From 01bd11fd05aeaeb339542a239fcde321affad57a Mon Sep 17 00:00:00 2001 From: Guanran Wang Date: Thu, 20 Jun 2024 22:03:59 +0800 Subject: [PATCH] nixos: dont use keycloak master realm --- hosts/blacksteel/default.nix | 4 ++-- hosts/blacksteel/secrets.yaml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/hosts/blacksteel/default.nix b/hosts/blacksteel/default.nix index 76cecf8..1d08dc9 100644 --- a/hosts/blacksteel/default.nix +++ b/hosts/blacksteel/default.nix @@ -262,7 +262,7 @@ { idp_id = "keycloak"; idp_name = "id.ny4.dev"; - issuer = "https://id.ny4.dev/realms/master"; + issuer = "https://id.ny4.dev/realms/ny4"; client_id = "synapse"; client_secret_path = config.sops.secrets."synapse/oidc".path; scopes = ["openid" "profile"]; @@ -317,7 +317,7 @@ # OIDC_CLIENT_SECRET # EnvironmentFile OIDC_DISCOVERY = "true"; OIDC_DISPLAY_NAME = "id.ny4.dev"; - OIDC_ISSUER = "https://id.ny4.dev/realms/master"; + OIDC_ISSUER = "https://id.ny4.dev/realms/ny4"; OIDC_REDIRECT_URI = "https://${WEB_DOMAIN}/auth/auth/openid_connect/callback"; OIDC_SCOPE = "openid,profile,email"; OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true"; diff --git a/hosts/blacksteel/secrets.yaml b/hosts/blacksteel/secrets.yaml index d35e69c..e84685f 100644 --- a/hosts/blacksteel/secrets.yaml +++ b/hosts/blacksteel/secrets.yaml @@ -1,10 +1,10 @@ synapse: secret: ENC[AES256_GCM,data:H7bHbreE4NmpqXHpkPQ5AkwGOAs97YcQhQZIr5zgK1mgHMTGSbMP57elWMyMAQ3+wCy7x9Jx0H2omrdQh39iG32XoVyyMMoVMQ0OCgFa4O77DHdgG+wrWl7VLWNY,iv:cFbMEqJQG482ShZlpoxRhk7z/y5216WucXfJbkMxuxU=,tag:7iUyMlu2yStLLdkC/V9/DQ==,type:str] - oidc: ENC[AES256_GCM,data:vGQcPcUfbv6II6buEMKELc1+xZ5XccpEeCy3vZx4fdk=,iv:ORok/FXZ9SA54zD1+OhyFnZAPhGpMpTetWYgge2QSwQ=,tag:7DxrruTbenUfI/V6hGYBaw==,type:str] + oidc: ENC[AES256_GCM,data:ihiMcrrYvPrNDJ13p6/FbINgh5wxv2vyOYxg0sthipM=,iv:+aESWZLI7/4HWjV7QT94py+zGLbTl+VoSsWdiGNHkjU=,tag:yxxZeDOtzFegCQGQT2HCgA==,type:str] syncv3: environment: ENC[AES256_GCM,data:xVBXP3+w38T700OYu6XL1R1I0NWzcKeORWk5GE2lkWS+kooplcQb/wbov40H+DB522cRzCRutMXmrvGVWO86kIH/jT5tq5iWrdxbSKjTxA==,iv:6rtSdSMYtGnZl8WMmqxaCxbDG7SXhKy0LCXJJkorTvU=,tag:3PE5R31oU3ClL7elK/ca0g==,type:str] mastodon: - environment: ENC[AES256_GCM,data:cEGz8ZEPUmtPXyJx5oB1xOUvya7lSCW4vQKCp6F6WpgakZdrarez0cOzM8VsfNe3lFe6VQ==,iv:17k4EWB4v/79ApfKw5e8FyqJ1zKEn9xxewkrsRbya9A=,tag:dJjVjhEQGjSrxD9FO2hYEw==,type:str] + environment: ENC[AES256_GCM,data:9RjpYXbGo8lBsXKg71Vbp2iTJlvXEGhn8hTl37o8G1E28JWF5Io7+evfqUv+N7QfSk1zbA==,iv:ejfe7f941QB7iiREXx1T9Vej43cW/S9nr03P5lkw9Yg=,tag:odI7xsxoPGBrxd0GnCsnOg==,type:str] frp: environment: ENC[AES256_GCM,data:TLVqVpVMTFzvs8JS31cPhhqeLRGcUOQBeGENvBd8e1RRt2mQY5VTP8lQYrgtXMRGMHLu0ByPjmL8aFZRlukBc77wAIhtETo238Hn62vJz3I=,iv:kMRF5BAzvhKWtKQyPSIWGeSjgmcEfvcbCJa9wQxSjjU=,tag:DViCejZvRo4cqJosE28lsA==,type:str] sops: @@ -31,8 +31,8 @@ sops: bGQ1cytGR09Dd2JoaU5CSW1DL1FVR0kK8F2DoJcnd+T+eQ9h39DtaAGCSpS4wXVJ hOZBh9fDeue1PwMWufDJ6KGeR0atPbUjn2w0dquvLEdBjt3Un9rFcA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-20T08:12:17Z" - mac: ENC[AES256_GCM,data:kkQnNrldWFWCORK4eeVDg4fUQ/FNUPjxHpZb9i+okxlTHpYOPLHf1oDWpOTvUyIE7gHPkU0Knb7bD5OL3g/40O2/MjXzNTNWBws94NNRrY2Z6V6ixSI58tNT2NRSFqQFcDHx8Cvte+7rJoElN15Ejh3a4Pmm+ID70iSQu7mdFAI=,iv:jCTsHhY2HQjE3GvG0S/twSojuyX9e4LfhHTxRY3k8Tg=,tag:x2PkHgYi0XheTqC95BTGHA==,type:str] + lastmodified: "2024-06-20T14:23:30Z" + mac: ENC[AES256_GCM,data:cgDwV6lXR+eTOFcfytKDc2cCs+w/PGDS3fASoKw5VQ95StbmvVNt0go4yAt1D86LXa5p1ReW8dVaciDovuhCFd/jZ+zJpA7sNwKBNrlye7sURW6zDiVM7ITyslPd31bSeIL5/qtiwyT+1tdnthSTjtJPrnPu9NfsRrkUsITT7WA=,iv:ComILTHFTb8lHooVemIg+Nx9ZDWr6SyweZTtmsjWALQ=,tag:7Bj38htDNkoHZdVDMgEiBA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1