✨ [pi4] Working keycloak config

🔥 [pi4] Disable Nextcloud
✨ [pi4] Reverse-proxy to recurring-event-api
2025-09-23 16:08:53 +00:00 · 2025-09-23 16:08:53 +00:00 · 2025-09-23 16:08:53 +00:00 · 2025-09-23 16:08:53 +00:00 · 2025-09-07 13:34:54 +02:00 · 2025-09-06 15:31:05 +00:00
10 changed files with 97 additions and 42 deletions
--- a/flake.lock
+++ b/flake.lock
@ -21,11 +21,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1755850042,
-        "narHash": "sha256-YooO7k/ufm8KGVqSAV9edGkv3Cm07cvINSP478sWppo=",
+        "lastModified": 1756741629,
+        "narHash": "sha256-n+mgH3NoQf8d1jd8cDp/9Mt++hhyuE3LO3ZAxzjWRZw=",
        "owner": "catppuccin",
        "repo": "nix",
-        "rev": "233b344b42072b30a00fef1d8bb9ffb73bf1af3d",
+        "rev": "cd22197da06df1eb6fabdaa2fc22c170c4f67382",
        "type": "github"
      },
      "original": {
@ -105,11 +105,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1755928099,
-        "narHash": "sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk=",
+        "lastModified": 1756679287,
+        "narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "4a44fb9f7555da362af9d499817084f4288a957f",
+        "rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8",
        "type": "github"
      },
      "original": {
@ -142,11 +142,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1755615617,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "lastModified": 1756266583,
+        "narHash": "sha256-cr748nSmpfvnhqSXPiCfUPxRz2FJnvf/RjJGvFfaCsM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2",
        "type": "github"
      },
      "original": {
@ -174,11 +174,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1755704039,
-        "narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=",
+        "lastModified": 1757020766,
+        "narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545",
+        "rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a",
        "type": "github"
      },
      "original": {
@ -190,11 +190,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1755615617,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "lastModified": 1756787288,
+        "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
        "type": "github"
      },
      "original": {
@ -206,11 +206,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1755704039,
-        "narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=",
+        "lastModified": 1757020766,
+        "narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545",
+        "rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a",
        "type": "github"
      },
      "original": {
@ -316,11 +316,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1755613017,
-        "narHash": "sha256-QVT/L4QQr77IOq8z2L9atYIOZn78fwLfwDgbY/L+k50=",
+        "lastModified": 1756614537,
+        "narHash": "sha256-qyszmZO9CEKAlj5NBQo1AIIADm5Fgqs5ZggW1sU1TVo=",
        "owner": "Gerg-L",
        "repo": "spicetify-nix",
-        "rev": "df3f3ff6db7e1f553288592496f6293d32164d8a",
+        "rev": "374eb5d97092b97f7aaafd58a2012943b388c0df",
        "type": "github"
      },
      "original": {
@ -350,11 +350,11 @@
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1755922982,
-        "narHash": "sha256-YMchUKtaIhICzwwiAP/j6G+KaqRA8xSnGV2dfdVXoHw=",
+        "lastModified": 1757142986,
+        "narHash": "sha256-HB01usaR5wg5LK3lV6S7Za2x4AfKrNceOnun/mlpChk=",
        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
-        "rev": "25f56c0f5b813312f38078418b2229ada41c4bcc",
+        "rev": "ed4bfefc49ef23e55b4f6e39d2e297a79f5ab2df",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -174,7 +174,20 @@
                  };
                }
                {
-                  nixpkgs.overlays = [ ];
+                  nixpkgs.overlays = [
+                    # TODO temp fix for tailscale: https://github.com/tailscale/tailscale/issues/16966#issuecomment-3239543750
+                    (_: prev: {
+                      tailscale = prev.tailscale.overrideAttrs (old: {
+                        checkFlags = builtins.map (
+                          flag:
+                          if prev.lib.hasPrefix "-skip=" flag then
+                            flag + "|^TestGetList$|^TestIgnoreLocallyBoundPorts$|^TestPoller$"
+                          else
+                            flag
+                        ) old.checkFlags;
+                      });
+                    })
+                  ];
                }
              ];
            };
--- a/hosts/pi4/default.nix
+++ b/hosts/pi4/default.nix
@ -11,6 +11,7 @@
    ./hardware.nix
    ./headscale.nix
    ./home-assitant.nix
+    ./keycloak.nix
    ./mailserver.nix
    ./nextcloud.nix
    ./nginx.nix
@ -18,4 +19,9 @@
    ./postgres.nix
    ./security
  ];
+
+  nix.settings = {
+    cores = 2;
+    max-jobs = 4;
+  };
 }
--- a/hosts/pi4/keycloak.nix
+++ b/hosts/pi4/keycloak.nix
@ -0,0 +1,33 @@
+{ config, common, ... }:
+let
+  port = 8086;
+  domain = "beta.auth.${common.domain}";
+  dbPassKey = "keycloak/database-pass";
+in
+{
+
+  services = {
+    keycloak = {
+      enable = true;
+      settings = {
+        hostname = "https://${domain}";
+        http-port = port;
+        http-enabled = true;
+      };
+      database = {
+        type = "postgresql";
+        createLocally = true;
+        port = config.services.postgresql.settings.port;
+        passwordFile = config.sops.secrets.${dbPassKey}.path;
+      };
+      initialAdminPassword = "changeme";
+    };
+
+    nginx.virtualHosts.${domain} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass = "http://localhost:${toString port}";
+    };
+  };
+  sops.secrets.${dbPassKey} = { };
+}
--- a/hosts/pi4/nextcloud.nix
+++ b/hosts/pi4/nextcloud.nix
@ -19,7 +19,7 @@ in

  services = {
    nextcloud = {
-      enable = true;
+      enable = false;

      autoUpdateApps.enable = true;

--- a/hosts/pi4/nginx.nix
+++ b/hosts/pi4/nginx.nix
@ -84,6 +84,7 @@ in
      "track.${domain}" = homelabProxy 8090;
      # Donetick
      "chore.${domain}" = homelabProxy 2021;
+      "recurring-events-api.${domain}" = homelabProxy 8095;
    };
  };

--- a/hosts/pi4/postgres.nix
+++ b/hosts/pi4/postgres.nix
@ -4,8 +4,10 @@
  services.postgresql = {
    enable = true;
    authentication = pkgs.lib.mkOverride 10 ''
-      #type database  DBuser        auth-method
+      #type  database  DBuser  url            auth-method
      local  all       all                    trust
+      # ipv4
+      host   all       all     127.0.0.1/32   trust
    '';
  };
 }
--- a/shared/desktop/home-manager/development/zed.nix
+++ b/shared/desktop/home-manager/development/zed.nix
@ -1,13 +1,20 @@
 { pkgs, theme, ... }:

 {
+  catppuccin.zed = {
+    enable = true;
+    flavor = theme.flavor;
+    icons = {
+      enable = true;
+      flavor = theme.flavor;
+    };
+  };
+
  programs.zed-editor = {
    enable = true;
    package = pkgs.unstable.zed-editor;
    extensions = [
      "html"
-      "catppuccin"
-      "catppuccin-icons"
      "toml"
      "nix"
      "git-firefly"
@ -33,11 +40,6 @@
        features = {
          edit_prediction_provider = "zed";
        };
-        icon_theme = {
-          mode = theme.mode;
-          light = "Catppuccin Latte";
-          dark = "Catppuccin Mocha";
-        };
        ui_font_family = font;
        ui_font_size = fontSize;
        buffer_font_size = fontSize;
@ -45,11 +47,6 @@
          file_icons = true;
          git_status = true;
        };
-        theme = {
-          mode = theme.mode;
-          light = "Catppuccin Latte";
-          dark = "Catppuccin Mocha";
-        };
        lsp.nil.initialization_options.formatting.command = [ "nixfmt" ];
      };
  };
--- a/shared/desktop/modules/development/docker.nix
+++ b/shared/desktop/modules/development/docker.nix
@ -1,6 +1,7 @@
 {
  virtualisation.docker = {
    enable = true;
+    # Warning: Changing will cause containers to be inaccessible
    storageDriver = "btrfs";
    rootless = {
      enable = true;
--- a/shared/secrets/secrets.yaml
+++ b/shared/secrets/secrets.yaml
@ -4,6 +4,8 @@ forgejo:
    admin-pass: ENC[AES256_GCM,data:RGTOw0Yo5rJGEVLGsQgyk9Wc,iv:SuN770eAgFIVd4pJ6vmPIvVCMqTW/2sBUYUbqym2cHo=,tag:YlyNR/fFchdBwzCuIsWGMA==,type:str]
    #ENC[AES256_GCM,data:oMpYBQ30sdCTtgxEZvYxTd9oi9QM0bYp5NisMdQHYT/nF2k=,iv:H9/g7XttJScVXV38+yHdbgWNFDhBYyudjK5BKHTt5wo=,tag:FNfkKfkKWDBUAXiGXkDchw==,type:comment]
    runner-token: ENC[AES256_GCM,data:xbULBWrqosktW7XHViLH7Sk76upH31RFQNsBcXWWN7bpRadF3tpBA/hksMyEdg==,iv:v3vzUb5wsWeKWRYWT+ks4ZWGXQRhZ+td3N3bpuwoVc8=,tag:rEVoEw/QOSs8puujsRBxXQ==,type:str]
+keycloak:
+    database-pass: ENC[AES256_GCM,data:+1lXS/wmBg/klmRqmSW3bZiZ,iv:iFYNIrBzYPBwjusHlPJj6EKDmGgGFmDLhiL+SEq6gHE=,tag:8CoF/94nyhaTHpkij59NGQ==,type:str]
 password-hash: ENC[AES256_GCM,data:FsGHBAw/z4tcBRObVlo//UotWHyHns0+vdJVgt2lfGiIfQG+1I60g2Tzgv/O+gz3oz41NIwAYf61SR9AfXhpnc1AxiZRlCBwMQ==,iv:oiJndSVZQ+00UPz0TuJXV+T8x9mtecrNDUaablOGffU=,tag:wQuow7C8KqelJOE9KqCxMA==,type:str]
 mailserver:
    password-hash: ENC[AES256_GCM,data:H5PlCVuwUxIjtWbNsxb/ROkY2KiNhSwvWDvTLBfR596ijRTkaH0xtltsvHiiNHmfKERfcAXKO9EyGNHc,iv:qev1fs0PPydz8cm9D7hLp6ULgUEQJm+E0Pg86bor1to=,tag:zFnJ23NDCXeur+kvNSQV6w==,type:str]
@ -38,7 +40,7 @@ sops:
            SGdNMnVlQlNEeVJkWmZEM1FRT2JJMGMKbZ/znJM6tFhzhHariRXMLgH/4CRZZKrb
            YtmSdeL/Pd5YIecCpjDHDn4vQ0TBAmLaX+zVbNbRKmMZoY7777ywfA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-26T18:46:06Z"
-    mac: ENC[AES256_GCM,data:uMwyVVzU4KFzJqMzOIZHtCbgGq7Em2KogTDZbfU/CRcl6HGF8/+wKwUp4mYLAFwPXfOoKvSaBTDUYCy76wirWxXz8Vb3JxlfkjR+dvwT7DM1SYVzP4CV6TZlOBDrht6gCG+yaLJkc77AzT7crAW5V4IB/ZaRpBOGrNhIZeS/o+E=,iv:YTOySOIEaojbSm4GmJC8NBMFMD3cuC+u0CMu/5/1wS4=,tag:qdzCZuJpIiKN3dQIDboJjA==,type:str]
+    lastmodified: "2025-09-06T14:03:38Z"
+    mac: ENC[AES256_GCM,data:qqadwOj1/xlAdhnwPJZa4nE8nJ7pEFgDqPCDN2/YeJ0C0gGhJpC3Q7FyKrPYNllqTZE0ZtNbiSTltweJQ+RVPuDD/IYUI+Mp/FX4U2B9349F6CwUyFRDHVWuZLWcTOHoRL3PkVQ78xY46ZAXOf9irilWg2cYZZ6p3YSZhZX/E8Y=,iv:B6I3A4gj6qGqo5liJyrDw/N6diQihRytJ6YVPgFJPPM=,tag:zr0gXkQjNWm/FN54+unmRg==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2
Author	SHA1	Message	Date
Martin Berg Alstad	07bc352954	✨ [pi4] Working keycloak config	2025-09-23 16:08:53 +00:00
Martin Berg Alstad	e66d655997	🔥 [pi4] Disable Nextcloud	2025-09-23 16:08:53 +00:00
Martin Berg Alstad	79e7214c99	✨ [pi4] Reverse-proxy to recurring-event-api	2025-09-23 16:08:53 +00:00
Martin Berg Alstad	e12545bf37	✨ [pi4] Constraint cores to 2 in order to avoid stalling	2025-09-23 16:08:53 +00:00
Martin Berg Alstad	b28e5da9c2	✨ [shared/desktop] Catppuccin for Zed using flake	2025-09-07 13:34:54 +02:00
Martin Berg Alstad	6cf958235e	✨ [pi4] Initial Keycloak setup	2025-09-06 15:31:05 +00:00
Martin Berg Alstad	6686cee866	📦 [shared] Update dependencies and add temp fix for building Tailscale	2025-09-06 15:59:46 +02:00
Martin Berg Alstad	d8653c4aa4	⚠️ [shared/desktop] Added warning for changing docker storageDriver	2025-09-06 13:36:51 +02:00