keycloak = { services.keycloak = {

View File

@ -6,6 +6,12 @@
group = "matrix-synapse"; group = "matrix-synapse";
}; };
sops.secrets."matrix/synapse/oidcsecret" = {
restartUnits = [ "matrix-synapse.service" ];
owner = "matrix-synapse";
group = "matrix-synapse";
};
services.matrix-synapse-next = { services.matrix-synapse-next = {
enable = true; enable = true;
enableNginx = true; enableNginx = true;
@ -69,6 +75,21 @@
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt"; tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key"; tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
oidc_providers = [
{
idp_id = "keycloak";
idp_name = "Keycloak";
issuer = "https://iam.feal.no/realms/feal.no";
client_id = "matrix-synapse";
client_secret_path = config.sops.secrets."matrix/synapse/oidcsecret".path;
user_mapping_provicer.config = {
localpart_template = "{{ user.preferred_username }}";
display_name_template = "{{ user.name }}";
};
backchannel_logout_enabled = true;
enable_registration = false;
}
];
}; };
}; };

View File

@ -62,7 +62,14 @@ in {
''; '';
}; };
}; };
"cloud.feal.no" = publicProxy "http://voyager.home.feal.no" {}; "cloud.feal.no" = publicProxy "" {
locations."/" = {
proxyPass = "http://voyager.home.feal.no";
extraConfig = ''
client_max_body_size 8G;
'';
};
};
"git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" {}; "git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" {};
"jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/" {}; "jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/" {};
"iam.feal.no" = publicProxy "http://${keycloak.http-host}:${toString keycloak.http-port}" {}; "iam.feal.no" = publicProxy "http://${keycloak.http-host}:${toString keycloak.http-port}" {};

View File

@ -1,6 +1,7 @@
matrix: matrix:
synapse: synapse:
registrationsecret: ENC[AES256_GCM,data:6gRW6t080VSyNRAmIrMqXL/oj7dj0JbcQekG3lac7zcdvJbgkUaqEGoWdrym2XiEOSLBOVMthnpLdalC2wcyJdmxB7xMNsYS4RfjR3PMKIo1Ap7JSmuKBl3eeaOalHk=,iv:dZl4/qFMoqEbSwL4JF/sjG21e6DuKVxbXwrGHkxfW4U=,tag:LWdCcmUUeTO4YAHkHOSJuw==,type:str] registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str]
oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str]
hedgedoc: hedgedoc:
env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str] env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str]
vaultwarden: vaultwarden:
@ -36,8 +37,8 @@ sops:
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ== fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-10T09:40:44Z" lastmodified: "2024-06-10T17:02:13Z"
mac: ENC[AES256_GCM,data:HgzZvi14Dgacvax54pqeGXowfiFAZIaLhkmJZieL+pUMiZKKp5vo8M4j2ZyM4DB/a9j58Ao1xlykCnit/vfUgeRJlqZsGedMDLtDvW6mEwHNwZwxvX3Zmsykl/Nt4FZS47jdB5J/1r/vAjtVos7K9UWBfiQUH0EJp6OpVWrWzrc=,iv:64G2tA5tqeJjZPunGFJYhP4z4di0PTCqVzA7QlvTETY=,tag:O2zaf0qRwiSwcrfMQE2uKA==,type:str] mac: ENC[AES256_GCM,data:vHwX4i0SqiMI+laj079uNvO/6QKzqAoS4JmhUIW/1F7xjtd/Wv5Ia/00EexMMw59cvaDW/k7QB13xyHNixloFhH5aXi3bF8b8uIP6U3K0nlbIYp2tVRU3m/FtkhabzIuP5o/sfoO+gfcuHfTQxjwcap8Tx3VsecjJO0PaR9+EHU=,iv:6c0hRRRddD535GH9zGWnaBnq0jcSlyN0dPIEW+ldGew=,tag:185qSz+tgfXg/f65sf/y+Q==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1