Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

try keycloak

Browse Source
This commit is contained in:
Nathan
2025-07-24 16:27:55 -05:00
parent aa3c76c3ea
commit 11044fb61f
2 changed files with 34 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
system-config/services/containers/keycloak/default.nix
View File

@@ -49,6 +49,8 @@
settings = { settings = {
hostname = "auth.blunkall.us"; hostname = "auth.blunkall.us";
}; };
initialAdminPassword = "7567";
}; };
system.stateVersion = "25.05"; system.stateVersion = "25.05";

104
system-config/services/containers/traefik/default.nix
View File

@@ -22,14 +22,6 @@
containerPort = 443; containerPort = 443;
hostPort = 443; hostPort = 443;
} }
{
containerPort = 9080;
hostPort = 9080;
}
{
containerPort = 9443;
hostPort = 9443;
}
]; ];
bindMounts = { bindMounts = {
@@ -62,20 +54,6 @@
sendanonymoususage = false; sendanonymoususage = false;
}; };
entryPoints = { entryPoints = {
local = {
address = ":9080";
http.redirections.entryPoint = {
to = "localsecure";
scheme = "https";
};
};
localsecure = {
address = ":9443";
asDefault = true;
http.tls.certResolver = "cloudflare";
};
web = { web = {
address = ":80"; address = ":80";
http.redirections.entryPoint = { http.redirections.entryPoint = {
@@ -90,7 +68,7 @@
certResolver = "cloudflare"; certResolver = "cloudflare";
domains = { domains = {
main = "blunkall.us"; main = "blunkall.us";
sans = [ "*.local.blunkall.us" "*.blunkall.us" "blunkall.us" ]; sans = [ "*.blunkall.us" "blunkall.us" ];
}; };
}; };
}; };
@@ -112,12 +90,6 @@
}; };
}; };
}; };
/*letsencrypt.acme = {
email = "postmaster@blunkall.us";
storage = "/root/data/acme.json";
httpChallenge.entryPoint = "web";
};*/
}; };
}; };
@@ -125,16 +97,14 @@
http = { http = {
routers = { routers = {
homepageSecure = { homepageSecure = {
entryPoints = [ "localsecure" "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`blunkall.us`) || Host(`www.blunkall.us`)"; rule = "Host(`blunkall.us`) || Host(`www.blunkall.us`)";
service = "homepage"; service = "homepage";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
middlewares = [ #middlewares = [ "authentik" ];
"authentik"
];
}; };
nathan = { nathan = {
entryPoints = [ "localsecure" "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`nathan.blunkall.us`)"; rule = "Host(`nathan.blunkall.us`)";
service = "homepage"; service = "homepage";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
@@ -143,50 +113,42 @@
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`remote.blunkall.us`)"; rule = "Host(`remote.blunkall.us`)";
service = "novnc"; service = "novnc";
middlewares = [ "authentik" ];
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
}; };
homeassistant = { /*homeassistant = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`hass.blunkall.us`)"; rule = "Host(`hass.blunkall.us`)";
service = "homeassistant"; service = "homeassistant";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
}; };*/
ollama = {
entryPoints = [ "websecure" ];
rule = "Host(`ollama.blunkall.us`)";
service = "ollama";
tls.certResolver = "cloudflare";
};
jellyfin = { jellyfin = {
entryPoints = [ "localsecure" "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.blunkall.us`)"; rule = "Host(`jellyfin.blunkall.us`)";
service = "jellyfin"; service = "jellyfin";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
}; };
auth = { auth = {
entryPoints = [ "localsecure" "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`auth.blunkall.us`)"; rule = "Host(`auth.blunkall.us`)";
service = "authentik"; service = "keycloak";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
}; };
gitlab = { /*gitlab = {
entryPoints = [ "localsecure" "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`gitlab.blunkall.us`)"; rule = "Host(`gitlab.blunkall.us`)";
service = "gitlab"; service = "gitlab";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
}; };*/
gitea = { gitea = {
entryPoints = [ "localsecure" "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`gitea.blunkall.us`)"; rule = "Host(`gitea.blunkall.us`)";
service = "gitea"; service = "gitea";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
}; };
nextcloud = { nextcloud = {
entryPoints = [ "localsecure" "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`nextcloud.blunkall.us`)"; rule = "Host(`nextcloud.blunkall.us`)";
service = "nextcloud"; service = "nextcloud";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
@@ -194,21 +156,19 @@
"nextcloud_redirectregex" "nextcloud_redirectregex"
]; ];
}; };
traefik = { traefik = {
entryPoints = [ "localsecure" "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`traefik.blunkall.us`)"; rule = "Host(`traefik.blunkall.us`)";
service = "api@internal"; service = "api@internal";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
middlewares = [ "authentik" ]; #middlewares = [ "authentik" ];
}; };
/*ntfy = {
ntfy = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`ntfy.blunkall.us`)"; rule = "Host(`ntfy.blunkall.us`)";
service = "ntfy"; service = "ntfy";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
}; };*/
/*pihole = { /*pihole = {
entryPoints = [ "localsecure" ]; entryPoints = [ "localsecure" ];
@@ -217,7 +177,7 @@
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
};*/ };*/
netbird = { /*netbird = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`vpn.blunkall.us`)"; rule = "Host(`vpn.blunkall.us`)";
service = "netbird"; service = "netbird";
@@ -240,11 +200,11 @@
rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/signalexchange.SignalExchange`)"; rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/signalexchange.SignalExchange`)";
service = "netbirdSignal"; service = "netbirdSignal";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
}; };*/
}; };
middlewares = { middlewares = {
authentik.forwardAuth = { /*authentik.forwardAuth = {
address = "http://192.168.100.10:9000/outpost.goauthentik.io/auth/traefik"; address = "http://192.168.100.10:9000/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true; trustForwardHeader = true;
authResponseHeaders = [ authResponseHeaders = [
@@ -260,7 +220,7 @@
"X-authentik-meta-app" "X-authentik-meta-app"
"X-authentik-meta-version" "X-authentik-meta-version"
]; ];
}; };*/
nextcloud_redirectregex.redirectregex = { nextcloud_redirectregex.redirectregex = {
permanent = true; permanent = true;
@@ -270,7 +230,7 @@
}; };
services = { services = {
gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ]; #gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:3000"; } ]; gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:3000"; } ];
homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ]; homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ];
@@ -279,32 +239,32 @@
authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ]; authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ];
pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ]; #pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ];
keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ];
novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ]; novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ];
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ]; nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ];
ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ]; #ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ];
netbird.loadBalancer = { /*netbird.loadBalancer = {
passHostHeader = true; passHostHeader = true;
servers = [ { url = "http://192.168.100.21"; } ]; servers = [ { url = "http://192.168.100.21"; } ];
}; };
netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.21:33073"; } ]; netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.21:33073"; } ];
netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.21:33073"; } ]; netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.21:33073"; } ];
netbirdSignal.loadBalancer.servers = [ { url = "h2c://192.168.100.21:10000"; } ]; netbirdSignal.loadBalancer.servers = [ { url = "h2c://192.168.100.21:10000"; } ];
*/
homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ]; #homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ];
ollama.loadBalancer.servers = [ { url = "http://192.168.100.10:11434"; } ];
}; };
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 9080 9443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ]; networking.firewall.allowedUDPPorts = [ 80 443 ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";