nyancat/flake
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nixos: dont use keycloak master realm

Browse source
This commit is contained in:
Guanran Wang 2024-06-20 22:03:59 +08:00
parent 6b7c45aeda
commit 832cd5205d
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hosts/blacksteel/default.nix
View file

@ -263,7 +263,7 @@
{ {
idp_id = "keycloak"; idp_id = "keycloak";
idp_name = "id.ny4.dev"; idp_name = "id.ny4.dev";
issuer = "https://id.ny4.dev/realms/master"; issuer = "https://id.ny4.dev/realms/ny4";
client_id = "synapse"; client_id = "synapse";
client_secret_path = config.sops.secrets."synapse/oidc".path; client_secret_path = config.sops.secrets."synapse/oidc".path;
scopes = ["openid" "profile"]; scopes = ["openid" "profile"];
@ -318,7 +318,7 @@
# OIDC_CLIENT_SECRET # EnvironmentFile # OIDC_CLIENT_SECRET # EnvironmentFile
OIDC_DISCOVERY = "true"; OIDC_DISCOVERY = "true";
OIDC_DISPLAY_NAME = "id.ny4.dev"; OIDC_DISPLAY_NAME = "id.ny4.dev";
OIDC_ISSUER = "https://id.ny4.dev/realms/master"; OIDC_ISSUER = "https://id.ny4.dev/realms/ny4";
OIDC_REDIRECT_URI = "https://${WEB_DOMAIN}/auth/auth/openid_connect/callback"; OIDC_REDIRECT_URI = "https://${WEB_DOMAIN}/auth/auth/openid_connect/callback";
OIDC_SCOPE = "openid,profile,email"; OIDC_SCOPE = "openid,profile,email";
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true"; OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";

8
hosts/blacksteel/secrets.yaml
View file

@ -1,10 +1,10 @@
synapse: synapse:
secret: ENC[AES256_GCM,data:H7bHbreE4NmpqXHpkPQ5AkwGOAs97YcQhQZIr5zgK1mgHMTGSbMP57elWMyMAQ3+wCy7x9Jx0H2omrdQh39iG32XoVyyMMoVMQ0OCgFa4O77DHdgG+wrWl7VLWNY,iv:cFbMEqJQG482ShZlpoxRhk7z/y5216WucXfJbkMxuxU=,tag:7iUyMlu2yStLLdkC/V9/DQ==,type:str] secret: ENC[AES256_GCM,data:H7bHbreE4NmpqXHpkPQ5AkwGOAs97YcQhQZIr5zgK1mgHMTGSbMP57elWMyMAQ3+wCy7x9Jx0H2omrdQh39iG32XoVyyMMoVMQ0OCgFa4O77DHdgG+wrWl7VLWNY,iv:cFbMEqJQG482ShZlpoxRhk7z/y5216WucXfJbkMxuxU=,tag:7iUyMlu2yStLLdkC/V9/DQ==,type:str]
oidc: ENC[AES256_GCM,data:vGQcPcUfbv6II6buEMKELc1+xZ5XccpEeCy3vZx4fdk=,iv:ORok/FXZ9SA54zD1+OhyFnZAPhGpMpTetWYgge2QSwQ=,tag:7DxrruTbenUfI/V6hGYBaw==,type:str] oidc: ENC[AES256_GCM,data:+I0WOxj0ob+66w7UclF0kD5y8gezdeKdey97znUxWHA=,iv:5Fblt+FheYfXhkNJSyfkF4BsXmwSrYVYUjO3wXiFfoI=,tag:lCaU/CMSjGPS12K8Urvlwg==,type:str]
syncv3: syncv3:
environment: ENC[AES256_GCM,data:xVBXP3+w38T700OYu6XL1R1I0NWzcKeORWk5GE2lkWS+kooplcQb/wbov40H+DB522cRzCRutMXmrvGVWO86kIH/jT5tq5iWrdxbSKjTxA==,iv:6rtSdSMYtGnZl8WMmqxaCxbDG7SXhKy0LCXJJkorTvU=,tag:3PE5R31oU3ClL7elK/ca0g==,type:str] environment: ENC[AES256_GCM,data:xVBXP3+w38T700OYu6XL1R1I0NWzcKeORWk5GE2lkWS+kooplcQb/wbov40H+DB522cRzCRutMXmrvGVWO86kIH/jT5tq5iWrdxbSKjTxA==,iv:6rtSdSMYtGnZl8WMmqxaCxbDG7SXhKy0LCXJJkorTvU=,tag:3PE5R31oU3ClL7elK/ca0g==,type:str]
mastodon: mastodon:
environment: ENC[AES256_GCM,data:cEGz8ZEPUmtPXyJx5oB1xOUvya7lSCW4vQKCp6F6WpgakZdrarez0cOzM8VsfNe3lFe6VQ==,iv:17k4EWB4v/79ApfKw5e8FyqJ1zKEn9xxewkrsRbya9A=,tag:dJjVjhEQGjSrxD9FO2hYEw==,type:str] environment: ENC[AES256_GCM,data:9RjpYXbGo8lBsXKg71Vbp2iTJlvXEGhn8hTl37o8G1E28JWF5Io7+evfqUv+N7QfSk1zbA==,iv:ejfe7f941QB7iiREXx1T9Vej43cW/S9nr03P5lkw9Yg=,tag:odI7xsxoPGBrxd0GnCsnOg==,type:str]
frp: frp:
environment: ENC[AES256_GCM,data:TLVqVpVMTFzvs8JS31cPhhqeLRGcUOQBeGENvBd8e1RRt2mQY5VTP8lQYrgtXMRGMHLu0ByPjmL8aFZRlukBc77wAIhtETo238Hn62vJz3I=,iv:kMRF5BAzvhKWtKQyPSIWGeSjgmcEfvcbCJa9wQxSjjU=,tag:DViCejZvRo4cqJosE28lsA==,type:str] environment: ENC[AES256_GCM,data:TLVqVpVMTFzvs8JS31cPhhqeLRGcUOQBeGENvBd8e1RRt2mQY5VTP8lQYrgtXMRGMHLu0ByPjmL8aFZRlukBc77wAIhtETo238Hn62vJz3I=,iv:kMRF5BAzvhKWtKQyPSIWGeSjgmcEfvcbCJa9wQxSjjU=,tag:DViCejZvRo4cqJosE28lsA==,type:str]
sops: sops:
@ -31,8 +31,8 @@ sops:
bGQ1cytGR09Dd2JoaU5CSW1DL1FVR0kK8F2DoJcnd+T+eQ9h39DtaAGCSpS4wXVJ bGQ1cytGR09Dd2JoaU5CSW1DL1FVR0kK8F2DoJcnd+T+eQ9h39DtaAGCSpS4wXVJ
hOZBh9fDeue1PwMWufDJ6KGeR0atPbUjn2w0dquvLEdBjt3Un9rFcA== hOZBh9fDeue1PwMWufDJ6KGeR0atPbUjn2w0dquvLEdBjt3Un9rFcA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-20T08:12:17Z" lastmodified: "2024-06-20T13:41:55Z"
mac: ENC[AES256_GCM,data:kkQnNrldWFWCORK4eeVDg4fUQ/FNUPjxHpZb9i+okxlTHpYOPLHf1oDWpOTvUyIE7gHPkU0Knb7bD5OL3g/40O2/MjXzNTNWBws94NNRrY2Z6V6ixSI58tNT2NRSFqQFcDHx8Cvte+7rJoElN15Ejh3a4Pmm+ID70iSQu7mdFAI=,iv:jCTsHhY2HQjE3GvG0S/twSojuyX9e4LfhHTxRY3k8Tg=,tag:x2PkHgYi0XheTqC95BTGHA==,type:str] mac: ENC[AES256_GCM,data:aEjXFS5ZHhQMZJsE7LJ+h0oImVOZphqqlU3WeoUZiGAweHEKJgC2llPFXPgM2CebIIytO617ZZQXg25Y5Nnju7vpWuTE4iTNspQFuw0hm4112X/zmepl+HC/Xzsfm0RIQf6CfmreFgs0vU3mr9w3+puBVb9kee82SjaNXvC84wQ=,iv:lqK0W3T3U6A2mz9EVd+JXjp7ZbOH9y4HKj3Bb8NXTSY=,tag:H8boV/zvaJ/8K6W2XPIfqA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1