Migrate keycloak to sops-nix
This commit is contained in:
parent
985c4c9040
commit
5d1fc8bbc3
SSH key fingerprint:
SHA256:HQgl5VGC4+Yw3ds/0I/DqTge63SPBXvXwhNG/gRW26U
3 changed files with 33 additions and 14 deletions
|
|
@ -10,6 +10,13 @@
|
||||||
http-host = "127.0.0.1";
|
http-host = "127.0.0.1";
|
||||||
http-port = 8080;
|
http-port = 8080;
|
||||||
};
|
};
|
||||||
database.passwordFile = "/secrets/keycloak-database-password.secret";
|
database.passwordFile = "/run/secrets/keycloak-database-password";
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.secrets."keycloak-database-password" = {
|
||||||
|
mode = "0440";
|
||||||
|
owner = "root";
|
||||||
|
group = "systemd-network";
|
||||||
|
restartUnits = [ "keycloak.service" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
||||||
{ keyCommandEnv, ... }:
|
|
||||||
{
|
|
||||||
deployment.keys = {
|
|
||||||
"keycloak-database-password.secret" = {
|
|
||||||
keyCommand = keyCommandEnv ++ [ "pass" "keycloak/database-password" ];
|
|
||||||
destDir = "/secrets";
|
|
||||||
user = "root";
|
|
||||||
group = "systemd-network";
|
|
||||||
permissions = "0640";
|
|
||||||
uploadAt = "pre-activation";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
25
config/hosts/keycloak/secrets.yaml
Normal file
25
config/hosts/keycloak/secrets.yaml
Normal file
|
|
@ -0,0 +1,25 @@
|
||||||
|
keycloak-database-password: ENC[AES256_GCM,data:2Jk0wskmlpdpaZj05MX4YRRDR75eAkk5eDNNOTSA9+dN8OGkUWdI0CX9ZdQFUB31GiRaLZQ4I9gwnIc2sIxzuA==,iv:4fq+safzIGC21NFTaHsIfgZwuKelQyxttEeW7Pp09v8=,tag:c7LO34hJqi1yEwQ+cQc0Dg==,type:str]
|
||||||
|
sops:
|
||||||
|
age:
|
||||||
|
- enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArR0Y2ZVg4S1FDYmRlS0xL
|
||||||
|
VWlJVzNvdHVXanBMN043QjcxVjd5bFk5d21JCnVzYVcwT2tnQS9jblhVQUFaNWZD
|
||||||
|
L0owQ1hhUFdhNVAzaVJNbWhQaEdXZlUKLS0tIFZFOFpKUklKNVJFRS9ZY1JaeS9D
|
||||||
|
RnF5YjRmbXRaY3h1MU5PWEZETGh0N2cKIwZg6mMY8c3VpE9hAk9bcFXLyzl7J/4M
|
||||||
|
BIh7C+yZbD7bL92TEP3gTpW+EsGiJl2LCq7NVVuDkboYuJ6kAqLppg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
recipient: age1tf38ae8yzzzmtjp5cjyemf0a8cksq62dz0x0hsntyhsjk5pq6s6q3v9nm7
|
||||||
|
- enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGS25mcEErQ1pUMTV6U1h4
|
||||||
|
WXduajlyTFFncXdhZ09BdXg4amV4V0xMalFNCm85dk1ldUlHTytXRDJLcjIyN2M2
|
||||||
|
ZmVFVG1YcWhnTmwySmFRUDhEMkVyb1EKLS0tIHVDVkc3QytPU3pQTWxMSG1TRFdI
|
||||||
|
LzVUdGUrZmVTa1RqRHNWaFFhY09ySEUKFrN7X2ir3gwL/S91mychdjXi2oBPEPr9
|
||||||
|
aizXtIk0JX6SzrP/Oy0mYROeEEEUfPVBBypEUlBjlyeSyathmEoVLQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
recipient: age15kluaw2krucmc0j98zfk0s5tkwqer0ax6jva458zukzrgnqjqc9q7s88yd
|
||||||
|
lastmodified: "2026-05-17T01:07:49Z"
|
||||||
|
mac: ENC[AES256_GCM,data:fAOsq2jrl8dTvQSn+Cp0sxuU5AuOdnm97LBIyPY71KbxMAY0vn/RDvhszvskMIE25JWGuZROnFoYmrkUqSp/pxG9gvcPQ6keW9WMr09YFli4u1tvADl6Ag+OkcgDe2UP1aPRkW6i7sGpq7Wfv/3G8HNMLgywhyiAA2XICymbDBI=,iv:ChOk26gheG2ErLVqt/rrMw1MxuOmEA595fay6pGUCcc=,tag:8wGA4YZa+ZyNDIBz/d1DUg==,type:str]
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.13.0
|
||||||
Loading…
Add table
Add a link
Reference in a new issue