From fa66c1c5cdac807e9131e93ce7ad65efb13b23e3 Mon Sep 17 00:00:00 2001 From: Mathieu Strypsteen Date: Thu, 12 Sep 2024 21:18:59 +0200 Subject: [PATCH] Move keycloak to infra --- container-config/nginx-home/auth | 4 ++-- home/etc/containers/systemd/postgresql.container | 1 + .../systemd/borgmatic.container.d/override.conf | 3 +++ {home => infra}/etc/containers/systemd/keycloak.container | 1 - infra/etc/containers/systemd/postgresql.container | 8 ++++++++ infra/etc/containers/systemd/postgresql.network | 2 ++ infra/etc/containers/systemd/postgresql.volume | 0 7 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 infra/etc/containers/systemd/borgmatic.container.d/override.conf rename {home => infra}/etc/containers/systemd/keycloak.container (95%) create mode 100644 infra/etc/containers/systemd/postgresql.container create mode 100644 infra/etc/containers/systemd/postgresql.network create mode 100644 infra/etc/containers/systemd/postgresql.volume diff --git a/container-config/nginx-home/auth b/container-config/nginx-home/auth index e0ce011..337d8f9 100644 --- a/container-config/nginx-home/auth +++ b/container-config/nginx-home/auth @@ -4,8 +4,8 @@ server { listen [::]:443 ssl; include snippets/headers.conf; location / { - set $upstream home.server.home.arpa; - proxy_pass http://$upstream:8000; + set $upstream systemd-keycloak.; + proxy_pass http://$upstream:8080; include snippets/proxy.conf; } } diff --git a/home/etc/containers/systemd/postgresql.container b/home/etc/containers/systemd/postgresql.container index 0ce2f82..905bf44 100644 --- a/home/etc/containers/systemd/postgresql.container +++ b/home/etc/containers/systemd/postgresql.container @@ -2,6 +2,7 @@ Image=docker.io/postgres:16-alpine Network=postgresql.network Volume=postgresql.volume:/var/lib/postgresql/data:U,Z +Secret=POSTGRES_PASSWORD,type=env AutoUpdate=registry [Install] WantedBy=multi-user.target diff --git a/infra/etc/containers/systemd/borgmatic.container.d/override.conf b/infra/etc/containers/systemd/borgmatic.container.d/override.conf new file mode 100644 index 0000000..74e8ad4 --- /dev/null +++ b/infra/etc/containers/systemd/borgmatic.container.d/override.conf @@ -0,0 +1,3 @@ +[Container] +Network=postgresql.network +Secret=POSTGRES_PASSWORD,type=env diff --git a/home/etc/containers/systemd/keycloak.container b/infra/etc/containers/systemd/keycloak.container similarity index 95% rename from home/etc/containers/systemd/keycloak.container rename to infra/etc/containers/systemd/keycloak.container index 97ef683..e7e853c 100644 --- a/home/etc/containers/systemd/keycloak.container +++ b/infra/etc/containers/systemd/keycloak.container @@ -8,7 +8,6 @@ Network=postgresql.network Exec=start --hostname=auth.strypsteen.com --http-enabled=true --proxy-headers=xforwarded --db=postgres --db-url-host=systemd-postgresql --db-username=keycloak --db-url-database=keycloak Tmpfs=/opt/keycloak Secret=KC_DB_PASSWORD,type=env -PublishPort=8000:8080 AutoUpdate=registry [Install] WantedBy=multi-user.target diff --git a/infra/etc/containers/systemd/postgresql.container b/infra/etc/containers/systemd/postgresql.container new file mode 100644 index 0000000..905bf44 --- /dev/null +++ b/infra/etc/containers/systemd/postgresql.container @@ -0,0 +1,8 @@ +[Container] +Image=docker.io/postgres:16-alpine +Network=postgresql.network +Volume=postgresql.volume:/var/lib/postgresql/data:U,Z +Secret=POSTGRES_PASSWORD,type=env +AutoUpdate=registry +[Install] +WantedBy=multi-user.target diff --git a/infra/etc/containers/systemd/postgresql.network b/infra/etc/containers/systemd/postgresql.network new file mode 100644 index 0000000..70cde7b --- /dev/null +++ b/infra/etc/containers/systemd/postgresql.network @@ -0,0 +1,2 @@ +[Network] +IPv6=true diff --git a/infra/etc/containers/systemd/postgresql.volume b/infra/etc/containers/systemd/postgresql.volume new file mode 100644 index 0000000..e69de29