~abyxcos/nas.nix

f4061e74369e87cb169ed2b200b63c946a25c806 — root 9 months ago 9cc4a45
Turn on keycloak (SSO)
1 files changed, 31 insertions(+), 5 deletions(-)

M configuration.nix
M configuration.nix => configuration.nix +31 -5
@@ 24,7 24,7 @@ in {
			./prometheus.nix
			# simple-nixos-mailserver
			(builtins.fetchTarball {
				url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/master/nixos-mailserver-master.tar.gz";
				url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-23.05/nixos-mailserver-master.tar.gz";
				sha256 = "1ngil2shzkf61qxiqw11awyl81cr7ks2kv3r3k243zz7v2xakm5c";
			})
		];


@@ 124,6 124,7 @@ in {
		nixos-option
		lm_sensors
		wget curl vim tmux htop lsof tree
		iotop
		unzip unar
		git ripgrep
		clang llvm gcc binutils file


@@ 211,6 212,7 @@ in {
		reflector = true;
		publish = {
			enable = true;
			domain = true;
			addresses = true;
		};
	};


@@ 260,17 262,41 @@ in {
		passwordFile = "/etc/nixos/restic/password";

		paths = [
			# Backups and stuff
			"/mnt/guava/services"
			"/mnt/guava/Downloads"
			"/mnt/guava/backups"

			# Media
			"/mnt/guava/books"
			"/mnt/guava/pictures"
			"/mnt/guava/music"
			"/mnt/guava/games"
		];
	};

	services.keycloak.enable = true;
	services.keycloak = {
		settings = {
			hostname = "keycloak.mnetic.ch";
			proxy = "passthrough";
			http-port = 38080;
			http-enabled = true;
		};
		database = {
			passwordFile = "/mnt/guava/services/keycloak/db_password";
		};
	};
	services.nginx.virtualHosts."keycloak.mnetic.ch" = nginxProxy 38080;
	services.nginx.virtualHosts."id.mnetic.ch" = nginxProxy 38080;

	mailserver.enable = false;
	mailserver = {
		fqdn = "mail.bouncingkiwi.net";
		domains = [ "bouncingkiwi.net" ];
		fqdn = "mail.mnetic.ch";
		domains = [ "mnetic.ch" ];
		loginAccounts = {
			"aaron@bouncingkiwi.net" = {
				hashedPasswordFile = "/mnt/guava/mail/aaron@bouncingkiwi.net/password";
			"aaron@mnetic.ch" = {
				hashedPasswordFile = "/mnt/guava/mail/aaron@mnetic.ch/password";
			};
		};
	};