Add Keycloak

2024-09-05 20:21:27 +02:00 · 2024-09-05 20:21:27 +02:00 · a28e60633b
commit a28e60633b
parent f01c7cbfdf
6 changed files with 29 additions and 1 deletions
--- a/container-config/nginx-home/auth
+++ b/container-config/nginx-home/auth
@ -0,0 +1,11 @@
+server {
+  server_name auth.strypsteen.com;
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  include snippets/headers.conf;
+  location / {
+    set $upstream systemd-keycloak.;
+    proxy_pass http://$upstream:8080;
+    include snippets/proxy.conf;
+  }
+}
--- a/container-config/nginx/snippets/proxy.conf
+++ b/container-config/nginx/snippets/proxy.conf
@ -1,6 +1,8 @@
 proxy_set_header X-Forwarded-For $remote_addr;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Host $host;
+proxy_set_header X-Forwarded-Port $server_port;
 proxy_set_header Host $host;
 proxy_hide_header X-Frame-Options;
 proxy_hide_header X-Content-Type-Options;
--- a/desktop/var/lib/flatpak/extension/org.chromium.Chromium.Extension.system-policies/x86_64/1/policies/managed/policy.json
+++ b/desktop/var/lib/flatpak/extension/org.chromium.Chromium.Extension.system-policies/x86_64/1/policies/managed/policy.json
@ -4,7 +4,7 @@
  "CookiesAllowedForUrls": ["localhost", "[*.]strypsteen.com"],
  "DefaultCookiesSetting": 4,
  "DefaultSearchProviderEnabled": true,
-  "DefaultSearchProviderSearchURL": "https://duckduckgo.com/?q={searchTerms}",
+  "DefaultSearchProviderSearchURL": "https://search.brave.com/search?q={searchTerms}",
  "ExtensionInstallForcelist": ["ddkjiahejlhfcafbddmgiahcphecmpfh"],
  "HttpsOnlyMode": "force_enabled",
  "ShowFullUrlsInAddressBar": true,
--- a/home/etc/containers/systemd/keycloak.container
+++ b/home/etc/containers/systemd/keycloak.container
@ -0,0 +1,13 @@
+[Unit]
+Requires=postgresql.service
+After=postgresql.service
+[Container]
+Image=quay.io/keycloak/keycloak
+Network=nginx.network
+Network=postgresql.network
+Exec=start --hostname=auth.strypsteen.com --http-enabled=true --proxy-headers=xforwarded --db=postgres --db-url-host=systemd-postgresql --db-username=keycloak --db-url-database=keycloak
+Tmpfs=/opt/keycloak
+Secret=KC_DB_PASSWORD,type=env
+AutoUpdate=registry
+[Install]
+WantedBy=multi-user.target
--- a/sandbox/etc/containers/systemd/code-server.container
+++ b/sandbox/etc/containers/systemd/code-server.container
@ -3,6 +3,7 @@ Image=git.strypsteen.com/mathieu/code-server
 ReadOnly=false
 AddDevice=/dev/kvm
 AddDevice=/dev/net/tun
+PidsLimit=-1
 Volume=/var/lib/system-config/container-config/code-server/settings.json:/home/coder/.local/share/code-server/Machine/settings.json:z,ro
 Volume=code-server-settings.volume:/home/coder/.local/share/code-server:U,Z
 Volume=code-server-ssh.volume:/home/coder/.ssh:U,Z
--- a/setup-vyos.sh
+++ b/setup-vyos.sh
@ -2,6 +2,7 @@
 # shellcheck disable=SC2121
 set system name-server 9.9.9.9
 set system static-host-mapping host-name pve.strypsteen.com inet 192.168.253.2
+set system static-host-mapping host-name home.strypsteen.com alias auth.strypsteen.com
 set system static-host-mapping host-name home.strypsteen.com alias chat.strypsteen.com
 set system static-host-mapping host-name home.strypsteen.com alias cloud.strypsteen.com
 set system static-host-mapping host-name home.strypsteen.com alias code.strypsteen.com