nyancat/flake
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nixos: dont use keycloak master realm

Browse source
This commit is contained in:
Guanran Wang 2024-06-20 22:03:59 +08:00
parent a024ea5e4f
commit 92c6d2b59c
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hosts/blacksteel/default.nix
View file

@ -262,7 +262,7 @@
{ {
idp_id = "keycloak"; idp_id = "keycloak";
idp_name = "id.ny4.dev"; idp_name = "id.ny4.dev";
issuer = "https://id.ny4.dev/realms/master"; issuer = "https://id.ny4.dev/realms/ny4";
client_id = "synapse"; client_id = "synapse";
client_secret_path = config.sops.secrets."synapse/oidc".path; client_secret_path = config.sops.secrets."synapse/oidc".path;
scopes = ["openid" "profile"]; scopes = ["openid" "profile"];
@ -317,7 +317,7 @@
# OIDC_CLIENT_SECRET # EnvironmentFile # OIDC_CLIENT_SECRET # EnvironmentFile
OIDC_DISCOVERY = "true"; OIDC_DISCOVERY = "true";
OIDC_DISPLAY_NAME = "id.ny4.dev"; OIDC_DISPLAY_NAME = "id.ny4.dev";
OIDC_ISSUER = "https://id.ny4.dev/realms/master"; OIDC_ISSUER = "https://id.ny4.dev/realms/ny4";
OIDC_REDIRECT_URI = "https://${WEB_DOMAIN}/auth/auth/openid_connect/callback"; OIDC_REDIRECT_URI = "https://${WEB_DOMAIN}/auth/auth/openid_connect/callback";
OIDC_SCOPE = "openid,profile,email"; OIDC_SCOPE = "openid,profile,email";
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true"; OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";

8
hosts/blacksteel/secrets.yaml
View file

@ -1,10 +1,10 @@
synapse: synapse:
secret: ENC[AES256_GCM,data:H7bHbreE4NmpqXHpkPQ5AkwGOAs97YcQhQZIr5zgK1mgHMTGSbMP57elWMyMAQ3+wCy7x9Jx0H2omrdQh39iG32XoVyyMMoVMQ0OCgFa4O77DHdgG+wrWl7VLWNY,iv:cFbMEqJQG482ShZlpoxRhk7z/y5216WucXfJbkMxuxU=,tag:7iUyMlu2yStLLdkC/V9/DQ==,type:str] secret: ENC[AES256_GCM,data:H7bHbreE4NmpqXHpkPQ5AkwGOAs97YcQhQZIr5zgK1mgHMTGSbMP57elWMyMAQ3+wCy7x9Jx0H2omrdQh39iG32XoVyyMMoVMQ0OCgFa4O77DHdgG+wrWl7VLWNY,iv:cFbMEqJQG482ShZlpoxRhk7z/y5216WucXfJbkMxuxU=,tag:7iUyMlu2yStLLdkC/V9/DQ==,type:str]
oidc: ENC[AES256_GCM,data:vGQcPcUfbv6II6buEMKELc1+xZ5XccpEeCy3vZx4fdk=,iv:ORok/FXZ9SA54zD1+OhyFnZAPhGpMpTetWYgge2QSwQ=,tag:7DxrruTbenUfI/V6hGYBaw==,type:str] oidc: ENC[AES256_GCM,data:ihiMcrrYvPrNDJ13p6/FbINgh5wxv2vyOYxg0sthipM=,iv:+aESWZLI7/4HWjV7QT94py+zGLbTl+VoSsWdiGNHkjU=,tag:yxxZeDOtzFegCQGQT2HCgA==,type:str]
syncv3: syncv3:
environment: ENC[AES256_GCM,data:xVBXP3+w38T700OYu6XL1R1I0NWzcKeORWk5GE2lkWS+kooplcQb/wbov40H+DB522cRzCRutMXmrvGVWO86kIH/jT5tq5iWrdxbSKjTxA==,iv:6rtSdSMYtGnZl8WMmqxaCxbDG7SXhKy0LCXJJkorTvU=,tag:3PE5R31oU3ClL7elK/ca0g==,type:str] environment: ENC[AES256_GCM,data:xVBXP3+w38T700OYu6XL1R1I0NWzcKeORWk5GE2lkWS+kooplcQb/wbov40H+DB522cRzCRutMXmrvGVWO86kIH/jT5tq5iWrdxbSKjTxA==,iv:6rtSdSMYtGnZl8WMmqxaCxbDG7SXhKy0LCXJJkorTvU=,tag:3PE5R31oU3ClL7elK/ca0g==,type:str]
mastodon: mastodon:
environment: ENC[AES256_GCM,data:cEGz8ZEPUmtPXyJx5oB1xOUvya7lSCW4vQKCp6F6WpgakZdrarez0cOzM8VsfNe3lFe6VQ==,iv:17k4EWB4v/79ApfKw5e8FyqJ1zKEn9xxewkrsRbya9A=,tag:dJjVjhEQGjSrxD9FO2hYEw==,type:str] environment: ENC[AES256_GCM,data:9RjpYXbGo8lBsXKg71Vbp2iTJlvXEGhn8hTl37o8G1E28JWF5Io7+evfqUv+N7QfSk1zbA==,iv:ejfe7f941QB7iiREXx1T9Vej43cW/S9nr03P5lkw9Yg=,tag:odI7xsxoPGBrxd0GnCsnOg==,type:str]
frp: frp:
environment: ENC[AES256_GCM,data:TLVqVpVMTFzvs8JS31cPhhqeLRGcUOQBeGENvBd8e1RRt2mQY5VTP8lQYrgtXMRGMHLu0ByPjmL8aFZRlukBc77wAIhtETo238Hn62vJz3I=,iv:kMRF5BAzvhKWtKQyPSIWGeSjgmcEfvcbCJa9wQxSjjU=,tag:DViCejZvRo4cqJosE28lsA==,type:str] environment: ENC[AES256_GCM,data:TLVqVpVMTFzvs8JS31cPhhqeLRGcUOQBeGENvBd8e1RRt2mQY5VTP8lQYrgtXMRGMHLu0ByPjmL8aFZRlukBc77wAIhtETo238Hn62vJz3I=,iv:kMRF5BAzvhKWtKQyPSIWGeSjgmcEfvcbCJa9wQxSjjU=,tag:DViCejZvRo4cqJosE28lsA==,type:str]
sops: sops:
@ -31,8 +31,8 @@ sops:
bGQ1cytGR09Dd2JoaU5CSW1DL1FVR0kK8F2DoJcnd+T+eQ9h39DtaAGCSpS4wXVJ bGQ1cytGR09Dd2JoaU5CSW1DL1FVR0kK8F2DoJcnd+T+eQ9h39DtaAGCSpS4wXVJ
hOZBh9fDeue1PwMWufDJ6KGeR0atPbUjn2w0dquvLEdBjt3Un9rFcA== hOZBh9fDeue1PwMWufDJ6KGeR0atPbUjn2w0dquvLEdBjt3Un9rFcA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-20T08:12:17Z" lastmodified: "2024-06-20T14:23:30Z"
mac: ENC[AES256_GCM,data:kkQnNrldWFWCORK4eeVDg4fUQ/FNUPjxHpZb9i+okxlTHpYOPLHf1oDWpOTvUyIE7gHPkU0Knb7bD5OL3g/40O2/MjXzNTNWBws94NNRrY2Z6V6ixSI58tNT2NRSFqQFcDHx8Cvte+7rJoElN15Ejh3a4Pmm+ID70iSQu7mdFAI=,iv:jCTsHhY2HQjE3GvG0S/twSojuyX9e4LfhHTxRY3k8Tg=,tag:x2PkHgYi0XheTqC95BTGHA==,type:str] mac: ENC[AES256_GCM,data:cgDwV6lXR+eTOFcfytKDc2cCs+w/PGDS3fASoKw5VQ95StbmvVNt0go4yAt1D86LXa5p1ReW8dVaciDovuhCFd/jZ+zJpA7sNwKBNrlye7sURW6zDiVM7ITyslPd31bSeIL5/qtiwyT+1tdnthSTjtJPrnPu9NfsRrkUsITT7WA=,iv:ComILTHFTb8lHooVemIg+Nx9ZDWr6SyweZTtmsjWALQ=,tag:7Bj38htDNkoHZdVDMgEiBA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1